Multiple attackers are currently exploiting a Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, tracked as CVE-2024-21893. On January 31, 2024, Ivanti first warned about the flaw in the gateway's Security Assertion Markup Language (SAML) components, assigning it a zero-day status for limited active exploitation and affecting a small number of customers. Exploiting the flaw enabled attackers to bypass authentication and gain access to restricted resources on vulnerable devices.

Three faculty members from UC San Diego's Department of Computer Science and Engineering (CSE) are some of the first academic researchers worldwide to receive Google's Trust and Safety Research Award. Google selected CSE professors Taylor Berg-Kirkpatrick and Stefan Savage for a collaborative proposal that combines their expertise in Natural Language Processing (NLP) and cybersecurity. The researchers plan to use Large Language Models (LLMs) to gain insight into digital fraudster behavior by experimenting with chatbots as honeypots.

Mastodon, the free and open-source decentralized social networking platform, has recently fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.  The platform became popular after Elon Musk acquired Twitter and now boasts nearly 12 million users spread across 11,000 servers.  Servers on Mastodon are autonomous but interconnected (through a system known as "federation") communities that have their own guidelines and policies, controlled by owners who provide the infrastructure and act as administrators of their servers.

Law enforcement in 50 countries recently arrested 31 individuals in a global operation targeting ransomware, banking malware, and phishing.  Named Synergia and running from September to November 2023, the operation resulted in the identification of more than 1,300 suspicious command-and-control (C&C) servers, 70% of which have been taken down.  The Interpol-led operation extended to the APAC, EMEA, and other regions, involving 60 law enforcement agencies across 50 participating countries.

Two new regulatory filings have revealed the surging costs associated with ransomware and other cyber-related incidents.  Clorox had a major operational disruption in an attack discovered on August 14 last year, forcing it to revert to manual ordering and processing.  A new SEC filing late last week revealed expenses associated with the incident of $49m in the six months to December 31, 2023.

Escape's security research team conducted a scan of 189.5 million URLs and discovered the exposure of over 18,000 Application Programming Interface (API) secrets. Forty-one percent of the exposed secrets were highly critical, which could pose financial risks to organizations. Hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks have all been exposed.

Resecurity identified malicious actors selling a large number of AnyDesk customer credentials on the dark web. This credential leak is suspected to be the result of infostealer infections. The leaked information could be of significant value to both Initial Access Brokers (IABs) and ransomware groups familiar with AnyDesk, which is one of the tools often used after successful network intrusions.

There has been little research on how to run a password update campaign efficiently and with minimal Information Technology (IT) costs. Therefore, a team of computer scientists at the University of California, San Diego, collaborated with the campus' IT Services to analyze the messaging for a campuswide mandatory password change that affected nearly 10,000 faculty and staff members. Email notifications to update passwords yielded diminishing returns after three messages.

Gartner analysts predict that deepfakes, which are Artificial Intelligence (AI)-generated replicas of a person's likeness, will lower confidence in face biometric authentication solutions for 30 percent of companies by 2026. According to Akif Khan, VP analyst at Gartner, face-based identity verification and authentication systems will struggle to catch up with AI imitations as they become more realistic and easy to generate. Currently, most face biometric solutions rely on Presentation Attack Detection (PAD) to determine the "liveness" of a person trying to authenticate using their face.

Hydropower, one of the oldest forms of energy generation in the US, makes up 6 percent of the country's electricity supply. However, as the country continues to modernize the electric grid, hydropower, like other technologies, is increasingly relying on digital control systems, thus calling for training and recruitment of the next generation of cybersecurity experts. Pacific Northwest National Laboratory (PNNL) has launched the Training Outreach and Recruitment for Cybersecurity in Hydropower (TORCH) program at the University of Texas at El Paso (UTEP).