MoneyGram International’s money transfer services are down after the company announced that it is struggling with a cyberattack that forced it to take certain systems offline.  The incident started on September 22.  Three days later, however, the outage continues and MoneyGram International’s website is inaccessible as the company is scrambling to restore the impacted systems.  The company is working diligently to bring its systems back online and resume normal business operations.

During a new study, security researchers at SonicWall found that over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations in 2024.  The researchers noted that most (91%) of these breaches have leveraged ransomware.  The researchers stated that the rapid adoption of digital tools, AI, and platforms has expanded the attack surface of healthcare organizations, resulting in a significant increase in ransomware attacks targeting this sector.

Two apps with about 11 millions in the official Google Play app store were discovered to be infected with the "Necro" trojan, which is a multi-stage loader. It was discovered in 2019 after infecting the CamScanner - Phone PDF Creator app, which had over 100 million downloads on Google Play. The new variant of Necro is being distributed through Google Play apps as well as modified versions of popular apps and games available from unofficial sources. This article continues to discuss key findings regarding the Necro trojan found in two Android apps in Google Play.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

"The National Security Agency (NSA) is launching its annual Codebreaker Challenge, offering students from U.S.-based academic institutions the opportunity to explore real-world scenarios emulating the Intelligence Community’s classified work and preparing them to tackle national security concerns after their graduation.

ESET recently announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products. The Windows products were found vulnerable to CVE-2024-7400, a high-severity bug affecting the file operations handling during the removal of a detected file. ESET noted that an attacker with low privileges on a system running an affected ESET product could exploit the flaw to delete arbitrary files and escalate privileges. ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates.

By aekwall 

Versa Networks recently announced patches for a vulnerability in the virtualization and service creation platform Versa Director, warning that proof-of-concept (PoC) code exists.  The vulnerability is tracked as CVE-2024-45229 (CVSS score of 6.6) is related to the REST API in Versa Director used for orchestration and management and could lead to the exposure of authentication tokens.

The extraction of sensitive user data from web pages by thousands of browser extensions poses significant privacy risks, as revealed by research conducted by Georgia Tech. This underscores the need for more robust privacy measures and improved enforcement. A team of researchers led by Frank Li, assistant professor in the School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering, and Ph.D. student Qinge Xie, developed a new system to monitor browser extensions' collection of user content from web pages.

The US Department of Justice (DOJ) announced a court-authorized operation to disrupt a botnet known as "Raptor Train," which has affected 200,000 devices in the US and other countries.