Artificial Intelligence (AI)-driven social engineering attacks are reshaping the threat landscape. AI has emerged as a significant tool for manipulation, helping to stage attacks with precision and personalization far exceeding the capabilities of its human predecessors. The ability to digest and interpret large datasets and learn from them is at the heart of AI and Machine Learning (ML). Targeting and personalization at scale are some of the goals of cybercriminals.

A team of researchers from CyLab-Africa and the Upanzi Network recently collaborated with Approov, a mobile security provider, to analyze the security of popular financial services apps used across Africa. A survey of 224 popular financial apps revealed that 95 percent of these Android apps exposed secrets. These secrets could be used to reveal personal and financial information. The discovered security flaws have the potential to impact about 272 million users. This article continues to discuss the study aimed at understanding the security of mobile apps in Africa.

A Georgia Tech researcher successfully bypassed security measures on Apple's latest MacBook Pro equipped with the M3 processor chip in order to get his fictitious target's Facebook password and second-factor authentication text. Jason Kim, a Ph.D. student, demonstrated how the recently discovered iLeakage side-channel exploit remains a genuine threat to Apple devices, regardless of how updated their software is.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A CACTUS ransomware campaign has been spotted gaining a foothold in targeted environments by exploiting previously discovered security holes in the cloud analytics and business intelligence platform Qlik Sense. According to Arctic Wolf researchers Stefan Hostetler, Markus Neis, and Kyle Pagelow, this is the first documented instance of threat actors deploying CACTUS ransomware, exploiting vulnerabilities in Qlik Sense for initial access.

FjordPhantom, a new Android malware, was discovered using virtualization to execute malicious code in a container and avoid detection. Promon discovered the malware, which is currently spreading via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia. Victims are tricked into downloading what seem to be legitimate banking apps but contain malicious code that runs in a virtual environment to attack the real banking app. FjordPhantom's goal is to steal online banking credentials and manipulate transactions through on-device fraud.

Following news that Iran-linked attackers had taken control of a Programmable Logic Controller (PLC) at a water system facility in Pennsylvania, a public alert was published by the Cybersecurity and Infrastructure Security Agency (CISA) urging other water authorities to secure their PLCs immediately. The cyber threat actors most likely gained access to the affected device, a Unitronics Vision Series PLC with a Human Machine Interface (HMI), by exploiting cybersecurity vulnerabilities such as poor password security and Internet exposure, according to CISA.

Marco Liberale, a 13-year-old from Saudi Arabia, recently presented on navigating ransomware at the Black Hat Middle East and Africa conference. He taught himself lockpicking at the age of three, Python coding at the age of five, and malware writing shortly after. Liberale's presentation was praised, particularly by researcher and Boom Supersonic CISO Chris Roberts, who pointed out that Liberale demonstrated how to write, build, design, and launch ransomware. He also showed how to protect systems from being taken over by it.

American office supply retailer Staples took down some of its systems on November 27th after a cyberattack to contain the breach's impact and protect customer data.  Staples operates 994 US and Canada stores and 40 fulfillment centers for nationwide product storage and dispatch.  The company noted that the response measures disrupted its business operations, specifically the backend processing and product delivery.

The US Department of the Treasury recently announced sanctions against cryptocurrency mixer Sinbad for laundering stolen cryptocurrency for the North Korean state-sponsored hacking group Lazarus.  Sinbad, the Treasury says, is the preferred mixing service for Lazarus and is responsible for laundering millions of dollars in stolen cryptocurrency for the nation state threat actor.  Sinbad operates on the Bitcoin blockchain, and the mixer obfuscates illicit transactions' origin, destination, and counterparties.