New research delves into how Internet of Things (IoT) devices, which are not as well protected as traditional computers regarding firewalls, antivirus, and malware protection, can represent a significant system vulnerability. In addition to potential financial loss, such threats can disrupt infrastructure and government, as well as endanger human lives, especially in healthcare facilities. A team of researchers from Tallinn University of Technology and the University at Albany developed a comparative framework for modeling the cyber threat to IoT devices and networks.

As growing and maturing data services demand faster Internet speeds and operating systems call for better security, hackers and adversaries continue to interfere. For some, this involves infiltrating home and office wireless networks to steal personal or business information. These attackers often use high-powered signal jamming devices, which are wireless portable devices that impede devices' communication with each other. These jammers also serve as a defense for users trying to avoid these attacks.

Face recognition software is often implemented to gatekeep access to secure websites and electronic devices. Researchers are looking into the possibility of defeating it simply by wearing a mask resembling another person's face. The National Institute of Standards and Technology (NIST) recently published research on software designed to detect this type of spoof attack. The new study is published alongside another that evaluates the ability of software to identify potential issues with a photograph or digital facial image, such as one captured for a passport.

Vijay Atluri, a Rutgers University professor, received a grant supporting her research on information security, particularly on how protection can be enabled automatically based on user credentials and the types of resources that require protection. Her project titled "Generating Machine-Enforceable Security Policies from Natural Language Text" aims to identify certain policy sentences, convert them into attribute-based access control rules, and then generate code that can be used to automatically enforce the rules.

During two weeks in March 2022, 95 percent of the accounts opened at major US banks were fraudulently created. According to Rachel Wilson, managing director and head of cybersecurity for Morgan Stanley's Wealth Management division, many were created by Russian state hackers who conducted a Denial-of-Service (DoS) attack to block Ukrainian war refugees from transferring their money to American financial institutions.

The National Security Agency has announced that it is starting an artificial intelligence security center.  Army Gen. Paul Nakasone said the center would be incorporated into the NSA’s Cybersecurity Collaboration Center, where it works with private industry and international partners to harden the U.S. defense-industrial base against threats from adversaries led by China and Russia.

Progress Software, the maker of the MOVEit Transfer tool that hackers exploited to compromise thousands of businesses, has announced that its WS_FTP Server software requires a patch for a critical flaw. The company recently disclosed vulnerabilities impacting the interface and Ad Hoc Transfer module of the WS_FTP Server secure file transfer software. Progress Software's advisory notes that attackers could exploit a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

Open directories pose a significant security threat to organizations as they could leak sensitive data, intellectual property, or technical data that may enable an attacker to compromise an entire system. According to new research from the Internet intelligence platform, Censys, over 2,000 TB of unprotected data, including complete databases and documents, is currently accessible in open directories globally.

The FBI has issued a warning regarding a new trend of ransomware attacks in which multiple strains are launched on victims' networks to encrypt systems in less than two days. The FBI issued a Private Industry Notification in response to trends observed in July 2023. The federal law enforcement agency explains that ransomware affiliates and operators have been observed targeting victim organizations with two different variants. AvosLocker, Diamond, Hive, Karakurt, LockBit, and Quantum are some of the variants used in these dual ransomware attacks.

Security researchers at DomainTools have witnessed a significant increase in cyberattacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns.  One smishing message raised suspicions due to its peculiar language, suggesting the involvement of a non-native English speaker or reliance on translation services.  The researchers traced a domain marked with a high-risk score, leading to the discovery of 163 related domains associated with email addresses following a familiar naming convention.