DARPA Seeks Proposals for Automating Conversion of C to Rust; DNS Poisoning Attack; AWS Using Neural Network to Identify Malicious Domains

The 5th annual Women in Cybersecurity (WiCyS) Security Training Scholarship will address the critical shortage of cyber professionals, in alignment with the Office of the National Cyber Director's National Cyber Workforce & Education Strategy. This multi-stage scholarship program, with support from key stakeholders such as Craig Newmark Philanthropies, Center for Internet Security, and Bloomberg, is noteworthy for its role in enhancing diversity, equity, and inclusion within the cybersecurity industry, providing a reliable pathway for underrepresented groups to enter the workforce. The program's success over the past four years, with more than 3,000 participants skilled and a high employment rate for final stage graduates, underscores its impact on both individual careers and the broader cyber civil defense landscape.

WiCyS Release: https://www.prweb.com/releases/women-in-cybersecurity-wicys-announces-5th-annual-security-training-scholarship-302215488.html

Center for Internet Security Grant: https://www.securityinfowatch.com/cybersecurity/press-release/55055239/center-for-internet-security-awards-250000-grant-to-support-women-in-cybersecurity-wicys

BrightTalk webcast: https://www.brighttalk.com/webcast/17216/620572

Alumna Interview: https://www.youtube.com/watch?v=Irn89o8Mr90

Applications are open through August 30: https://www.wicys.org/benefits/security-training-scholarship/

The US Defense Advanced Research Projects Agency (DARPA) has announced the TRACTOR (TRanslating All C TO Rust) project to automate converting code written in C to Rust. Dr. Dan Wallach, DARPA program manager for TRACTOR, anticipates proposals that include novel combinations of software analysis, such as static and dynamic analysis, and large language models. The program will host public competitions throughout the effort to test the capabilities of the LLM-powered solutions. DARPA will host a Proposers Day on Monday, August 26, 2024, with both in-person and virtual attendance options.

Researchers at Volexity say that a group of state-sponsored cyberthreat actors with ties to China compromised an Internet service provider (ISP) to poison DNS responses for certain organizations. The researchers determined that StormBamboo was altering DNS query responses for specific domains tied to automatic software update mechanisms.

AWS says it is using a neural network called Mithra, 'a massive internal neural network graph model É that uses algorithms for threat intelligence' to identify malicious domains. Mithra has been detected more than 180,000 on a daily basis; it is also capable of predicting malicious domains days, weeks, and sometimes even months before they show up on threat intel feeds from third parties.

Rockwell Automation has released fixes to address a high severity chassis restrictions bypass vulnerability in certain Logix programmable logic controllers (PLCs). Updates are available for most affected PLCs; users of those for which a fix is not available are urged to upgrade to supported versions. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an ICS advisory. The flaw was detected by researchers at Claroty's Team 82.

The blood donation organization that suffered a ransomware attack in late July says they are starting to bring critical systems back online; they are 'operating in a reduced capacity.' OneBlood serves hospitals in several southeastern US states. On August 1, the American Hospital Association (AHA) and the Health Information Sharing and Analysis Center (ISAC) updated their joint threat bulletin to include the OneBlood attack. The bulletin states, 'Now that three critical third-party supply chain attacks have significantly impacted healthcare delivery in the past three months, it should serve as a wake-up call across the industry to address supply chain security and resilience.'

Authorities have seized over $41 million that was stolen from a commodities firm in Singapore in a business email compromise (BEC) attack. The thieves, impersonating a supplier, requested that a $42.3 million payment be made to an account in Timor Leste. When it became apparent that the funds had been misdirected, Singapore police contacted authorities in Timor Leste who helped recover the stolen money.

An incorrect authorization vulnerability (CVE-2024-38856) in Apache OFBiz affects versions up through 18.12.14. The flaw could be exploited to allow execution of screen rendering code. Users are urged to upgrade to OFBiz version 18.12.15 or later. Another OFBiz vulnerability (CVE-2024-32113), which was disclosed in May, has been exploited.

Researchers from Graz University of Technology in Austria have published a paper that describes 'a novel kernel exploitation technique elevating a limited heap vulnerability to an arbitrary memory read-and-write primitive.' The researchers successfully demonstrated the exploit against Linux kernel versions 5.19 and 6.2, both of which have reached end-of-life (EoL) in October 2022 and May 2023, respectively.

Microsoft has addressed an Azure outage that affected services in North and Latin America on Monday, August 5. The incident lasted roughly two hours. The entry on the Azure status page reads, 'a subset of customers experienced intermittent connection errors, timeouts, or latency while connecting to Microsoft services that leverage Azure Front Door (AFD), as a result of an issue that impacted multiple geographies. The issue was limited to internal Microsoft services hosted on AFD, and did not impact external commercial customers using AFD.' Last week, an outrage affecting Azure and Microsoft 365 services caused problems worldwide.