A critical vulnerability, dubbed "BatBadBut," in the Rust standard library could be used to target Windows systems and launch command injection attacks. A security engineer from Flatt Security discovered the flaw, which allows an attacker to perform command injection on Windows applications that indirectly rely on the 'CreateProcess' function when certain conditions are met. This article continues to discuss findings regarding the BatBadBut vulnerability.

Cybersecurity researchers at VU Amsterdam University have highlighted a new variation of the Spectre v2 attack that is aimed at Intel processors. When the Spectre and Meltdown CPU attacks were made public in 2018, Spectre v2 or Spectre BTI (Branch Target Injection) was considered the most dangerous variant. Even though CPU makers and others have been working on hardware and software defenses, researchers are still finding new ways to do these attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a new release of its malware analysis system, "Malware Next-Gen." The system welcomes any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen enables CISA to better support its partners by automating the analysis of newly identified malware and improving cyber defense efforts. Network defenders responding to cyber incidents and hunting threats need up-to-date, useful information about malware, like how it works and what it is meant to do.

The National Security Agency (NSA) has published guidance on improving data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Data Pillar" aim to ensure that only authorized individuals have access to data. The capabilities described in the CSI are integrated into a comprehensive Zero Trust (ZT) framework.

Researchers have found two new Microsoft SharePoint flaws, posing a significant threat to businesses. These vulnerabilities could enable attackers to bypass audit logs, avoid triggering downloads, and exfiltrate SharePoint data. SharePoint is widely used in government and business, with an estimated 250,000 organizations relying on it for document and intranet management. The platform is particularly popular among Fortune 500 companies.

Cyber threats to the energy sector have increased significantly as geopolitical tensions continue to drive state-sponsored cyber espionage. According to a report from Rockwell Automation on Operational Technology (OT) and Industrial Control System (ICS) cybersecurity incidents, the energy sector was targeted in 39 percent of all attacks, with about 60 percent attributed to state-affiliated groups.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Microsoft warns about a vulnerability that allows hackers to take complete control of Azure Kubernetes clusters. The vulnerability, tracked as CVE-2024-29990, enables unauthenticated hackers to steal credentials and affect resources outside the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). The Azure Kubernetes Service bug has a CVSS severity score of 9/10 and could be used to take control of confidential guests and containers beyond the network stack to which it is bound.

A ransomware gang, dubbed "Muliaka" by the Moscow-based cybersecurity company F.A.C.C.T., has been targeting Russian businesses with malware developed from the Conti hacking group's leaked source code. The gang, also known as Muddy Water in English, has left few traces of its attacks, but it has likely been active since at least December 2023. In a January incident, the group attacked an unnamed Russian company by encrypting its Windows systems and VMware ESXi virtual infrastructure.

A hacking forum leak recently has led Home Depot to confirm that its employee data was compromised via a third-party software vendor.  Home Depot did not identify the breached software-as-a-service (SaaS) vendor but noted that an error exposed the names, corporate IDs, and email addresses of a "small sample" of its employees.  According to researchers, this type of data could be used to fuel targeted phishing cyberattacks.