Carnegie Mellon University's (CMU) CERT Coordination Center (CERT/CC) published an advisory for a critical flaw, discovered by Amazon Element55's Andrue Coombes, in the Microchip Advanced Software Framework (ASF). The framework is a free and open source code library used for the company's microcontrollers. According to the US semiconductor supplier, the product is for evaluation, prototyping, design, and production. CERT/CC says the issue stems from ASF's implementation of the Tinydhcp server. It enables Remote Code Execution (RCE) using specially crafted DHCP requests.

According to security researchers at HP Wolf Security, cybercriminals are using a wider-than-ever range of malicious documents to spread malware and gain initial access to target systems.  The researchers noted that attackers are now prioritizing script-based phishing techniques over approaches based on traditional malicious documents.  The researchers found that 39.23% of malware deliveries came from an archive file in the second quarter of 2024, compared to 27.89% in the previous reported period.  

Arkansas City, a small city in Kansas, recently announced that its water treatment facility was forced to switch to manual operations while a cybersecurity incident is being resolved.  The cyberattack was discovered on the morning of September 22 and led to precautionary measures being taken "to ensure plant operations remained secure." According to city manager Randy Frazer, the water supply has not been affected, and the incident has not caused disruption to service.

MoneyGram International’s money transfer services are down after the company announced that it is struggling with a cyberattack that forced it to take certain systems offline.  The incident started on September 22.  Three days later, however, the outage continues and MoneyGram International’s website is inaccessible as the company is scrambling to restore the impacted systems.  The company is working diligently to bring its systems back online and resume normal business operations.

During a new study, security researchers at SonicWall found that over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations in 2024.  The researchers noted that most (91%) of these breaches have leveraged ransomware.  The researchers stated that the rapid adoption of digital tools, AI, and platforms has expanded the attack surface of healthcare organizations, resulting in a significant increase in ransomware attacks targeting this sector.

Two apps with about 11 millions in the official Google Play app store were discovered to be infected with the "Necro" trojan, which is a multi-stage loader. It was discovered in 2019 after infecting the CamScanner - Phone PDF Creator app, which had over 100 million downloads on Google Play. The new variant of Necro is being distributed through Google Play apps as well as modified versions of popular apps and games available from unofficial sources. This article continues to discuss key findings regarding the Necro trojan found in two Android apps in Google Play.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

"The National Security Agency (NSA) is launching its annual Codebreaker Challenge, offering students from U.S.-based academic institutions the opportunity to explore real-world scenarios emulating the Intelligence Community’s classified work and preparing them to tackle national security concerns after their graduation.

ESET recently announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products. The Windows products were found vulnerable to CVE-2024-7400, a high-severity bug affecting the file operations handling during the removal of a detected file. ESET noted that an attacker with low privileges on a system running an affected ESET product could exploit the flaw to delete arbitrary files and escalate privileges. ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates.