Florida-based safety equipment giant Cadre Holdings recently disclosed a cyberattack that has impacted some of the company’s operations.  The company provides safety and survivability products for first responders, federal agencies, outdoor recreation, and personal protection in over 100 countries.  Its products include body armor, bomb squad equipment, duty gear, and nuclear safety solutions.

UK law enforcement agencies recently infiltrated and took down DigitalStress, the world's most prolific underground marketplace offering distributed denial of service(DDoS) services.  The National Crime Agency (NCA) said that it had taken over and disabled DigitallStress on July 2 in collaboration with the Police Service of Northern Ireland (PSNI).  The NCA noted that DigitalStress was a marketplace offering DDoS-for-hire or "booter" services.  These services allow users to create accounts and order DDoS attacks within minutes.

UK police have recently arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the National Crime Agency, in coordination with the United States Federal Bureau of Investigation (FBI), to make the arrest.  The authorities have seized the suspect's digital devices, which will be investigated for further evidence.

Two members of the infamous LockBit gang recently pleaded guilty in court in the United States over their roles in deploying ransomware against organizations in the US and worldwide.  In early May, the US announced charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, also known as LockBitSupp, LockBit, and putinkrab, allegedly the mastermind behind the RaaS.  The US government is offering a reward of $10 million for information on Khoroshev, who is estimated to have made over $100 million from the LockBit operation.

Officials with the Superior Court of Los Angeles County have announced that a ransomware attack has shut down the computer system of the largest trial court in the country.  The officials noted that the cyberattack began early Friday and is not believed to be related to the faulty CrowdStrike software update.  The court disabled its computer network systems upon discovery of the attack.  According to the officials, a preliminary investigation shows no evidence that users’ data was compromised.

According to Sophos, the energy and water infrastructure sectors' median ransomware recovery cost has quadrupled to $3 million in a year. Sophos surveyed 5,000 cybersecurity and Information Technology (IT) leaders in 15 industries and 14 countries. Ransomware attacks were second-highest in the energy and water sectors in 2024, with 67 percent of organizations reporting ransom demands, compared to 59 percent across all sectors. This article continues to discuss findings regarding ransomware recovery in the energy and water sectors.

ESET researchers discovered an adware module that appears to block ads and malicious websites but stealthily offloads a kernel driver component that lets attackers run arbitrary code with elevated permissions on Windows hosts. The malware's name, "HotPage," stems from the installer "HotPage.exe." According to ESET researcher Romain Dumont, the installer launches a driver that injects code into remote processes and two libraries that can intercept and tamper with browsers' network traffic. This article continues to discuss findings regarding the HotPage malware.

According to researchers at Wiz, SAP AI Core, a platform for developing, training, and running Artificial Intelligence (AI) services, has several vulnerabilities. The flaws bring further attention to risks associated with tenant isolation in AI infrastructure. An investigation into SAP AI Core showed that attackers could execute arbitrary code, enabling them to access sensitive customer data and cloud credentials. This breach could allow malicious actors to manipulate internal artifacts, affecting related services and customer environments.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A cybercriminal gang, tracked by researchers as "Revolver Rabbit," has registered over 500,000 domain names for infostealer campaigns targeting Windows and macOS systems. The threat actor uses Registered Domain Generation Algorithms (RDGAs). The use of this automated method enables the registration of multiple domain names at once. This article continues to discuss findings regarding the Revolver Rabbit cybercriminal group.