Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Security researchers at Mandiant recently discovered that Russia’s APT29 hacking group is targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.  According to the researchers, hackers linked to Russia’s foreign intelligence service (SVR) have expanded their target base to hit German political parties in a multi-stage malware attack that includes phishing lures and a new backdoor called Wineloader.

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have published updated joint guidance on how federal agencies and other organizations can defend against Denial-of-Service (DoS) and Distributed DoS (DDoS) threats. The guidance, which was first published in October 2022, has been updated to include a categorization of DoS and DDoS attacks into three types, DDoS technical definitions, and mitigation recommendations.

A team of researchers has detailed a new side-channel attack method dubbed "GoFetch," that exploits an unpatchable vulnerability in Apple's M series of chips and enables threat actors to extract secret keys used in cryptography operations. The method is described as a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations. The attack is aimed at a hardware optimization known as the Data Memory-Dependent Prefetcher (DMP). It tries to improve performance by prefetching addresses found in program memory.

Pwn2Own Vancouver 2024 has recently ended.  Security researchers collected $1,132,500 after demoing 29 zero-days (and some bug collisions).  Throughout the event, the security researchers targeted software and products in the web browser, cloud-native/container, virtualization, enterprise applications, server, local escalation of privilege (EoP), enterprise communications, and automotive categories, all up-to-date and in their default configuration.  The total prize pool was over $1,300,000 in cash prizes and a Tesla Model 3, which Team Synacktiv won on the first day.

Ian Carroll, Lennert Wouters, and other security researchers have revealed a hotel keycard hacking technique dubbed "Unsaflok." The method involves a set of security flaws that would enable a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by Dormakaba. The Saflok systems are installed on 3 million doors worldwide in 13,000 properties across 131 countries. Carroll and Wouters demonstrated how easy it is to open a Saflok keycard lock by exploiting flaws in both Dormakaba's encryption and the underlying RFID system, known as MIFARE Classic.

"Kimsuky," a North Korean cyber espionage group, is now using North Korea's nuclear threats to lure victims into executing malicious payloads. Researchers at Rapid7 Labs observed Kimsuky using new tactics to target victims. The group has used weaponized Office documents and ISO files, and starting last year, they began abusing shortcut (LNK) files. The attackers trick users into executing LNK files by passing them off as benign documents or files. However, these files contain hidden PowerShell commands or even full binaries.

Threat actors are trying to compromise Social Security numbers through a tax phishing attack aimed at small business owners and self-employed filers. According to Malwarebytes Labs, the social engineering scammers are most likely using a cheap email list of self-employed US residents. These emails can be obtained for as little as a few cents each, either on the dark web or through legitimate lead brokers.

A team of security researchers won a Tesla Model 3 and $200,000 for discovering a zero-day vulnerability in a vehicle's Electronic Control Unit (ECU). After one day of Pwn2Own Vancouver 2024, held by Trend Micro's Zero Day Initiative (ZDI), the Synacktiv team topped the leaderboard. Not much is known about the vulnerability because all bugs discovered during the competition are responsibly reported to the appropriate vendor for patching. However, it is known that the team used a single integer overflow flaw to exploit a Tesla ECU with Vehicle (VEH) CAN BUS Control.

Artificial Intelligence (AI)-generated deepfakes can be difficult or impossible to distinguish from the real thing. AI has already been used to mimic voices, exploit celebrities' likenesses, and impersonate world leaders, raising concerns that it will lead to increased misinformation, consumer scams, and a widespread loss of trust. Therefore, recently introduced bipartisan legislation would require the identification and labeling of AI-generated online images, videos, and audio.