Microsoft recently warned that a newly addressed vulnerability in Exchange Server has been actively exploited in attacks.  Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.  According to Microsoft, an attacker could exploit the bug to relay a user's Net-NTLMv2 hash against a vulnerable server and authenticate as that user.

With funding from Google, the Technical University of Munich (TUM) is launching seven new research projects to address critical questions at the intersection of cybersecurity and Artificial Intelligence (AI). These projects focus on the data security risks of general-purpose AI models, patterns of cyberattacks on Large Language Models (LLMs), and more. For example, one of the projects aims to better understand how attacks on LLMs work, what triggers them in LLMs, and how they can be prevented. This article continues to discuss the new TUM research projects on cybersecurity and AI.

Multi-factor authentication (MFA) has been the recommended way to strengthen password access for users. But hackers are finding ways around MFA as well using social engineering. Here are a couple of popular methods used. One method is an Adversary-in-the-Middle (AITM) attack. In this hack, the users are tricked into thinking that they are logging into a real network, website, or app. The hackers then can capture passwords and use them to manipulate the requests for the MFA, which the victim unwittingly approves, granting the attacker access.

Microsoft has patched a Windows Defender SmartScreen zero-day vulnerability exploited in the wild by the financially motivated threat group, tracked as Water Hydra and DarkCasino, to deploy the DarkMe Remote Access Trojan (RAT). Trend Micro security researchers discovered the hacker group using the zero-day vulnerability in attacks on New Year's Eve day. According to a recent security advisory from Microsoft, an unauthenticated attacker could send a specially crafted file to a targeted user in order to evade displayed security checks.

Dr. Santosh Ganji, a computer engineering doctoral graduate, and Dr. P.R. Kumar, a Department of Electrical and Computer Engineering professor at Texas A&M University, are working on improving wireless network security. When two entities communicate wirelessly, it is difficult to determine whether a Man-in-the-Middle (MitM) is present. Kumar and Ganji have discovered how to flush out the MitM using a timing-based protocol called REVEAL, which overloads the MitM with messages and causes it to fail.

According to security researchers at JumpCloud, cybersecurity spending is predicted to be cut by 41% of SMEs over the coming year amid the challenging economic environment.  Nearly three-quarters (72%) of IT admins surveyed in the US, UK, and India agreed that any cuts to their security budgets would increase organizational risk.  The researchers noted that SMEs in India were most likely to experience cybersecurity cuts (58%).  This was followed by the US (40%) and UK (25%).

Microsoft and OpenAI have pointed out the different ways in which state-sponsored threat actors have attempted to use Large Language Models (LLMs) to improve their cyber operations. Threat actors, like defenders, are using Artificial Intelligence (AI), specifically LLMs, to increase efficiency. For example, the Iranian threat actor called Crimson Sandstorm, also known as CURIUM, has used LLMs to get help with social engineering, error troubleshooting, code development, and more.

Nominations are now open for the 12th Annual Best Scientific Cybersecurity Paper Competition. The National Security Agency (NSA) welcomes nominations of papers published in 2023 in peer-reviewed journals and technical conferences that show an outstanding contribution to cybersecurity science. Winners will be announced at the end of 2024.

Battery maker VARTA AG was recently targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.  VARTA is a German manufacturer of batteries for the automotive, consumer, and industrial sectors, partially owned by Energizer Holdings.  VARTA's annual revenue exceeds $875 million.  The company announced that hackers targeted parts of its IT infrastructure on the night of February 12th, causing a severe disruption in five production units.

Through the exploitation of a 20-year-old design flaw dubbed KeyTrap in the DNSSEC specification, one packet can exhaust a vulnerable DNS server's processing capacity, effectively disabling the machine. According to the researchers who uncovered this flaw, associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt, DNS server software makers briefed on the vulnerability described it as the worst DNS attack ever discovered. The KeyTrap security flaw, tracked as CVE-2023-50387, has received a CVSS severity rating of 7.5 out of 10.