"Windows: New 'BatBadBut' Rust Vulnerability Given Highest Severity Score"

"Windows: New 'BatBadBut' Rust Vulnerability Given Highest Severity Score"

A critical vulnerability, dubbed "BatBadBut," in the Rust standard library could be used to target Windows systems and launch command injection attacks. A security engineer from Flatt Security discovered the flaw, which allows an attacker to perform command injection on Windows applications that indirectly rely on the 'CreateProcess' function when certain conditions are met. This article continues to discuss findings regarding the BatBadBut vulnerability.

Submitted by Gregory Rigby on

"Researchers Resurrect Spectre v2 Attack Against Intel CPUs"

"Researchers Resurrect Spectre v2 Attack Against Intel CPUs"

Cybersecurity researchers at VU Amsterdam University have highlighted a new variation of the Spectre v2 attack that is aimed at Intel processors. When the Spectre and Meltdown CPU attacks were made public in 2018, Spectre v2 or Spectre BTI (Branch Target Injection) was considered the most dangerous variant. Even though CPU makers and others have been working on hardware and software defenses, researchers are still finding new ways to do these attacks.

Submitted by Gregory Rigby on

"CISA Announces Malware Next-Gen Analysis"

"CISA Announces Malware Next-Gen Analysis"

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a new release of its malware analysis system, "Malware Next-Gen." The system welcomes any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen enables CISA to better support its partners by automating the analysis of newly identified malware and improving cyber defense efforts. Network defenders responding to cyber incidents and hunting threats need up-to-date, useful information about malware, like how it works and what it is meant to do.

Submitted by Gregory Rigby on

"NSA Issues Guidance for Maturing Data Security"

"NSA Issues Guidance for Maturing Data Security"

The National Security Agency (NSA) has published guidance on improving data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Data Pillar" aim to ensure that only authorized individuals have access to data. The capabilities described in the CSI are integrated into a comprehensive Zero Trust (ZT) framework.

Submitted by Gregory Rigby on

"Two New Bugs Can Bypass Detection and Steal SharePoint Data"

"Two New Bugs Can Bypass Detection and Steal SharePoint Data"

Researchers have found two new Microsoft SharePoint flaws, posing a significant threat to businesses. These vulnerabilities could enable attackers to bypass audit logs, avoid triggering downloads, and exfiltrate SharePoint data. SharePoint is widely used in government and business, with an estimated 250,000 organizations relying on it for document and intranet management. The platform is particularly popular among Fortune 500 companies.

Submitted by Gregory Rigby on

"How Can the Energy Sector Bolster Its Resilience to Ransomware Attacks?"

"How Can the Energy Sector Bolster Its Resilience to Ransomware Attacks?"

Cyber threats to the energy sector have increased significantly as geopolitical tensions continue to drive state-sponsored cyber espionage. According to a report from Rockwell Automation on Operational Technology (OT) and Industrial Control System (ICS) cybersecurity incidents, the energy sector was targeted in 39 percent of all attacks, with about 60 percent attributed to state-affiliated groups.

Submitted by Gregory Rigby on

Pub Crawl - April 2024

Pub Crawl - April 2024

Selections by dgoff

Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Submitted by Gregory Rigby on

"Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers"

"Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers"

Microsoft warns about a vulnerability that allows hackers to take complete control of Azure Kubernetes clusters. The vulnerability, tracked as CVE-2024-29990, enables unauthenticated hackers to steal credentials and affect resources outside the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). The Azure Kubernetes Service bug has a CVSS severity score of 9/10 and could be used to take control of confidential guests and containers beyond the network stack to which it is bound.

Submitted by Gregory Rigby on

"Researchers Discover New Ransomware Gang 'Muliaka' Attacking Russian Businesses"

"Researchers Discover New Ransomware Gang 'Muliaka' Attacking Russian Businesses"

A ransomware gang, dubbed "Muliaka" by the Moscow-based cybersecurity company F.A.C.C.T., has been targeting Russian businesses with malware developed from the Conti hacking group's leaked source code. The gang, also known as Muddy Water in English, has left few traces of its attacks, but it has likely been active since at least December 2023. In a January incident, the group attacked an unnamed Russian company by encrypting its Windows systems and VMware ESXi virtual infrastructure.

Submitted by Gregory Rigby on

"Home Depot Hammered by Supply Chain Data Breach"

"Home Depot Hammered by Supply Chain Data Breach"

A hacking forum leak recently has led Home Depot to confirm that its employee data was compromised via a third-party software vendor.  Home Depot did not identify the breached software-as-a-service (SaaS) vendor but noted that an error exposed the names, corporate IDs, and email addresses of a "small sample" of its employees.  According to researchers, this type of data could be used to fuel targeted phishing cyberattacks.

Submitted by Adam Ekwall on
Subscribe to