Cyber threats to the energy sector have increased significantly as geopolitical tensions continue to drive state-sponsored cyber espionage. According to a report from Rockwell Automation on Operational Technology (OT) and Industrial Control System (ICS) cybersecurity incidents, the energy sector was targeted in 39 percent of all attacks, with about 60 percent attributed to state-affiliated groups.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Microsoft warns about a vulnerability that allows hackers to take complete control of Azure Kubernetes clusters. The vulnerability, tracked as CVE-2024-29990, enables unauthenticated hackers to steal credentials and affect resources outside the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). The Azure Kubernetes Service bug has a CVSS severity score of 9/10 and could be used to take control of confidential guests and containers beyond the network stack to which it is bound.

A ransomware gang, dubbed "Muliaka" by the Moscow-based cybersecurity company F.A.C.C.T., has been targeting Russian businesses with malware developed from the Conti hacking group's leaked source code. The gang, also known as Muddy Water in English, has left few traces of its attacks, but it has likely been active since at least December 2023. In a January incident, the group attacked an unnamed Russian company by encrypting its Windows systems and VMware ESXi virtual infrastructure.

A hacking forum leak recently has led Home Depot to confirm that its employee data was compromised via a third-party software vendor.  Home Depot did not identify the breached software-as-a-service (SaaS) vendor but noted that an error exposed the names, corporate IDs, and email addresses of a "small sample" of its employees.  According to researchers, this type of data could be used to fuel targeted phishing cyberattacks.

Many threat actors are using malware to scan software vulnerabilities that they can exploit in future cyberattacks. According to security researchers at Palo Alto Networks' Unit 42, there was a large number of malware-initiated scans among the scanning attacks they detected in 2023. Vulnerability scanning is a common reconnaissance step for malicious actors planning to launch cyberattacks. Similar to port scanning and Operating System (OS) fingerprinting, vulnerability scanning initiates network requests to exploit the target hosts' potential vulnerabilities.

A new Vietnam-connected cybercrime group called "CoralRaider" has targeted individuals and organizations in Asia, stealing social media account information and user data. CoralRaider, which first emerged in late 2023, mainly uses social engineering techniques and legitimate services to exfiltrate data. The group creates custom tools for loading malware onto victim systems. However, according to a new analysis by researchers with Cisco's Talos threat intelligence group, the group has made some mistakes, such as inadvertently infecting their own systems and exposing their activities.

Network attached storage (NAS) vendor D-Link has recently urged users of end-of-life (EOL) products to retire and replace them, after news emerged of mass exploitation of legacy kit via a newly discovered vulnerability.  A security researcher who calls himself "netsecfish" published details of the vulnerability, which affects various D-Link NAS devices, on March 26.

Bitdefender has discovered four vulnerabilities affecting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable unauthorized access and control over the impacted models. They allow authorization bypasses, privilege escalation, and command injection. Possible attacks are based on the ability to create arbitrary accounts on the device using a service that runs on ports 3000/3001.