Johnson Controls International has recently suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations.  Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment.  According to the company, the threat actors are demanding $51 million to provide a decryptor and to delete stolen data.

Selections by dgoff

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer-reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

According to security researchers at Perception Point, Booking.com users have recently become the focus of a new, large-scale phishing campaign.  The campaign follows a methodical four-step process.  The researchers noted that to initiate their scheme, the attackers gain unauthorized access to hotel systems, effectively taking control of the hotel’s Booking.com account.  This initial breach sets the stage for their subsequent actions.  Once in control of the Booking.com account, the attackers extract the personal data of hotel guests.

According to Trend Micro, one in every six ransomware attacks against US government offices was linked to the LockBit ransomware group. Ransomware victims grew by 47 percent from the second half of 2022. Jon Clay, vice president of threat intelligence at Trend Micro, emphasized that threat actors continue to advance, target more victims, and cause financial and reputational harm. Trend Micro noted the shift in focus among ransomware threat actors from "big game" targets to smaller organizations that they believe are less well-defended.

The researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have disclosed details of an exploit they created that combines the vulnerabilities to enable Remote Code Execution (RCE) on impacted servers. Separately, another security researcher published proof-of-concept (POC) code for one of the SharePoint vulnerabilities on GitHub, demonstrating how an attacker could exploit the flaw to gain admin privileges on vulnerable systems. One of the vulnerabilities, tracked as CVE-2023-29357, is an elevation of privilege flaw in SharePoint Server 2019.

According to data from NCC Group, LockBit 3.0 was responsible for the most ransomware attacks in August of this year. Of the month's 390 ransomware attacks, 125 were carried out by LockBit 3.0 hackers, representing a 150 percent increase from July. ALPHV/BlackCat ranks second with 41 ransomware attacks, followed by 8base in third with 32 ransomware attacks. In August, the new ransomware gang Akira came in fourth place. This article continues to discuss other key findings from NCC Group's August Threat Pulse report.

Google has recently rushed to patch another Chrome zero-day vulnerability exploited by a commercial spyware vendor.  Google announced that Chrome for Windows, macOS, and Linux has been updated to version 117.0.5938.132.  The latest update patches 10 vulnerabilities, three of which have been highlighted by the company in its advisory.

According to a new peer-reviewed study by researchers from Miami University and Kent State University, remote employees tend to be more aware of cybersecurity threats and more likely to take preventative measures than those who spend most of their time in a physical office. Their findings are based on Amazon Mechanical Turk survey data collected from 203 participants who recently switched to full-time remote work, as well as 147 in-office employees from various US organizations.

The Department of Energy's (DOE) Oak Ridge National Laboratory (ORNL) has announced the establishment of the Center for Artificial Intelligence (AI) Security Research (CAISER) to address existing threats as governments and industries worldwide adopt AI to take advantage of the data processing, operational efficiencies, and decision-making advantages it promises.

Cybersecurity experts warn that the scope of a previously disclosed vulnerability impacting various web applications is broader than initially reported. Last week, Google disclosed a vulnerability affecting its Chrome web browser, which was initially tracked as CVE-2023-4863. Before researchers delved deeper into the matter and traced the vulnerability to the open-source libwebp library, other browsers began to issue warnings about the issue.