Georgia Tech developed a postmortem cybersecurity forensic tool named "AI Psychiatry" (AiP) that uses Artificial Intelligence (AI) to recover the original Deep Learning (DL) models a compromised machine, such as a self-driving car, runs on and determine where the fatal error emerged. Using AiP, cyber investigators can immediately see the whole picture. This article continues to discuss the goals and capabilities of the AiP tool.

Georgia Tech reports "The Sherlock Holmes of AI"

Researchers at the University of Waterloo's Cybersecurity and Privacy Institute (CPI) will receive over $1.5 million in funding from the National Cybersecurity Consortium (NCC) to advance digital security in Canada.

The student-led program "CodeHoppers," sponsored by Augusta University's (AU) School of Computer and Cyber Sciences, is returning. CodeHoppers, founded in 2017 by AU's chapter of "Girls Who Code," aims to provide a fun, friendly, and inclusive environment for girls in sixth through 12th grades. The program covers basic coding concepts, webpage principles, hacking ethics, cybersecurity, and more. This article continues to discuss the success and goals of the CodeHoppers program.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to security researchers at Veracode, security debt, flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt.  During the study, researchers found that 40% of all applications in the financial sector have security debt, which is slightly better than the cross-industry average of 42%.  In addition, just 5.5% of financial sector applications are flaw-free, compared to 5.9% across other industries.

LottieFiles has recently confirmed that its Lottie-Player software has been compromised in a supply chain attack aimed at stealing cryptocurrency from victims. LottieFiles’ Lottie-Player is widely used for embedding and playing Lottie animations on websites. Recently, users of Lottie-Player complained that their websites had been displaying a pop-up prompting visitors to connect their cryptocurrency wallet.  The goal was apparently to get users to connect their crypto wallets in an attempt to drain them.

The Dstat.cc DDoS review platform has recently been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.  According to authorities, the seizure and arrests were conducted as part of "Operation PowerOFF," an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka "booters" or "stressors," to seize infrastructure and arrest the operators.

The Canadian Centre for Cyber Security recently announced that at least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data.  It was noted that in addition to espionage, the data gathered is likely used to support the People’s Republic of China’s (PRC) malign influence and interference activities against Canada’s democratic processes and institutions.  It is believed the attackers dedicated significant time and resources to learn about the target networks.

New research shows that the "FakeCall" Android banking trojan, also known as "Fakecalls," has grown more sophisticated in evasion and espionage. The attack chain begins with traditional phishing to trick the target into downloading an APK file that serves as a dropper for the FakeCall malware. This article continues to discuss the advanced evasion tactics and expanded surveillance capabilities now employed by the FakeCall Android banking trojan.

Cisco Talos researchers have observed threat actors using copyright infringement claims to trick targets and deploy infostealers. According to the researchers, the ongoing attack in Taiwan is being spread through phishing emails containing malware attachments. The emails pose as legal notices from copyright holders or legal representatives of companies making copyright claims. This article continues to discuss malware operators tricking targets using the threat of a copyright infringement claim.