The list of Advanced Persistent Threat (APT) actors against which telecommunications companies must secure their data and networks now includes an additional sophisticated adversary. The new threat called "Sandman" is a group of unknown origin that emerged in August and has been using LuaJIT, a high-performance, just-in-time compiler for the Lua programming language, to deploy a novel backdoor. Researchers at SentinelOne are tracking the backdoor as "LuaDream" after spotting it in attacks against telecommunications companies in the Middle East, Western Europe, and South Asia.

The SoS Reviews and Outreach highlights some of the exciting research, news, and events that impact our technical community.

Subscribe to the SoS R&O

Pub Crawl Archive

The Pub Crawl section contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security (SoS) community.

The secure-by-design white paper from the US Cybersecurity and Infrastructure Security Agency (CISA) outlines three fundamental principles for software manufacturers: accept responsibility for customer security outcomes, embrace radical transparency, and lead security transformations from the top of the organization. Solutions to the issue of memory unsafety will include all three of these principles. CISA calls on software manufacturers to prioritize reducing and eventually eliminating memory safety vulnerabilities in their product lines.

Cybersecurity advisories issued by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) indicate that a specific threat warrants the immediate attention of organizations in the line of fire. This appears to be the case with "Snatch," a Ransomware-as-a-Service (RaaS) operation that has been active since at least 2018 and is the subject of a warning issued by two agencies this week.

The Science of Security 5 Hard Problems

The Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gauge progress. These 5 were selected for their level of technical challenge, their potential operational significance,  and  their  likelihood  of  benefiting  from emphasis  on scientific  research  methods and improved measurement capabilities.

Unknown threat actors have published a fake proof-of-concept (PoC) exploit for CVE-2023-4047, a recently patched Remote Code Execution (RCE) flaw in WinRAR, in order to spread the VenomRAT malware. On August 17, 2023, Trend Micro's Zero Day Initiative disclosed the RCE vulnerability that allowed threat actors to execute arbitrary code on affected installations of WinRAR. Four days after the public disclosure of the vulnerability, the attacker seized the opportunity to publish a fake PoC on GitHub. The fake PoC is based on publicly available PoC code for a GeoServer SQL injection flaw.

Pizza Hut Australia recently announced that 190,000 customer's data had been accessed.  The information unauthorized entities accessed included customers' names, delivery addresses, email addresses, phone numbers, and order histories.  Pizza Hut's Australian operation told customers it learned of the incident in early September and described it as "unauthorized third party" access to a subset of its data.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to security researchers at Norton, scams involving human manipulation comprised 75% of all desktop threats in the first half of 2023. In the first half of 2023, the researchers saw a rise in three particular scams: E-shop scams, Sextortion scams, and Tech Support Scams. E-shop scams are where fake online stores are created to lure shoppers with popular products offered at huge discounts. However, the product is never delivered, and scammers exit with the victim's card details and payment.