According to Sophos, the energy and water infrastructure sectors' median ransomware recovery cost has quadrupled to $3 million in a year. Sophos surveyed 5,000 cybersecurity and Information Technology (IT) leaders in 15 industries and 14 countries. Ransomware attacks were second-highest in the energy and water sectors in 2024, with 67 percent of organizations reporting ransom demands, compared to 59 percent across all sectors. This article continues to discuss findings regarding ransomware recovery in the energy and water sectors.

ESET researchers discovered an adware module that appears to block ads and malicious websites but stealthily offloads a kernel driver component that lets attackers run arbitrary code with elevated permissions on Windows hosts. The malware's name, "HotPage," stems from the installer "HotPage.exe." According to ESET researcher Romain Dumont, the installer launches a driver that injects code into remote processes and two libraries that can intercept and tamper with browsers' network traffic. This article continues to discuss findings regarding the HotPage malware.

According to researchers at Wiz, SAP AI Core, a platform for developing, training, and running Artificial Intelligence (AI) services, has several vulnerabilities. The flaws bring further attention to risks associated with tenant isolation in AI infrastructure. An investigation into SAP AI Core showed that attackers could execute arbitrary code, enabling them to access sensitive customer data and cloud credentials. This breach could allow malicious actors to manipulate internal artifacts, affecting related services and customer environments.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A cybercriminal gang, tracked by researchers as "Revolver Rabbit," has registered over 500,000 domain names for infostealer campaigns targeting Windows and macOS systems. The threat actor uses Registered Domain Generation Algorithms (RDGAs). The use of this automated method enables the registration of multiple domain names at once. This article continues to discuss findings regarding the Revolver Rabbit cybercriminal group.

According to a new report from the Department of Homeland Security's (DHS) Office of Inspector General (IG), the Coast Guard lacks staffing, training, authority, and cyber expertise to secure the US maritime supply chain. The report notes that since 2021, Coast Guard "Cyber Protection Teams" (CPTs) have offered free cybersecurity help to organizations in the Maritime Transportation System (MTS), but only 36 percent have taken advantage.

"OilAlpha," a likely pro-Houthi threat group, used Android spyware to steal data from at least three humanitarian organizations in Yemen. According to Recorded Future's Insikt Group, the attacks involve new malicious mobile apps with their own supporting infrastructure. This article continues to discuss findings regarding OilAlpha's operations.

THN reports "Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware"

Submitted by grigby1

Google has officially introduced the Coalition for Secure AI (CoSAI) to address Artificial Intelligence (AI) cybersecurity risks. Under OASIS Open, the international standards and open source consortium, CoSAI includes Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, IBM, Intel, Microsoft, and more. CoSAI will support efforts to adopt AI security standards and best practices by collaborating with the industry and academia in three main areas. This article continues to discuss the new coalition for advancing security measures for AI.

According to OpenSSF and the Linux Foundation, attackers are always finding and exploiting software vulnerabilities. However, many developers lack the necessary knowledge and skills to successfully implement secure software development. Survey findings reveal that nearly one-third of all professionals involved in development and deployment say they are unfamiliar with secure software development practices. This article continues to discuss the lack of education in secure software development and filling educational gaps with language-agnostic courses.

A suspected technical issue at cybersecurity vendor CrowdStrike is causing mass IT outages across the world, disrupting critical sectors such as airlines, banks, media and retailing.  It was noted that the issue appears to concern an update to CrowdStrike's security platform Falcon Sensor, which is impacting Microsoft Windows operating systems.  Reports suggest the affected systems are struggling to boot correctly, causing a bluescreen error to appear.