In collaboration with Google, Florida International University (FIU) researchers have identified a new threat: ransomware over a browser, which is malware embedded in a browser. According to the researchers, this threat is not specific to a particular browser type or version. Many browsers now include many advanced features in addition to allowing users to surf the web, making them more vulnerable from a cybersecurity standpoint. Cybercriminals have begun to exploit these vulnerabilities to install ransomware in browsers.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released recommendations to help small and medium-sized businesses (SMBs) adopt Single Sign-On (SSO) services. The recommendations are based on a CISA study that included focus groups with stakeholders such as SMBs, SSO service vendors, Managed Service Providers (MSPs), and network auditors. The study sought to identify stakeholders' attitudes toward SMBs' SSO adoption as well as potential adoption barriers. This article continues to discuss CISA's recommendations regarding the adoption of SSO services by SMBs.

A cryptocurrency theft campaign is spreading infostealers through fake virtual meeting software for macOS and Windows. The campaign, discovered by the Recorded Future's Insikt Group and attributed to a threat actor dubbed "Markopolo" is behind the elaborate web and social media presence for a fake app called "Vortax." The app appears to be a virtual meeting software for different platforms, but delivers "Rhadamanthys," "Stealc," and "Atomic" infostealers.

Medical device manufacturer LivaNova USA has recently started notifying 130,000 individuals, warning that their personal information was compromised in an October 2023 data breach.  LivaNova says it took certain systems offline in response to the incident, without sharing further details on the nature of attack.  In December 2023, the LockBit ransomware gang claimed responsibility for the incident and for the theft of 2.2 terabytes of data from the company.

By aekwall 

The US Department of Justice (DoJ) recently announced charges against four Vietnamese individuals believed to be responsible for cyberattacks that caused over $71 million in losses to US companies.  The individuals, Nguyen Viet Quoc (aka Tien Nguyen), Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Van Truong (aka Chung Nguyen), and Nguyen Trang Xuyen, were members of the cybercrime group FIN9.

According to security researchers at Gigamon, organizations continue to struggle to detect breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur.  During the study the researchers found that 65% of respondents believe that their existing solutions cannot effectively detect breaches. Many respondents (83%) believe that cloud complexity is increasing their cyber risk.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A vulnerability dubbed "CosmicSting" that affects Adobe Commerce and Magento websites remains largely unpatched nine days after a security update was released, leaving millions of websites exposed to attacks. According to Sansec, about three of every four websites that use the impacted e-commerce platforms have not been patched against CosmicSting, putting them at risk of XML External Entity Injection (XXE) and Remote Code Execution (RCE). This article continues to discuss the potential exploitation and impact of the CosmicSting vulnerability.

Apple classified a recently patched Vision Pro vulnerability as a Denial-of-Service (DoS) issue, but it has been proven to be a much scarier bug. Apple recently announced the release of version 1.2 of visionOS, the operating system run by its Vision Pro Virtual Reality (VR) headset. The update fixes several vulnerabilities, but one appears to be the first flaw specific to this product and the "first ever spatial computing hack." The vulnerability stems from the processing of specially crafted web content and can cause a DoS condition.