Faculty and students from CyLab, Carnegie Mellon University's security and privacy research institute, will present on various topics at the 31st Annual Network and Distributed System Security (NDSS) Symposium. CyLab has compiled a list of papers co-authored by its members that will be presented at the event. One of the papers is titled "Group-based Robustness: A General Framework for Customized Robustness in the Real World." Machine Learning (ML) models have been found to be vulnerable to evasion attacks that perturb model inputs and cause misclassifications.

According to the Cybersecurity and Information Systems Information Analysis Center (CSIAC), the average code sample has 6,000 defects per million lines of code, with the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) discovering that 5 percent of these defects become vulnerabilities. This turns into about three vulnerabilities per 10,000 lines of code. The question is whether ChatGPT can help improve this ratio.

Cyberattacks are increasing, posing a risk of stolen personal data for 400 million users and prompting US governments to introduce Breach Notification Laws (BNLs). These laws require companies to notify consumers if their data has been breached. However, in a paper recently published in The Review of Law & Economics, Brad Greenwood, an information systems professor at George Mason University's Donald G Costello College of Business, and his co-author Paul M. Vaaler of the University of Minnesota discovered that BNLs had little to no effect on security and protection in general.

Google launched the AI Cyber Defense Initiative to use Artificial Intelligence (AI) to improve cybersecurity and reverse the "Defender's Dilemma". Magika, an AI-powered tool for file type identification to detect malware, is being open-sourced as part of this initiative. Google also announced a new AI for Cybersecurity group consisting of 17 startups from the US, UK, and the EU. The group will help bolster the transatlantic cybersecurity ecosystem by introducing internationalization strategies, AI tools, and the skills to use them.

Cyberattacks can impact anyone, but low-income families, communities of color, military veterans, people with disabilities, immigrant communities, and other marginalized groups are often disproportionately affected and lack the resources to protect themselves. Cyber operations worsen disparities in healthcare, economic opportunities, education access, and democratic participation. When these factors of society become unbalanced, the consequences spread across national and global communities.

Threat actors are using Amazon Web Services Simple Notification Service (AWS SNS) and a custom bulk-messaging spam script called SNS Sender in an ongoing "smishing" campaign that impersonates the US Postal Service. Like businesses, threat actors are moving their workloads to the cloud instead of handling them through traditional web servers. This shift poses a significant business risk to organizations whose legitimate cloud instances have been compromised by attackers trying to piggyback on their AWS capabilities.

Multiple cryptocurrency sector companies are being targeted in an ongoing malware campaign involving a newly discovered Apple macOS backdoor called RustDoor. Bitdefender first documented RustDoor, describing it as a Rust-based malware that can upload files, gather information about the infected machines, and more. It is distributed under the guise of a Visual Studio update. Prior evidence revealed at least three different variants of the backdoor. This article continues to discuss new findings regarding the RustDoor Apple macOS backdoor.

Security researchers have discovered that the Alpha ransomware payload and modus operandi overlap with the now-defunct NetWalker ransomware operation. NetWalker was a Ransomware-as-a-Service (RaaS) active between October 2019 and January 2021. Law enforcement took down its dark web sites, forcing its operators to go silent. The Alpha ransomware, not to be confused with ALPHV/BlackCat, first appeared in February 2023, but its operators kept a low profile, did not promote on hacker forums, and did not launch many attacks.

A Los Angeles man accused of running a "booter" service that facilitated Distributed Denial-of-Service (DDoS) attacks has been charged in federal court. According to court documents filed recently, Scott Esparza, also known as "Hazard," "co-administrated" the website Astrostress.com. The FBI seized the Astrostress domain in December 2022, along with many other booter services. For a fee, Esparza's service would enable his subscribers to direct floods of Internet traffic to victim computers in order to degrade or disrupt their Internet access.

Twenty-seven percent of countries holding national elections in 2024 face the highest cyber threat levels, with multiple priority adversary groups and many state-backed groups linked to priority adversary countries. The four priority adversary countries, which are Russia, China, Iran, and North Korea, are using cyber interference for disinformation and espionage, as well as to try disrupting actual electoral processes. This article continues to discuss the cyber threats facing 2024 elections.