Cloudflare has revealed that a suspected nation-state actor breached its internal Atlassian server. They gained access to its Confluence wiki, Jira bug database, and Bitbucket source code management system. On November 14, the threat actor accessed Cloudflare's self-hosted Atlassian server before moving on to the company's Confluence and Jira systems. To access its systems, the attackers used one access token and three service account credentials stolen from a previous compromise related to Okta's breach in October 2023. This article continues to discuss the Cloudflare hacking incident.

Patchwork, an Indian Advanced Persistent Threat (APT) group known for its targeted spear phishing cyberattacks on Pakistanis, has been using Google Play to distribute six different Android espionage apps masquerading as legitimate messaging and news services. They include a newly discovered Remote Access Trojan (RAT) called VajraSpy. ESET researchers who discovered the campaign found that the VjjaraSpy RAT intercepts calls, SMS messages, files, contacts, and other data. They can also extract WhatsApp and Signal messages, record phone calls, and take pictures.

Researchers have discovered a cross-lingual flaw in OpenAI's GPT-4 Large Language Model (LLM) that enables malicious users to jailbreak the model and bypass its safety measures by using prompts translated into lesser-spoken languages. A team of researchers at Brown University published a paper that explores a potential vulnerability in OpenAI's GPT-4 LLM caused by linguistic inequality in safety training data. According to the researchers, translating unsafe inputs into low-resource languages could provoke prohibited behavior from the chatbot.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to researchers at Lloyds Bank, romance scam victims surged by more than a fifth (22%) in 2023 compared to 2022.  The average amount lost per incident was $8847 last year, which is lower than in 2022 when the average loss was $10,505.  The researchers noted that romance scams have exploded in prominence in recent years, with attackers leveraging fake profiles on social media and online dating apps to lure in potential victims.  They are also commonly used as a gateway to other types of fraud and malicious cyber activity.

According to security researchers at ReliaQuest, a hyper-active LockBit group led to a surge in ransomware campaigns in the last quarter of 2023.  The researchers found that ransomware activity was up 80% between October and December 2023 compared with the same period in 2022. Over this period, a total of 1262 victims were listed on data leak sites, with victims ranging from several industries, including manufacturing, construction, professional, scientific, and technical services.

Duke University engineers have demonstrated a system called "MadRadar" that can deceive automotive radar sensors. The technology can hide an approaching car, create a phantom car where none exists, or even mislead the radar into believing a real car has quickly deviated from its course. It can do this without having prior knowledge regarding the specific settings of the victim's radar, thus making it a significant threat to radar security.

Two more individuals have recently been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website.  According to the Department of Justice (DoJ), the individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches and attempted to sell access to the accounts.

A threat actor who uses USB devices for initial infection has been discovered abusing legitimate online platforms such as GitHub, Vimeo, and Ars Technica to host encoded payloads hidden in content that appears to be harmless. The attackers put these payloads in forum user profiles on technology news websites or video descriptions on media hosting platforms. The payloads pose no risk to those visiting these web pages because they are just text strings. However, they still play a major role in downloading and executing malware.

International law enforcement has detained 31 suspected cybercriminals and discovered 1,300 malicious servers used to conduct phishing attacks and distribute malware. Interpol's Operation Synergia ran from September to November 2023. It was launched in response to the growth and escalation of transnational cybercrime, as well as the need for coordinated action against new cyber threats. The operation involved nearly 60 law enforcement agencies and a few private companies.