"ACM UMAP – User Modeling, Adaptation and Personalization – is the premier international conference for researchers and practitioners working on systems that adapt to individual users, to groups of users, and that collect, represent, and model user information."
Topics of interest include, but are not limited to security and privacy.
Google recently rolled back a release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. According to Mozilla, the issue was related to reCaptcha's dark mode detection routine for Firefox in Windows. Mozilla noted that the script attempted to modify a div's background color using "document.body.removeChild", but as the script was loaded in the HTML head, the DOM had not loaded yet and "document.body" was not available, causing the script error.
According to the 2023 Norton Cyber Safety Insights Report, more than one in every four adults worldwide has been the victim of an online dating or romance scam. The US Federal Trade Commission (FTC) reported that romance scam victims increased from 11,000 in 2016 to 70,000 in 2022, leading to a total loss of about $1.3 billion. In 2023, romance scam victims lost $652.5 million, and investment scam victims lost $4.57 billion, according to the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) report.
Google announced that over 400 million Google accounts have authenticated users over the past two years through passkeys. Passkeys involve a cryptographic key pair, with a private key stored on the device and a public key shared with the app or website. Since this key pair combination is unique, the user's passkey will only work on the website or app for which it was created. Therefore, the user cannot be tricked into signing in to a malicious look-alike website.
According to security researchers at Censys, the recently uncovered cyberespionage campaign named ArcaneDoor, which involves hacked Cisco firewalls, may be the work of a Chinese threat actor. The researchers noted that when it investigated the actor-controlled IPs provided by Talos and cross-referenced them with other certificate indicators, they discovered compelling data suggesting the potential involvement of an actor based in China, including links to multiple major Chinese networks and the presence of Chinese-developed anti-censorship software.
"The conference focuses on both the theoretical & practical aspects of the security, privacy, trust and resilience of networks, devices, applications, and services as well as novel ways of dealing with their vulnerabilities and mitigating sophisticated cyber-attacks."
The modular Trojan "Zloader," also known as "Terdot," "DELoader," or "Silent Night," is based on leaked Zeus source code. Zloader returned after an almost two-year hiatus with changes to its obfuscation techniques, Domain Generation Algorithm (DGA), and network communication. Its authors reintroduced an anti-analysis feature that prevents malware execution outside the infected machine. Many malware variants that use leaked Zeus source code had abandoned this feature. Its application makes malicious code harder to detect and analyze.
Researchers at the cybersecurity scanning company Bitsight found that the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog benefits organizations inside and outside the federal government. For nearly three years, CISA has maintained its KEV catalog, which has become the go-to repository for bugs actively being exploited by hackers. Bitsight experts asked if organizations fix KEVs faster than non-KEV catalog vulnerabilities. The median time to patch KEV catalog vulnerabilities is 3.5 times faster than non-KEV bugs.
According to Valence Security's "2024 State of SaaS Security Report," 58 percent of organizations have had a Software-as-a-Service (SaaS) security incident in the last 18 months. Therefore, 96 percent of security leaders now prioritize SaaS security, and 93 percent have increased SaaS security budgets in 2024. Eighty-four percent expressed confidence in current SaaS security programs or processes. The recent Microsoft "Midnight Blizzard" breach and Cloudflare breach, following the Okta attack campaign, show that SaaS is now a top target for malicious actors.
According to security researchers at Dynatrace, three-quarters (72%) of global CISOs have experienced an application security incident in the past two years, causing lost revenue and market share. The researchers polled 1300 CISOs and a handful of CEOs and CFOs to compile their latest report, "The State of Application Security in 2024." The researchers found that app security incidents, in many cases, led to lost revenue (47%), regulatory fines (36%), and lost market share (28%).