14th ACM Conference on Data and Application Security and Privacy

"With rapid global penetration of the Internet and smart phones and the resulting productivity and social gains, the world is becoming increasingly dependent on its cyber infrastructure. Criminals, spies and predators of all kinds have learned to exploit this landscape much quicker than defenders have advanced in their technologies. Security and Privacy has become an essential concern of applications and systems throughout their lifecycle. Security concerns have rapidly moved up the software stack as the Internet and web have matured.

"NPM Registry Users Download 2.1B Deprecated Packages Weekly, Researchers Say"

"NPM Registry Users Download 2.1B Deprecated Packages Weekly, Researchers Say"

Researchers from Aqua Security's Team Nautilus conducted a statistical analysis of the top 50,000 most downloaded packages in the NPM registry, revealing that users download deprecated packages an estimated 2.1 billion times per week. The researchers stress that deprecated, archived, and orphaned NPM packages may contain unpatched or unreported vulnerabilities, putting projects that rely on them at risk.

Submitted by Gregory Rigby on

"Chinese Cyberspies Exploited Critical VMware vCenter Flaw Undetected for 1.5 Years"

"Chinese Cyberspies Exploited Critical VMware vCenter Flaw Undetected for 1.5 Years"

In October, VMware patched a critical Remote Code Execution (RCE) vulnerability in its vCenter Server and Cloud Foundation enterprise products. Researchers from the security company Mandiant have now revealed that the Chinese cyber espionage group known as UNC3886 had been exploiting the vulnerability for 1.5 years before a fix was made. UNC3886 has historically focused on technologies that cannot have Endpoint Detection and Response (EDR) deployed. The group UNC3886 is known for using zero-day vulnerabilities to achieve their objectives without being detected.

Submitted by Gregory Rigby on

"Cracked macOS Apps Drain Wallets Using Scripts Fetched From DNS Records"

"Cracked macOS Apps Drain Wallets Using Scripts Fetched From DNS Records"

Hackers are delivering information-stealing malware to macOS users through Domain Name System (DNS) records that hide malicious scripts. The campaign targets macOS Ventura and later users, relying on cracked applications repackaged as PKG files containing a trojan. This article continues to discuss findings regarding the campaign that delivers information-stealing malware to macOS users through DNS records with hidden malicious scripts.

Submitted by Gregory Rigby on

"'VexTrio' TDS: The Biggest Cybercrime Operation on the Web?"

"'VexTrio' TDS: The Biggest Cybercrime Operation on the Web?"

One Traffic Distribution System (TDS) operator with over 70,000 domains is facilitating unprecedented levels of scams, phishing, and malware infections. The group, called VexTrio, is not known for its malicious campaigns, but it occasionally dabbles in cybercrime. It runs a TDS network that connects threat actors who compromise vulnerable websites to those who host malicious content. According to Infoblox, VexTrio is the most widespread threat actor in the wild, having affected more than half of all organizations it has monitored in the last two years.

Submitted by Gregory Rigby on

"Russian Hackers Suspected of Sweden Cyberattack"

"Russian Hackers Suspected of Sweden Cyberattack"

According to IT consultancy Tietoery, online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group.  The company claims that the problem could take weeks to fix.  Tietoery noted that one of its data centers in Sweden was attacked overnight Friday to Saturday, knocking out online purchases at the country’s biggest cinema chain and some department stores and shops.

Submitted by Adam Ekwall on

"Subway Sandwich Chain Investigating Ransomware Group’s Claims"

"Subway Sandwich Chain Investigating Ransomware Group’s Claims"

Sandwich chain Subway has recently launched an investigation after the notorious LockBit ransomware group claimed over the weekend that it hacked into the company’s systems and stole vast amounts of information.  LockBit claimed that they exfiltrated their SUBS internal system, which includes hundreds of gigabytes of data and all financial expects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers, etc.

Submitted by Adam Ekwall on

"Aviation Leasing Giant AerCap Hit by Ransomware Attack"

"Aviation Leasing Giant AerCap Hit by Ransomware Attack"

Aircraft leasing giant AerCap has recently confirmed falling victim to ransomware after an emerging cybercrime gang claimed responsibility for the attack.  The company says that the intrusion occurred on January 17.  The company noted that they have complete control of all of their IT systems, and to date, they have suffered no financial loss related to this incident.  AerCap says that it had notified law enforcement immediately after identifying the attack and that its investigation into the incident has yet to determine if any data was compromised or exfiltrated.

Submitted by Adam Ekwall on

"Researchers Unveil New Way to Counter Mobile Phone 'Account Takeover' Attacks"

"Researchers Unveil New Way to Counter Mobile Phone 'Account Takeover' Attacks"

A team of computer science researchers developed a new method for identifying security vulnerabilities that leave people exposed to Account Takeover (ATO) attacks. In such attacks, hackers gain unauthorized access to online accounts. Most mobile devices now contain a complex ecosystem of interconnected operating software and apps. In conjunction with the growth in connections among online services, there has been a rise in opportunities for hackers to exploit security flaws.

Submitted by Gregory Rigby on

"Attackers Can Steal NTLM Password Hashes via Calendar Invites"

"Attackers Can Steal NTLM Password Hashes via Calendar Invites"

According to security researcher Dolev Taler, a recently patched vulnerability in Microsoft Outlook that allows attackers to steal users' NTLM v2 hashes can be exploited by adding two headers to an email containing a specially crafted file. NTLM v2, the latest version of the NTLM cryptographic protocol, is used by Microsoft Windows to authenticate users to remote servers through password hashes. Taler and his colleagues from Varonis Threat Labs discovered two new ways attackers can obtain users' NTLM v2 hashes and apply them for offline brute-force or authentication relay attacks.

Submitted by Gregory Rigby on
Subscribe to