Threat intelligence-sharing platform VirusTotal has recently unveiled new research showing how cyber defenders can use AI to enhance malware analysis.  VirusTotal found that AI is extremely effective in analyzing malicious code, identifying 70% more malicious scripts than traditional techniques alone.  VirusTotal also observed that AI was up to 300% more accurate than traditional techniques at detecting attempts by malicious scripts to target a device with a common vulnerability or exploit.

Researchers from the University of Michigan's Computer Science and Engineering (CSE) division are presenting papers at the Association for Computing Machinery Special Interest Group on Security, Audit and Control's (SIGSAC's) Conference on Computer and Communications Security (ACM CCS). The conference gathers experts and practitioners to share their latest ideas, innovations, and findings.

Carnegie Mellon faculty and students are presenting on various topics at the Association for Computing Machinery Special Interest Group on Security, Audit and Control's (SIGSAC's) Conference on Computer and Communications Security (ACM CCS). The conference brings together information security researchers, practitioners, developers, and users worldwide to discuss novel ideas and findings.

Amir Hossein Golshan, 25, of Los Angeles, was recently sentenced to 96 months in prison for perpetrating multiple cybercrime schemes, including one involving SIM swapping.  Between April 2019 and February 2023, Golshan caused roughly $740,000 in losses to hundreds of victims as a result of various online scams and unauthorized access to digital accounts.  According to the Department of Justice (DoJ), Golshan took over victims’ social media accounts, impersonated Apple support, and engaged in Zelle payment fraud schemes.

Researchers have discovered a case of "forced authentication" that threat actors could exploit to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking the victim into opening a specially crafted Microsoft Access file. The attack exploits a legitimate database management system solution feature that enables users to link to external data sources such as a remote SQL Server table. NTLM, a challenge-response authentication protocol introduced by Microsoft in 1993, is used to authenticate users during sign-in.

According to the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to small and midsize businesses (SMBs) and Managed Service Providers (MSPs), malware-free attacks, attackers' increased reliance on legitimate tools and scripting frameworks, and Business Email Compromise (BEC) scams were the most prominent threats SMBs faced in the third quarter of 2023.

Hackers are targeting CVE-2023-49103, a critical ownCloud vulnerability that exposes admin passwords, mail server credentials, and license keys in containerized deployments. The ownCloud product is a popular open-source file synchronization and sharing solution for those who want to manage and share data through a self-hosted platform. On November 21, the developers of the software released security bulletins for three vulnerabilities that could lead to data breaches, suggesting that ownCloud administrators implement the recommended mitigations.

Law enforcement agencies in seven countries recently teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation.  According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  Europol noted that the cybercrime operation targeted thousands of entities across 71 countries.

Google is disputing a recent report by a security vendor about a design flaw in Google Workspace that exposes users to data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's domain-wide delegation feature allows attackers to steal email from Gmail, exfiltrate data from Google Drive, and perform other unauthorized actions within Google Workspace Application Programming Interfaces (APIs) on all identities in a targeted domain.

On Monday, Ardent Health Services announced that its clinical and financial operations had been disrupted by a ransomware attack discovered on Thanksgiving morning.  The company noted that the incident forced it to take systems offline and suspend user access to IT applications, including corporate servers and internet and clinical programs.  The company stated that while this incident temporarily disrupts certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics.