Researchers have found a multi-step information-stealing campaign in which hackers infiltrate the systems of hotels, booking sites, and travel agencies, and then use their access to take customers' financial data. By using this indirect method and a fake Booking[.]com payment page, cybercriminals have discovered a way to collect credit card information with a significantly higher success rate. This article continues to discuss the hackers' campaign involving the use of a fake Booking[.]com payment page.

According to Coalition, the frequency of cyber insurance claims rose by 12 percent in the first half of 2023. Early in 2023, Coalition discovered that the frequency and severity of business claims increased across all revenue bands. Companies with revenues greater than $100 million experienced the most significant increase (20 percent) in the number of claims, as well as greater losses from attacks. According to Coalition's report, ransomware claims in the first half of 2023 increased by 27 percent from the second half of 2022.

The list of Advanced Persistent Threat (APT) actors against which telecommunications companies must secure their data and networks now includes an additional sophisticated adversary. The new threat called "Sandman" is a group of unknown origin that emerged in August and has been using LuaJIT, a high-performance, just-in-time compiler for the Lua programming language, to deploy a novel backdoor. Researchers at SentinelOne are tracking the backdoor as "LuaDream" after spotting it in attacks against telecommunications companies in the Middle East, Western Europe, and South Asia.

The SoS Reviews and Outreach highlights some of the exciting research, news, and events that impact our technical community.

Subscribe to the SoS R&O

Pub Crawl Archive

The Pub Crawl section contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security (SoS) community.

The secure-by-design white paper from the US Cybersecurity and Infrastructure Security Agency (CISA) outlines three fundamental principles for software manufacturers: accept responsibility for customer security outcomes, embrace radical transparency, and lead security transformations from the top of the organization. Solutions to the issue of memory unsafety will include all three of these principles. CISA calls on software manufacturers to prioritize reducing and eventually eliminating memory safety vulnerabilities in their product lines.

Cybersecurity advisories issued by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) indicate that a specific threat warrants the immediate attention of organizations in the line of fire. This appears to be the case with "Snatch," a Ransomware-as-a-Service (RaaS) operation that has been active since at least 2018 and is the subject of a warning issued by two agencies this week.

The Science of Security 5 Hard Problems

The Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gauge progress. These 5 were selected for their level of technical challenge, their potential operational significance,  and  their  likelihood  of  benefiting  from emphasis  on scientific  research  methods and improved measurement capabilities.

Unknown threat actors have published a fake proof-of-concept (PoC) exploit for CVE-2023-4047, a recently patched Remote Code Execution (RCE) flaw in WinRAR, in order to spread the VenomRAT malware. On August 17, 2023, Trend Micro's Zero Day Initiative disclosed the RCE vulnerability that allowed threat actors to execute arbitrary code on affected installations of WinRAR. Four days after the public disclosure of the vulnerability, the attacker seized the opportunity to publish a fake PoC on GitHub. The fake PoC is based on publicly available PoC code for a GeoServer SQL injection flaw.

Pizza Hut Australia recently announced that 190,000 customer's data had been accessed.  The information unauthorized entities accessed included customers' names, delivery addresses, email addresses, phone numbers, and order histories.  Pizza Hut's Australian operation told customers it learned of the incident in early September and described it as "unauthorized third party" access to a subset of its data.