Selections by dgoff
Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
According to the Finnish National Cybersecurity Center (NCSC-FI), the Akira ransomware, first detected in Finland in June 2023, was particularly active at the end of 2023. In 2023, NCSC-FI received 12 reports of Akira ransomware attacks on Finnish organizations, three of which occurred during the holiday season. Before launching the ransomware, the attackers identified and targeted organizations with vulnerable Internet-facing Cisco ASA or FTD devices, as well as found and wiped the organizations' backups.
GitLab has addressed two critical vulnerabilities, one of which allows account hijacking with no user interaction. The vendor urges updating all vulnerable versions of the DevSecOps platform. The most severe vulnerability is an authentication flaw that allows password reset requests to be sent to arbitrary, unverified email addresses, enabling account takeover. Since the platform is commonly used to host proprietary code, Application Programming Interface (API) keys, and other sensitive data, compromising a GitLab account can significantly impact an organization.
According to security researchers at NetDocuments, UK law firms are falling victim to data breaches primarily because of insiders and human error. The researchers examined data from the Information Commissioner’s Office (ICO) covering Q3 2022 to Q2 2023 and found that 60% of data breaches in the UK legal sector were the result of insider actions, and the rest (40%) were from external actors. In total, the researchers found that data from legal firms relating to 4.2 million people was compromised during the period analyzed.
Fidelity National Financial (FNF) recently revealed that around 1.3 million customers’ data may have been exposed during a ransomware attack in 2023. The firm, which provides title insurance services to the real estate and mortgage industries, notified the Securities and Exchange Commission (SEC) of the number of potentially impacted consumers in an updated filing on January 9, 2024. The company first disclosed the incident in November 2023. The attack forced FNF to take down certain systems, resulting in disruption to its business operations.
Security researchers at Trustwave are warning organizations of a vulnerability in Kyocera Device Manager that can be exploited to capture credentials and gain access to accounts and devices. A web-based application, the Kyocera Device Manager is used for the management of multiple Kyocera printers and multifunction devices within an organization’s environment, offering support for application deployment, setting up alerts, and more.
Volt Typhoon, a China-backed cyber espionage group, is systematically targeting legacy Cisco devices in a sophisticated campaign to expand its attack infrastructure. The threat actor, known for targeting critical infrastructure, has exploited router vulnerabilities from 2019 to infiltrate and control the devices.
A security flaw in vision language Artificial Intelligence (AI) models, discovered by computer scientists at the University of California, Riverside, could allow malicious actors to use AI for nefarious purposes such as obtaining bomb-making instructions. Vision language models, when integrated with models such as Google Bard and ChatGPT, enable users to make inquiries using both images and text. The team demonstrated a "jailbreak" hack by manipulating the operations of Large Language Model (LLM) software programs, which are the foundation of query-and-answer AI programs.
Sebastien Raoult, also known as "Sezyo Kaizen," a 22-year-old Frenchman, has been sentenced to three years in US federal prison for participating in the ShinyHunters hacking group. Raoult and two co-conspirators hacked over 60 companies and posted stolen data on dark web forums such as RaidForums, EmpireMarket, and Exploit. They sometimes threatened to leak data if a ransom was not paid. ShinyHunters targeted well-known entities in 2020 and 2021, including the clothing retailer Bonobos, the photo app Pixlr, and Microsoft's GitHub account.
By krahal