Datadog's "State of Cloud Security 2024" report found that 46 percent of organizations have unmanaged users with long-lived credentials in cloud services, putting them at risk of data breaches. Long-lived credentials, which are authentication tokens or keys in the cloud that remain valid for a long time, can give attackers persistent access with the same privileges as the owner. According to the report, long-lived credentials are widespread across Google Cloud, Amazon Web Services (AWS), and more.

ESET is investigating the abuse of the systems of its official product distributor in Israel to send emails delivering wiper malware. ESET's Advanced Threat Defense (ATD) team notified targeted users of government-backed attackers trying to compromise their devices. The attack's email passed DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) checks, and linked to the ESET Israel store, according to researcher Kevin Beaumont. The link pointed to a ZIP file with ESET DLLs and an executable aimed at installing wiper malware on the victim's system.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A team of researchers at the Georgia Tech School of Electrical and Computer Engineering (ECE) has developed an algorithm named "PLCHound" to improve critical infrastructure security. The development aims to more accurately identify devices vulnerable to remote cyberattacks. It involves the use of advanced Natural Language Processing (NLP) and Machine Learning (ML) techniques to search through large databases of Internet records as well as log the IP address and security of Internet-connected devices.

According to Mohamed Rahouti, a professor at Fordham University, generative Artificial Intelligence (GenAI) holds the key to a new system that anticipates potential cyberattacks and prepares systems to counter previously unknown cyber threats. He and a group of graduate students are developing new systems to get ahead of sophisticated, constantly changing attacks. The researchers have used GenAI and other methods in one of their projects to expand on a snapshot of network traffic data and create a more complete picture of what is normal and abnormal.

Mir Ali Masood, PhD student at the University of Illinois Chicago, co-presents a paper titled "Unbundle-Rewrite-Rebundle: Runtime Detection and Rewriting of Privacy-Harming Code in JavaScript Bundles" at the 2024 ACM Computer and Communication Security (CCS) conference. The paper presents a tool developed by a team of researchers looking to improve web browsing privacy. Their tool unbundles code that tracks users from code used for website functionality. The team found a way to break down scripts, check each component, and fix privacy-harming or tracking code.

Researchers at the University of Texas at San Antonio (UTSA) have developed a proprietary attack named "AlphaDog" to study how hackers can exploit an oversight in Artificial Intelligence (AI) image recognition tools. AI can help people process and understand large amounts of data with precision. However, the new study points out that the modern image recognition platforms and computer vision models built into AI often overlook the "alpha channel," an essential back-end feature that controls the transparency of images.

A team of researchers has concluded that limiting public access to the underlying structures of Artificial Intelligence (AI) systems could have several consequences. They have gone into detail about the threats posed by the misuse of AI systems in areas such as disinformation, hacking, and more. The researchers assessed each risk and delved into whether there are more effective ways to combat it than restricting access to AI models.

Security researchers at Google's Threat Analysis Group recently discovered a zero-day vulnerability in Samsung's mobile processors that has been leveraged as part of an exploit chain for arbitrary code execution.  Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung's October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.

A new report by security researchers at Red Shift claims that nearly 75% of US Senate campaign websites lack Domain-based Message Authentication, Reporting, and Conformance (DMARC) protections, leaving them vulnerable to cyberattacks.  The researchers noted that there is an urgent need for campaigns to strengthen cybersecurity, especially with the critical role email communications play in coordinating with voters, donors, and staff.  DMARC is a key tool in preventing phishing and spoofing attacks by ensuring emails sent from a domain are authenticated.