Researchers have discovered new phishing attacks aimed at delivering the information stealer known as "StrelaStealer." According to a new report published by Palo Alto Networks' Unit 42, the campaigns impact over 100 EU and US organizations. These campaigns involve spam emails with attachments that eventually launch the StrelaStealer DLL payload. To avoid detection, attackers change the initial email attachment file format from one campaign to the next, preventing detection by previously generated signatures or patterns.

A team of researchers, with members from the Universitat Oberta de Catalunya (UOC), led by the Universitat Autònoma de Barcelona (UAB), has launched a new research project aimed at improving network security using tools that analyze information and identify malicious content for subsequent filtering. The two-year DANGER cybersecurity project focuses on cybersecurity for the detection, analysis, and filtering of fake or malicious content in hyperconnectivity environments. This article continues to discuss the DANGER project's objectives. 

The "SmokeLoader" malware has been used in a series of phishing campaigns by financially motivated hackers, primarily against the Ukrainian government and administration organizations. The Ukrainian SSSCIP State Cyber Protection Center (SCPC), in collaboration with Palo Alto Networks' Unit 42, has been tracking phishing campaigns linked to the distribution of the SmokeLoader malware.

German police have seized infrastructure for the darknet cybercrime marketplace "Nemesis Market" in Germany and Lithuania. The Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) took action, which involved taking down the website and seizing about $100,000 in cash. The Nemesis Market opened in 2021 as a new marketplace for cybercrime services that help launch ransomware, phishing, and Distributed Denial-of-Service (DDoS) attacks. The marketplace also served as a place to buy stolen data, credit cards, and more.

Researchers recently revealed how they developed generative Artificial Intelligence (AI) worms capable of spreading autonomously between AI systems. The AI worm, dubbed "Morris II" after the first computer worm to ever be recorded, can silently target AI-powered email assistants. The researchers also demonstrated how the worm could cause the AI to release personal data, send spam emails, and replicate itself across the digital ecosystem using crafted prompts hidden in legitimate communications. This article continues to discuss the introduction of AI worms. 

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Security researchers at Mandiant recently discovered that Russia’s APT29 hacking group is targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.  According to the researchers, hackers linked to Russia’s foreign intelligence service (SVR) have expanded their target base to hit German political parties in a multi-stage malware attack that includes phishing lures and a new backdoor called Wineloader.

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have published updated joint guidance on how federal agencies and other organizations can defend against Denial-of-Service (DoS) and Distributed DoS (DDoS) threats. The guidance, which was first published in October 2022, has been updated to include a categorization of DoS and DDoS attacks into three types, DDoS technical definitions, and mitigation recommendations.

A team of researchers has detailed a new side-channel attack method dubbed "GoFetch," that exploits an unpatchable vulnerability in Apple's M series of chips and enables threat actors to extract secret keys used in cryptography operations. The method is described as a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations. The attack is aimed at a hardware optimization known as the Data Memory-Dependent Prefetcher (DMP). It tries to improve performance by prefetching addresses found in program memory.