Hydropower, one of the oldest forms of energy generation in the US, makes up 6 percent of the country's electricity supply. However, as the country continues to modernize the electric grid, hydropower, like other technologies, is increasingly relying on digital control systems, thus calling for training and recruitment of the next generation of cybersecurity experts. Pacific Northwest National Laboratory (PNNL) has launched the Training Outreach and Recruitment for Cybersecurity in Hydropower (TORCH) program at the University of Texas at El Paso (UTEP).

The U.S. Treasury Department recently announced sanctions against a half dozen Iranian government officials for their role in targeting devices at a Pennsylvania water utility in November 2023.

According to Gcore, Distributed Denial-of-Service (DDoS) attack trends for the second half of 2023 reveal alarming increases in scale and sophistication. The maximum attack power increased from 800 Gbps to 1.6 Tbps. User Datagram Protocol (UDP) floods dominate, making up 62 percent of DDoS attacks. Transmission Control Protocol (TCP) floods and Internet Control Message Protocol (ICMP) attacks continue to be popular, comprising 16 percent and 12 percent of total activity, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, made up for only 10 percent.

From April 2022 to November 2023, the Russian state-sponsored hacking group APT28 conducted NT LAN Manager (NTLM) v2 hash relay attacks using various methods, focusing on high-value targets worldwide. The attacks targeted organizations involved in foreign affairs, energy, defense, transportation, and more. This article continues to discuss APT28's targeting of high-value organizations with NTLM v2 hash relay attacks.

According to security researchers at Trustpair, 96% of US companies were targeted with at least one fraud attempt in the past year.  In the past year, many US companies (83%) saw an increase in cyber fraud attempts on their organization.  The researchers noted that Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations.  CEO and CFO impersonations (44%) were the third most common type of fraud.

Lurie Children's Hospital in Chicago was recently forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.  Lurie Children's is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees.  The hospital is providing care for over 200,000 children annually.

Cloudflare has revealed that a suspected nation-state actor breached its internal Atlassian server. They gained access to its Confluence wiki, Jira bug database, and Bitbucket source code management system. On November 14, the threat actor accessed Cloudflare's self-hosted Atlassian server before moving on to the company's Confluence and Jira systems. To access its systems, the attackers used one access token and three service account credentials stolen from a previous compromise related to Okta's breach in October 2023. This article continues to discuss the Cloudflare hacking incident.

Patchwork, an Indian Advanced Persistent Threat (APT) group known for its targeted spear phishing cyberattacks on Pakistanis, has been using Google Play to distribute six different Android espionage apps masquerading as legitimate messaging and news services. They include a newly discovered Remote Access Trojan (RAT) called VajraSpy. ESET researchers who discovered the campaign found that the VjjaraSpy RAT intercepts calls, SMS messages, files, contacts, and other data. They can also extract WhatsApp and Signal messages, record phone calls, and take pictures.

Researchers have discovered a cross-lingual flaw in OpenAI's GPT-4 Large Language Model (LLM) that enables malicious users to jailbreak the model and bypass its safety measures by using prompts translated into lesser-spoken languages. A team of researchers at Brown University published a paper that explores a potential vulnerability in OpenAI's GPT-4 LLM caused by linguistic inequality in safety training data. According to the researchers, translating unsafe inputs into low-resource languages could provoke prohibited behavior from the chatbot.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.