Brief articles on current cybercriminal activities. They are indexed below.

Air Canada recently announced that the personal information of some employees was accessed in a recent cyberattack.  Canada’s national airline announced that a threat actor obtained limited access to one of its internal systems that contained “limited personal information of some employees and certain records  .”Air Canada noted that the incident did not impact its flight operations systems.  Furthermore, the company says, customer facing systems were not accessed, and no customer information was compromised in the attack.

Atlassian and the Internet Systems Consortium (ISC) have disclosed multiple security vulnerabilities in their products that could be exploited for Denial-of-Service (DoS) and Remote Code Execution (RCE). The four high-severity flaws were addressed in new versions shipped last month. The vulnerabilities include a deserialization flaw in the Google Gson package that affects Patch Management in Jira Service Management Data Center and Server, a DoS flaw in Confluence Data Center, and more.

Researchers have found a multi-step information-stealing campaign in which hackers infiltrate the systems of hotels, booking sites, and travel agencies, and then use their access to take customers' financial data. By using this indirect method and a fake Booking[.]com payment page, cybercriminals have discovered a way to collect credit card information with a significantly higher success rate. This article continues to discuss the hackers' campaign involving the use of a fake Booking[.]com payment page.

According to Coalition, the frequency of cyber insurance claims rose by 12 percent in the first half of 2023. Early in 2023, Coalition discovered that the frequency and severity of business claims increased across all revenue bands. Companies with revenues greater than $100 million experienced the most significant increase (20 percent) in the number of claims, as well as greater losses from attacks. According to Coalition's report, ransomware claims in the first half of 2023 increased by 27 percent from the second half of 2022.

The list of Advanced Persistent Threat (APT) actors against which telecommunications companies must secure their data and networks now includes an additional sophisticated adversary. The new threat called "Sandman" is a group of unknown origin that emerged in August and has been using LuaJIT, a high-performance, just-in-time compiler for the Lua programming language, to deploy a novel backdoor. Researchers at SentinelOne are tracking the backdoor as "LuaDream" after spotting it in attacks against telecommunications companies in the Middle East, Western Europe, and South Asia.

The SoS Reviews and Outreach highlights some of the exciting research, news, and events that impact our technical community.

Subscribe to the SoS R&O

Pub Crawl Archive

The Pub Crawl section contains bibliographical citations, abstracts if available, links on specific topics, and research problems of interest to the Science of Security (SoS) community.

The secure-by-design white paper from the US Cybersecurity and Infrastructure Security Agency (CISA) outlines three fundamental principles for software manufacturers: accept responsibility for customer security outcomes, embrace radical transparency, and lead security transformations from the top of the organization. Solutions to the issue of memory unsafety will include all three of these principles. CISA calls on software manufacturers to prioritize reducing and eventually eliminating memory safety vulnerabilities in their product lines.

Cybersecurity advisories issued by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) indicate that a specific threat warrants the immediate attention of organizations in the line of fire. This appears to be the case with "Snatch," a Ransomware-as-a-Service (RaaS) operation that has been active since at least 2018 and is the subject of a warning issued by two agencies this week.