Selections by dgoff
Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) call on software companies to review for and fix path traversal security vulnerabilities before shipping. Path traversal vulnerabilities allow attackers to create or overwrite critical files used to execute code or evade authentication. Threat actors can use such security flaws to access sensitive data like credentials to brute-force accounts and breach targeted systems.
Law enforcement recently shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. Dozens of German law enforcement officers, aided by hundreds of counterparts from other countries (i.e., Albania, Bosnia and Herzegovina, Kosovo, and Lebanon), carried out numerous raids on April 18, identifying 39 suspects and arresting 21 individuals. Law enforcement said it also confiscated evidence, including data carriers, documents, cash, and other assets, valued at roughly €1 million.
The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI) and the US Department of State, released a Cybersecurity Advisory (CSA) titled "North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts" to help protect against Democratic People's Republic of Korea (DPRK, also known as North Korea) techniques that enable emails to appear to be from legitimate journalists, academics, or other East Asian affairs experts.
Microsoft researchers found a vulnerability pattern dubbed "Dirty Stream" in popular Android apps, putting billions of users at risk. The vulnerability pattern, linked to path traversal, allows a malicious app to manipulate files in the vulnerable app's home directory. This vulnerability affects several Google Play Store apps with over four billion installations. Microsoft has emphasized the importance of industry collaboration in addressing evolving threats and urged developers to check their apps for similar vulnerabilities.
A new botnet called "Goldoon" targets D-Link routers by exploiting a nearly decade-old critical security flaw to launch more attacks. The vulnerability, tracked as CVE-2015-2051 with a CVSS score of 9.8, impacts D-Link DIR-645 routers and enables remote attackers to execute arbitrary commands via specially crafted HTTP requests. According to Fortinet FortiGuard Labs researchers, attackers can gain complete control of a compromised device, extract system information, communicate with a Command-and-Control (C2) server, and more.
There has been a rise in the use of native Microsoft services by nation-state espionage actors for their Command-and-Control (C2) needs. In recent years, several unrelated groups have realized that using Microsoft's services against their targets is cheaper and more effective than building and maintaining their own infrastructure. Besides saving money and hassle by not having to build and maintain their own infrastructure, using legitimate services lets attackers blend in with legitimate network traffic.
Continuum, a health management and patient care coordination company, said attackers stole personal and medical data. According to Continuum's report to the Maine Attorney General, over 377,000 people were exposed in the attack. Continuum revealed that the threat actors breached its systems on October 18 and accessed patient data, which puts affected individuals at risk of identity theft, financial fraud, targeted phishing attacks, blackmail, and more. This article continues to discuss the Continuum hack.
The LockBit Ransomware-as-a-Service (RaaS) gang released confidential data it claims to be from a hospital in Cannes, France. The cybercrime ecosystem has previously targeted the French healthcare sector, with several attacks disrupting patient care in recent years. One incident in February compromised data on over 33 million people in France. The release of data from the Simone Veil hospital in Cannes comes after the hospital revealed it had received an extortion demand from LockBit.
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical vulnerability in GitLab's email verification process is being exploited for password hijacking. The flaw, tracked as CVE-2023-7028 with a CVSS score of 10, enables password reset messages to be sent to unverified email addresses, thus allowing attackers to take over the password reset process and accounts. This article continues to discuss the critical vulnerability in GitLab’s email verification process.