IEEE Cipher --- Items from security-related news (E188)
Prior news summaries from Cipher
Summary:
The RSAC Conference these days is not just an annual cybersecurity
conference but a company that supports many other events and
initiatives. Its new CEO is poised to take it further in
supporting "next generation AI-driven cyber companies."
Jen Easterly previously led the DHS Cybersecurity and Infrastructure Security Agency, but her association with initiatives to identify election misinformation efforts by foreign actors led her afoul of the current administration. The RSAC position is one where she will continue her trust building and collaboration acumen.
Summary:
A huge collection of user credentials was exposed recently. It had
been sitting, unencrypted, unprotected, on an obscure server. The
researcher who found it watched as more data was added, showing that
it was being accumulated actively. The likely source of the data
was malware in the form of keyloggers, though no actual source or
usage was found before the hosting provider removed it.
The article summarizes the situation in this way:
"So, to reiterate, this is not a new breach; it impacts multiple
services, and is most likely a compilation of existing compromised
credentials. Gmail just happens to be the one that is featured most,
by some margin, within it. So don’t panic, but do ensure you have
unique passwords and ideally make use of the Google passkey function
instead."
Summary:
The DHS Cybersecurity and Infrastructure Security Agency has a
valuable catalog of exploited vulnerabilities and exposures that
security professionals should follow diligently. For example,
on January 26, five new exploits were added:
In previous years, descriptions of exploits might have been more readily available. The catalog listings are important, but actual damage done by the problem software is also valuable.
Summary:
This article has a short discussion of new catalog entries in the CISA
list of exploited vulnerabilities. It is interesting to note that one
of the, CVE-2025-54313, refers to a supply chain attack first noted in
July of 2025.
Summary:
Although malware is often based on tried-and-true techniques, once
in a while something new comes along. Researchers at cybersecurity
companies have noticed a ransomware code base called OSIRIS being exploited
through corrupted drivers, and that may indicate that there are
new players in the ransomware development dens. It interesting
to note that the corrupted driver problem first surface a few
years ago with the
POORTRY software, a Windows kernel driver that
was signed with Microsoft keys. It is still circulating and
delivering malware.
The article also contains summaries of which malicious software groups are currently the most active how they are related. For example, "LockBit (aka Syrphid), which partnered with DragonForce and Qilin in October 2025". Maybe an IPO is in the works?