Cybersecurity advisories issued by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) indicate that a specific threat warrants the immediate attention of organizations in the line of fire. This appears to be the case with "Snatch," a Ransomware-as-a-Service (RaaS) operation that has been active since at least 2018 and is the subject of a warning issued by two agencies this week.

The Science of Security 5 Hard Problems

The Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gauge progress. These 5 were selected for their level of technical challenge, their potential operational significance,  and  their  likelihood  of  benefiting  from emphasis  on scientific  research  methods and improved measurement capabilities.

Unknown threat actors have published a fake proof-of-concept (PoC) exploit for CVE-2023-4047, a recently patched Remote Code Execution (RCE) flaw in WinRAR, in order to spread the VenomRAT malware. On August 17, 2023, Trend Micro's Zero Day Initiative disclosed the RCE vulnerability that allowed threat actors to execute arbitrary code on affected installations of WinRAR. Four days after the public disclosure of the vulnerability, the attacker seized the opportunity to publish a fake PoC on GitHub. The fake PoC is based on publicly available PoC code for a GeoServer SQL injection flaw.

Pizza Hut Australia recently announced that 190,000 customer's data had been accessed.  The information unauthorized entities accessed included customers' names, delivery addresses, email addresses, phone numbers, and order histories.  Pizza Hut's Australian operation told customers it learned of the incident in early September and described it as "unauthorized third party" access to a subset of its data.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to security researchers at Norton, scams involving human manipulation comprised 75% of all desktop threats in the first half of 2023. In the first half of 2023, the researchers saw a rise in three particular scams: E-shop scams, Sextortion scams, and Tech Support Scams. E-shop scams are where fake online stores are created to lure shoppers with popular products offered at huge discounts. However, the product is never delivered, and scammers exit with the victim's card details and payment.

According to security researchers at Netacea, the typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks. The researchers surveyed 440 businesses with an average online revenue of $1.9bn across the travel, entertainment, e-commerce, financial services, and telecoms sectors in the US and the UK. The researchers found that the average firm loses $85.6m annually to bot attacks, up from $33.3m per business in 2020. The researchers noted that this is far greater than the average ransom payment or GDPR fine.

T-Mobile customers reported being able to see the account and billing information of others after logging into the company's official mobile app. According to user reports, the exposed information included consumers' names, phone numbers, addresses, account balances, and credit card information, such as expiration dates and the last four digits. While a large number of reports began appearing on Reddit and Twitter on September 20, some T-Mobile customers claimed to have experienced this for the last two weeks.

A financially motivated threat actor has been identified as an Initial Access Broker (IAB) who sells access to compromised organizations to other adversaries to perform follow-on attacks. The SecureWorks Counter Threat Unit (CTU) has named the group Gold Melody, which also goes by the names Prophet Spider and UNC961. According to the cybersecurity company, this financially motivated group has been active since at least 2017, exploiting vulnerabilities in unpatched Internet-facing servers to compromise organizations.

This is another news item.