The Knight Foundation School of Computing and Information Sciences (KFSCIS) Research Symposium featured innovations in cybersecurity, Artificial Intelligence (AI), data science, federated learning, and more. Maryna Veksler, Harun Oz, and Mahshad Shariatnasab are three KFSCIS Ph.D. students who received top honors at the symposium for their work in cybersecurity and AI. Oz presented research on a newly discovered attack vector that may increase the risk of ransomware attacks.

The National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project aims to deliver cybersecurity guidance that will help consumers and operators of 5G networks adopt, deploy, and use 5G technology in a more secure and privacy-enhancing way. The NCCoE 5G Cybersecurity project involves building a 5G network using commercial-grade telecommunication components found in 5G networks worldwide.

A new study conducted by researchers at the University of Waterloo reveals that Large Language Models (LLMs) repeat conspiracy theories, harmful stereotypes, and other types of misinformation. The researchers tested an early version of ChatGPT's understanding of facts, conspiracies, controversies, misconceptions, and more. This study is part of the researchers' efforts to explore human-technology interactions and determine how to mitigate risks. They found that GPT-3 often made errors, contradicted itself, and repeated harmful misinformation.

Daniel Balasubramanian, a senior research scientist at Vanderbilt's Institute for Software Integrated Systems, will lead a four-year Defense Advanced Research Projects Agency (DARPA) grant to create realistic network environments for training cyber agents to combat advanced and persistent cyber threats. According to Cybersecurity Ventures, the cost of cybercrime globally could reach $9.5 trillion in 2024, with a single data breach potentially costing millions of dollars.

According to CloudSEK researchers, a threat actor known as PRISMA boasted a powerful zero-day exploit and developed a sophisticated solution for generating persistent Google cookies by manipulating a token. This exploit allows for continued access to Google services, even after a user's password has been reset. Open Authorization 2.0 (OAuth 2.0) is a protocol for securing and authorizing access to resources on the Internet.

A zero-day vulnerability impacting Barracuda Networks' Email Security Gateway (ESG) enables hackers to install backdoors. The vulnerability exists in Spreadsheet::ParseExcel, an open-source library for processing Excel files. The library is used by the Amavis virus scanner on the ESG to scan Excel attachments sent via email. The vulnerability, tracked as CVE-2023-7102, allows malicious Excel attachments to run arbitrary code on a Barracuda ESG. According to Barracuda, there have already been several exploits of this vulnerability.

The Resecurity's HUNTER unit discovered a new version of the Meduza stealer that supports more software clients, including browser-based cryptocurrency wallets. Meduza 2.2 also has an improved credit card grabber. According to researchers, Meduza is a strong competitor to Azorult, Redline, Racoon, and Vidar Stealer for Account Takeover (ATO), online banking theft, and financial fraud. This article continues to discuss key findings regarding the new version of the Meduza stealer.

The complexity of Application Programming Interface (API) security continues to grow as technology advances. The rise of APIs in modern applications and services calls for organizations to better understand their API environments and the operational risks that APIs pose. Graylog CEO Andy Grolnick highlights several key trends and predictions that will shape the API security landscape in 2024. According to Grolnick, the number of targeted application-level attacks will increase.

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new phishing campaign launched by the Russia-linked APT28 group to steal sensitive information. The campaign involves previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK. The agency discovered the activity between December 15 and December 25, 2023, targeting government entities with email messages urging recipients to click on a link to view a document. This article continues to discuss the APT28 group's new phishing campaign that distributes OCEANMAP, MASEPIE, and STEELHOOK.

The shift toward content credentials comes as interest in automated deepfake-detection systems wanes. The Coalition for Content Provenance and Authenticity (C2PA) group combines the Adobe-led Content Authenticity Initiative and Project Origin, a media provenance effort. In 2021, initial standards were released for attaching cryptographically secure metadata to image and video files. Any change to the file in its system is automatically reflected in the metadata, breaking the cryptographic seal and revealing any tampering.