UK police have recently arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the National Crime Agency, in coordination with the United States Federal Bureau of Investigation (FBI), to make the arrest.  The authorities have seized the suspect's digital devices, which will be investigated for further evidence.

Two members of the infamous LockBit gang recently pleaded guilty in court in the United States over their roles in deploying ransomware against organizations in the US and worldwide.  In early May, the US announced charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, also known as LockBitSupp, LockBit, and putinkrab, allegedly the mastermind behind the RaaS.  The US government is offering a reward of $10 million for information on Khoroshev, who is estimated to have made over $100 million from the LockBit operation.

Officials with the Superior Court of Los Angeles County have announced that a ransomware attack has shut down the computer system of the largest trial court in the country.  The officials noted that the cyberattack began early Friday and is not believed to be related to the faulty CrowdStrike software update.  The court disabled its computer network systems upon discovery of the attack.  According to the officials, a preliminary investigation shows no evidence that users’ data was compromised.

According to Sophos, the energy and water infrastructure sectors' median ransomware recovery cost has quadrupled to $3 million in a year. Sophos surveyed 5,000 cybersecurity and Information Technology (IT) leaders in 15 industries and 14 countries. Ransomware attacks were second-highest in the energy and water sectors in 2024, with 67 percent of organizations reporting ransom demands, compared to 59 percent across all sectors. This article continues to discuss findings regarding ransomware recovery in the energy and water sectors.

ESET researchers discovered an adware module that appears to block ads and malicious websites but stealthily offloads a kernel driver component that lets attackers run arbitrary code with elevated permissions on Windows hosts. The malware's name, "HotPage," stems from the installer "HotPage.exe." According to ESET researcher Romain Dumont, the installer launches a driver that injects code into remote processes and two libraries that can intercept and tamper with browsers' network traffic. This article continues to discuss findings regarding the HotPage malware.

According to researchers at Wiz, SAP AI Core, a platform for developing, training, and running Artificial Intelligence (AI) services, has several vulnerabilities. The flaws bring further attention to risks associated with tenant isolation in AI infrastructure. An investigation into SAP AI Core showed that attackers could execute arbitrary code, enabling them to access sensitive customer data and cloud credentials. This breach could allow malicious actors to manipulate internal artifacts, affecting related services and customer environments.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A cybercriminal gang, tracked by researchers as "Revolver Rabbit," has registered over 500,000 domain names for infostealer campaigns targeting Windows and macOS systems. The threat actor uses Registered Domain Generation Algorithms (RDGAs). The use of this automated method enables the registration of multiple domain names at once. This article continues to discuss findings regarding the Revolver Rabbit cybercriminal group.

According to a new report from the Department of Homeland Security's (DHS) Office of Inspector General (IG), the Coast Guard lacks staffing, training, authority, and cyber expertise to secure the US maritime supply chain. The report notes that since 2021, Coast Guard "Cyber Protection Teams" (CPTs) have offered free cybersecurity help to organizations in the Maritime Transportation System (MTS), but only 36 percent have taken advantage.

"OilAlpha," a likely pro-Houthi threat group, used Android spyware to steal data from at least three humanitarian organizations in Yemen. According to Recorded Future's Insikt Group, the attacks involve new malicious mobile apps with their own supporting infrastructure. This article continues to discuss findings regarding OilAlpha's operations.

THN reports "Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware"

Submitted by grigby1