A Red Canary report tracked the MITRE ATT&CK techniques adversaries used the most throughout 2023, finding that two new and notable entries jumped to the top ten: email forwarding rules and cloud accounts. Cloud account compromises are becoming more common as organizations adopt Software-as-a-Service (SaaS) for critical productivity applications such as email, file storage, and messaging, resulting in a large volume of data being stored in the cloud. Adversaries see just as much value in compromising cloud identities as they do in traditional endpoints.

The Federal Communications Commission (FCC) voted to establish a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and other consumer-facing products that require an Internet connection. The vote is a component of the Biden administration's effort to place labels on smart devices to help consumers shop for products less vulnerable to cyberattacks. Smart products covered by the rule that meet specific cybersecurity standards will have a label similar to the ENERGY STAR label.

Security researchers at Defiant are warning that thousands of WordPress websites are potentially at risk of takeover due to a critical severity vulnerability in two MiniOrange plugins that were discontinued recently.  The two plugins, Malware Scanner and Web Application Firewall from MiniOrange were closed on March 7, two days after the critical flaw was reported to the maintainers.

NSF Funded Undergraduate Computer Research in Cybersecurity and AI (UnCoRe-CyberAI)

Program Duration: 5/20/2024 ~ 7/26/2024
Application Deadline: 3/31/2024
Application Link: https://etap.nsf.gov/award/6667/opportunity/9110

Sharing this on behalf of Oakland University.

Please see and share the attached flyer for an NSF REU (research experience for undergraduates) program in Cybersecurity and AI at Oakland University.  A summary is below.

StopCrypt ransomware, also known as STOP Djvu, has evolved with a new multi-stage execution process that better evades detection by security tools. It is the most widely distributed ransomware in existence, typically targeting consumers instead of businesses. The ransomware operation's goal is to generate tens of thousands of small $400 to $1,000 ransom payments rather than a single large multi-million-dollar demand. The ransomware is mainly distributed through malvertising and malicious websites that deliver adware bundles disguised as free software, game cheats, and software cracks.

According to new research published by Specops, RedLine malware was used to steal over 170 million passwords in the last six months, making it the most notorious credential stealer during that period. The malware was used in half of all cyber incidents involving stolen passwords, significantly surpassing the next closest stealer, Vidar. Vidar was used to steal over 65 million passwords. Raccoon Stealer, the malware responsible for the theft of over 42 million passwords, ranks third, making up 11.7 percent.

MarineMax, one of the world’s largest retailers of recreational boats and yachts, recently disclosed a cyberattack that has caused some disruption.  The Florida-based company revealed in a regulatory filing that it detected a cybersecurity incident on March 10.  The company noted that hackers gained access to its systems, which prompted them to initiate incident response and business continuity protocols.  The incident is still being investigated, but at the time of the regulatory filing, it did not have a material impact on operations.

Threat actors are using Scalable Vector Graphic (SVG) image files to hide malware and avoid detection. In January, researchers at Cofense Intelligence discovered a two-month campaign involving the use of SVG files to distribute Agent Tesla Keylogger and XWorm RAT malware. The SVG file format uses mathematical equations to describe images, allowing them to be scaled without losing image quality and making them suitable for various design applications.

A new BlackBerry report reveals a significant increase in attacks on the global financial sector, with 1 million attacks recorded in just 120 days. According to BlackBerry's current Global Threat Intelligence Report, attacks on the global financial sector were primarily launched using commodity malware. The use of such malware suggests that many independent threat actors are targeting the industry for financial gain.