A project led by the University of Wollongong (UOW) to improve security measures for Unmanned Aerial Vehicles (UAVs), such as drones, against adversarial Machine Learning (ML) attacks has been funded by the Australian Research Council (ARC) Linkage Projects Scheme. The project is in alignment with the Australian Government's strategy to promote and protect critical and emerging technologies.

Zero-Knowledge Proof (ZKP) is a cryptographic tool that enables the verification of validity between mutually untrusted parties without disclosing additional information. Non-Interactive Zero-Knowledge Proof (NIZKP) is a ZKP variant that does not require multiple information exchanges. Therefore, NIZKP is used in the digital signature, blockchain, and identity authentication fields. Since a true random number generator is challenging to implement, deterministic pseudorandom number algorithms are often used as a substitute, but this method has potential security vulnerabilities.

A cyberattack recently targeted an organization that manages wastewater for nine million people in and around Paris. Water authorities have long been a target for ransomware gangs looking to hit critical services that hold sensitive customer information. For example, in May, an Italian company that provides drinking water to almost half a million people experienced some technical disruptions as a result of a ransomware attack, and a water utility in Porto, Portugal's second-largest city, faced its own ransomware attack in February.

Cybersecurity experts with Lancaster University's Cyber Works program have created a dynamic and informative cybersecurity animation designed to provide farmers with free knowledge about securing their farms in a digital world. Farmers increasingly rely on digital equipment connected to the Internet, whether it is for milking livestock, automated crop irrigation systems, or the storage of commercially sensitive data about production yields.

According to the cybersecurity analyst Adlumin, the Russian-affiliated Play ransomware gang is now offering its services for sale. The group, which is believed to have launched multiple attacks on targets since last year, has joined the growing Ransomware-as-a-Service (RaaS) trend. Cybercriminals are increasingly finding it just as profitable to hire out their toolkits to other threat actors.

The Canadian government recently announced that information pertaining to its employees, military, and police personnel was exposed in a data breach at third-party service providers.  The incident involved Brookfield Global Relocation Services (BGRS) and Sirva Canada, two moving and relocation services firms contracted by the Canadian government to provide relocation support to employees.  The government learned of the data breach on October 19.

The chief operating officer (COO) of a US network security firm has recently pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company.  Securolytics executive Vikas Singla admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia.  The incidents, which took place in September 2018, began when Singla modified the configuration files of GMC Duluth hospital’s ASCOM phone system, rendering over 200 handsets inoperable.

A lure file with the ZPAQ compression format is being used to deliver a new Agent Tesla malware variant to gather data from several email clients and about 40 web browsers. Agent Tesla, which first appeared in 2014, is a keylogger and Remote Access Trojan (RAT) written in .NET that is offered to other threat actors via a Malware-as-a-Service (MaaS) model. According to G Data malware analyst Anna Lvova, ZPAQ is a file compression format with a better compression ratio and journaling function than popular formats such as ZIP and RAR.

Attackers are exploiting a recently patched vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on Linux systems. Apache ActiveMQ is a popular Java-based open-source message broker that facilitates communication between applications and services by translating messages sent via different protocols such as OpenWire, STOMP, MQTT, and more. The vulnerability in the Java OpenWire protocol marshaller could enable attackers to execute arbitrary code with the same privileges as the ActiveMQ server.

The ransomware hunter PCrisk discovered a new Phobos ransomware variant that attempts to frame the popular VX-Underground malware-sharing collective. Phobos emerged in 2018 as a Ransomware-as-a-Service (RaaS) derived from the Crysis ransomware family. A group of threat actors manages the development of the ransomware and holds the master decryption key, while other threat actors serve as affiliates to infiltrate networks and encrypt devices. This article continues to discuss the new Phobos ransomware variant trying to frame the VX-Underground community.