A threat actor called "Blind Eagle," also known as APT-C-36, has been observed using a loader malware named "Ande Loader" to deliver Remote Access Trojans (RATs) such as Remcos RAT and NjRAT. According to eSentire, the attacks, launched through phishing emails, targeted Spanish-speaking users in the North American manufacturing industry. Blind Eagle is a financially motivated threat actor who has previously executed cyberattacks against entities in Colombia and Ecuador to deliver AsyncRAT, BitRAT, Lime RAT, NjRAT, Remcos RAT, and more.

According to a new public opinion poll conducted by MITRE and The Harris Poll, the US public believes cyberattacks to be of the greatest risk to critical infrastructure. Seventy-eight percent are concerned about cyberattacks, and 51 percent are not confident that the US is prepared to recover from an attack.

According to security researchers at Palo Alto's Unit 42 threat intelligence group, advanced attackers are increasingly seeking speed. The researchers analyzed hackers' preferred strategies for infiltrating organizations, exfiltrating data, crypto-locking systems with ransomware, and more in 2023. Wendi Whitmore, senior vice president at Unit 42, cautioned that the time between initial compromise and data exfiltration is shrinking. She goes on to say that attackers are sometimes beginning to exfiltrate data in hours rather than days, calling on defenders speed up their operations.

According to the US Department of Justice (DOJ), a Moldovan national has been sentenced to 42 months in US federal prison for running a set of websites selling access to compromised computers worldwide. He was the administrator for the E-Root Marketplace, which listed over 350,000 compromised credentials for sale. E-Root operated on a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers.

A Red Canary report tracked the MITRE ATT&CK techniques adversaries used the most throughout 2023, finding that two new and notable entries jumped to the top ten: email forwarding rules and cloud accounts. Cloud account compromises are becoming more common as organizations adopt Software-as-a-Service (SaaS) for critical productivity applications such as email, file storage, and messaging, resulting in a large volume of data being stored in the cloud. Adversaries see just as much value in compromising cloud identities as they do in traditional endpoints.

The Federal Communications Commission (FCC) voted to establish a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and other consumer-facing products that require an Internet connection. The vote is a component of the Biden administration's effort to place labels on smart devices to help consumers shop for products less vulnerable to cyberattacks. Smart products covered by the rule that meet specific cybersecurity standards will have a label similar to the ENERGY STAR label.

Security researchers at Defiant are warning that thousands of WordPress websites are potentially at risk of takeover due to a critical severity vulnerability in two MiniOrange plugins that were discontinued recently.  The two plugins, Malware Scanner and Web Application Firewall from MiniOrange were closed on March 7, two days after the critical flaw was reported to the maintainers.

NSF Funded Undergraduate Computer Research in Cybersecurity and AI (UnCoRe-CyberAI)

Program Duration: 5/20/2024 ~ 7/26/2024
Application Deadline: 3/31/2024
Application Link: https://etap.nsf.gov/award/6667/opportunity/9110

Sharing this on behalf of Oakland University.

Please see and share the attached flyer for an NSF REU (research experience for undergraduates) program in Cybersecurity and AI at Oakland University.  A summary is below.