Researchers with the Maryland Cybersecurity Center (MC2) recently presented eight papers at symposiums focusing on privacy and online security. Three papers were presented at the 33rd USENIX Security Symposium, and five were presented at the Symposium on Usable Privacy and Security (SOUPS). The MC2 papers discussed privacy-related app reviews, user reactions to data access laws, password management for shared accounts, and diversity and safety in the cybersecurity community.

The US Artificial Intelligence (AI) Safety Institute at the Department of Commerce's National Institute of Standards and Technology (NIST)  announced agreements enabling formal collaboration on AI safety research, testing, and evaluation with Anthropic and OpenAI. The agreements support collaborative research on evaluating capabilities, risks, and methods to mitigate those risks.

Researchers led by Professor Isabel Wagner of the Department of Mathematics and Computer Science at the University of Basel studied the security and privacy of smart toys. The researchers investigated whether data traffic was encrypted and how well. They also looked into data protection, how easy it is for users to see what data is collected, and compliance with the EU General Data Protection Regulation (GDPR). This article continues to discuss key findings from the study "No Transparency for Smart Toys."

Gabriel Kaptchuk, a security and privacy expert and assistant professor of computer science at the University of Maryland, is at the forefront of human-centered cryptography research. Kaptchuk is developing privacy systems, focusing on a human-centered approach that takes into account how people interact with technology. According to Kaptchuk, cryptography and security are fundamentally social sciences masquerading as mathematics. This article continues to discuss Kaptchuk's research efforts in the realm of human-centered cryptography.

Security researchers Ian Carroll and Sam Curry discovered a vulnerability in a key air transport security system that enables unauthorized individuals to bypass airport security screenings and access aircraft cockpits. They found the vulnerability in FlyCASS, a third-party web-based service used by some airlines to manage the Known Crewmember (KCM) program and Cockpit Access Security System (CASS). The researchers found that the FlyCASS login system was vulnerable to SQL injection, which allows attackers insert SQL statements for malicious database queries.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued a warning regarding Iran's state-sponsored threat group "Fox Kitten" actively helping ransomware actors in attacks against organizations. The activity suggests that the threat actor is trying to monetize its access to victim networks in finance, defense, healthcare, and other industries. This article continues to discuss findings regarding the Fox Kitten group.

According to Proofpoint researchers, the Command-and-Control (C2) mechanism of a new malware campaign uses Google Sheets. The activity, detected by Proofpoint on August 5, 2024, impersonates tax authorities from Europe, Asia, and the US to target over 70 organizations worldwide through "Voldemort." This custom tool gathers information and delivers payloads. Insurance, aerospace, transportation, academia, finance, technology, and other sectors have been targeted. This article continues to discuss the new malware campaign involving the use of Google Sheets.

A social engineering campaign targeting over 130 US companies sends employees to a fake malware-laden Virtual Private Network (VPN) page, exploiting concerns about a VPN issue. According to GuidePoint Research and Intelligence Team (GRIT) researchers, the threat actor calls a user on their cell phone and poses as a help desk representative trying to fix a VPN log-in issue. If the threat actor tricks the user, they send an SMS link to a malicious VPN site that masquerades as a legitimate vendor. This article continues to discuss findings regarding the new social engineering campaign.

Researchers at Phylum have discovered a coordinated campaign involving North Korea-linked threat groups targeting the npm ecosystem. The campaign started on August 12, 2024, with the publication of malicious npm packages aimed at infiltrating developer environments and stealing sensitive data. The packages use sophisticated tactics like multi-stage obfuscated JavaScript to download additional malware from remote servers. The malware contains Python scripts and a full Python interpreter that look for data in cryptocurrency wallet browser extensions.

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint advisory on the "RansomHub" ransomware group, which is suspected of attacking the oil giant Halliburton. On August 21, Halliburton, the world's second-largest oil service company, disclosed in an SEC filing that a third party had accessed some of its systems. The incident response steps described by the company suggested a ransomware attack.