The National Security Agency has published their 2023 Cybersecurity Year in Review!

In an effort to be more transparent, the National Security Agency publishes an annual year in review sharing information regarding cybersecurity efforts that better equipped U.S. defenses against high priority cyber threats. NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services.

A new version of "BiBi Wiper" malware deletes the disk partition table, making data restoration harder and prolonging victim downtime. BiBi Wiper attacks on Israel and Albania are linked to "Void Manticore," also tracked as Storm-842, an Iranian hacking group suspected of being affiliated with Iran's Ministry of Intelligence and Security (MOIS). Security Joes discovered BiBi Wiper in October 2023, and Israel's CERT warned in November 2023 of large-scale offensive cyber operations involving it against critical organizations.

IBM X-Force warns of a new "Grandoreiro" banking Trojan campaign. After a January law enforcement takedown, the Grandoreiro banking Trojan operators resumed operations. The recent campaign targeted more than 1,500 banks in over 60 countries in Central and South America, Africa, Europe, and the Indo-Pacific. Grandoreiro, a modular backdoor, is capable of keylogging, command execution, imitating mouse movements, and more. This article continues to discuss findings regarding the new Grandoreiro banking Trojan campaign.

Four popular generative Artificial Intelligence (AI) chatbots are vulnerable to basic jailbreak attempts, according to UK AI Safety Institute (AISI) researchers. The UK AISI conducted tests to assess cyber risks associated with these AI models. They were found to be vulnerable to basic jailbreak techniques, with the models producing harmful responses in 90 percent to 100 percent of cases when the researchers repeated the same attack patterns five times. This article continues to discuss the research on bypassing Large Language Model (LLM) protections.  

The American Radio Relay League (ARRL) has recently been targeted in a cyberattack that resulted in service disruptions and possibly a data breach. The ARRL is the United States’ national association for amateur radio. The ARRL says it has 100 full-time and part-time staff members, and roughly 160,000 members. The ARRL informed members on Thursday, May 16, that it had been in the process of responding to a “serious incident” involving access to its network and headquarter systems.

The Department of Justice (DoJ) recently announced charges, seizures, arrests, and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the DoJ, North Korea has dispatched thousands of skilled IT workers around the world. These workers stole the identities of people living in the United States and leveraged them to get jobs at more than 300 companies.

A team of experts, including researchers from Monash University, have developed a method for implementing quantum-safe digital signatures significantly faster, making online transactions quicker and safer. The study developed a much faster way to implement Falcon, a post-quantum digital signature scheme, for Graphic Processing Units (GPUs).

A new paper led by UC Santa Cruz researchers explores two pieces of malware that attempted to cause blackouts in Ukraine. The paper presents the first study of how the "Industroyer One" and "Industroyer Two" malware attacks operated and interacted with physical power system equipment. The Five Eyes intelligence alliance, including Australia, Canada, New Zealand, the UK, and the US, attributed both attacks to Russia's military intelligence agency, the GRU. This article continues to discuss the study of the Industroyer attacks. 

RunZero has highlighted gaps and trends in enterprise infrastructure, including network segmentation decay, attack surface management issues, and increasing dark matter on modern networks.

A Remote Access Trojan (RAT) called "Deuterbear" has been used by the China-linked "BlackTech" hacking group in a cyber espionage campaign targeting the Asia-Pacific region this year. Trend Micro researchers found that Deuterbear supports shellcode plugins, avoids handshakes for the RAT operation, and uses HTTPS for Command-and-Control (C2) communication. This article continues to discuss findings regarding BlackTech and its use of the Deuterbear RAT.