The cyber espionage group Winter Vivern exploited a now-patched zero-day vulnerability in the open-source webmail service Roundcube to steal emails from European government entities and think tanks. It is believed that the Russia- and Belarus-aligned Winter Vivern, also known as TA473, has been active since 2020. The group has a history of spying on European and Central Asian governments. Winter Vivern has exploited vulnerabilities in the Zimbra and Roundcube email servers. Researchers from ESET observed the group using a cross-site scripting (XSS) vulnerability in its most recent attacks.

Reflectiz, an advanced website security solution provider, has released a case study highlighting a scenario involving forgotten pixels on websites that could have impacted any industry. The case study focuses on an overlooked and misconfigured pixel associated with a top global healthcare provider. This forgotten piece of code collected private user information without user consent, potentially exposing the company to significant fines and reputational damage. This article continues to discuss the case study on the risks of forgotten pixels on websites.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Google recently announced several initiatives meant to improve the safety and security of AI, including a bug bounty program and a $10 million fund.  Google noted that the new vulnerability reporting program (VRP) will reward researchers for finding vulnerabilities in generative AI to address concerns such as the potential for unfair bias, hallucinations, and model manipulation.

Cloudflare reports that the number of hyper-volumetric HTTP Distributed Denial-of-Service (DDoS) attacks recorded in the third quarter of 2023 exceeds all previous years. A report from Cloudflare reveals that during the third quarter of 2023, the Internet company mitigated thousands of hyper-volumetric HTTP DDoS attacks. More than 89 of these attacks surpassed 100 million requests per second (rps). The largest attack peaked at 201 million rps, three times larger than the previous record in February 2023.

The US Cybersecurity and Infrastructure Security Agency (CISA) wants feedback on its analysis or approaches in "Software Identification Ecosystem Option Analysis," a white paper outlining a community goal for a more harmonized software identification ecosystem that can be used across the global software space for all important cybersecurity use cases.

According to researchers from American and German universities, the A- and M-Series processors used in Apple's mobile devices and PCs contain a flaw that makes it easy for hackers to access sensitive data. The researchers refer to the flaw as iLeakage, which is a side-channel vulnerability. In side-channel attacks, information becomes visible using clues left in electromagnetic radiation, data caches, and other manifestations within a system. This article continues to discuss the iLeakage vulnerability.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently published a new set of online resources designed to help IT security leaders in the healthcare sector improve their organization’s security posture.  The new tools include CISA’s Cyber Hygiene Services, which use vulnerability scanning to help organizations reduce their attack surface.

Malware, believed to just be a cryptocurrency miner was, in fact, a sophisticated spy platform for Windows and Linux systems. It has already infected more than one million people. When it was first detected in 2017, StripedFly was regarded as a mainly ineffective malware for cryptocurrency mining. However, since then, it has been functioning as a complex piece of modular malware that enables attackers to gain persistence on networks, visibility over their activity, and the ability to exfiltrate credentials and other data, according to researchers.

According to GuidePoint Security, ransomware activity continued to increase in the third quarter of 2023. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15 percent rise in ransomware activity due to an increase in the number of ransomware groups, including the discovery of 10 new groups. GRIT tracked 1,353 publicly posted ransomware victims claimed by 46 different threat groups during the third quarter.