Two flights bound for Israel over the past week have suffered attempts to hijack their communications and divert the aircraft.  The El Al flights were both travelling from Thailand to Israel’s Ben Gurion international airport and apparently encountered “hostile elements.” No group has claimed responsibility. Although the aircraft were flying over an area in which Iranian-backed Houthis are active, sources have claimed it could be the work of a group operating from Somaliland an unrecognized state in the Horn of Africa.

A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service (MaaS) has recently made an appearance in a US court after being extradited from the Netherlands.  Mark Sokolovsky, 28, was arrested in March 2022 after the FBI and law enforcement agencies in Italy and the Netherlands dismantled the Raccoon Infostealer infrastructure.  In October 2022, Sokolovsky was indicted in the US for his involvement in the distribution of the Raccoon Infostealer malware to millions of computers worldwide.

A KAUST research team has developed a Machine Learning (ML) approach that addresses a major medical research challenge by integrating an ensemble of privacy-preserving algorithms. The challenge is using the power of Artificial Intelligence (AI) to accelerate genomic data discovery while protecting individuals' privacy. According to KAUST's Xin Gao, omics data typically contains a large amount of private information, such as gene expression and cell composition. This information can often be linked to a person's disease or health status.

Los Alamos National Laboratory (LANL) researchers are using Artificial Intelligence (AI) to address significant shortcomings in large-scale malware analysis, improving the classification of Microsoft Windows malware and taking more steps towards improved cybersecurity measures. Through their method, the team set a new world record for classifying malware families. The team's approach achieves realistic malware family classification using semi-supervised tensor decomposition methods and selective classification, specifically the reject option.

Faculty and students from CyLab, Carnegie Mellon University's security and privacy research institute, will present on various topics at the 31st Annual Network and Distributed System Security (NDSS) Symposium. CyLab has compiled a list of papers co-authored by its members that will be presented at the event. One of the papers is titled "Group-based Robustness: A General Framework for Customized Robustness in the Real World." Machine Learning (ML) models have been found to be vulnerable to evasion attacks that perturb model inputs and cause misclassifications.

According to the Cybersecurity and Information Systems Information Analysis Center (CSIAC), the average code sample has 6,000 defects per million lines of code, with the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) discovering that 5 percent of these defects become vulnerabilities. This turns into about three vulnerabilities per 10,000 lines of code. The question is whether ChatGPT can help improve this ratio.

Cyberattacks are increasing, posing a risk of stolen personal data for 400 million users and prompting US governments to introduce Breach Notification Laws (BNLs). These laws require companies to notify consumers if their data has been breached. However, in a paper recently published in The Review of Law & Economics, Brad Greenwood, an information systems professor at George Mason University's Donald G Costello College of Business, and his co-author Paul M. Vaaler of the University of Minnesota discovered that BNLs had little to no effect on security and protection in general.

Google launched the AI Cyber Defense Initiative to use Artificial Intelligence (AI) to improve cybersecurity and reverse the "Defender's Dilemma". Magika, an AI-powered tool for file type identification to detect malware, is being open-sourced as part of this initiative. Google also announced a new AI for Cybersecurity group consisting of 17 startups from the US, UK, and the EU. The group will help bolster the transatlantic cybersecurity ecosystem by introducing internationalization strategies, AI tools, and the skills to use them.

Cyberattacks can impact anyone, but low-income families, communities of color, military veterans, people with disabilities, immigrant communities, and other marginalized groups are often disproportionately affected and lack the resources to protect themselves. Cyber operations worsen disparities in healthcare, economic opportunities, education access, and democratic participation. When these factors of society become unbalanced, the consequences spread across national and global communities.

Threat actors are using Amazon Web Services Simple Notification Service (AWS SNS) and a custom bulk-messaging spam script called SNS Sender in an ongoing "smishing" campaign that impersonates the US Postal Service. Like businesses, threat actors are moving their workloads to the cloud instead of handling them through traditional web servers. This shift poses a significant business risk to organizations whose legitimate cloud instances have been compromised by attackers trying to piggyback on their AWS capabilities.