The National Security Agency has published their 2023 Cybersecurity Year in Review!

In an effort to be more transparent, the National Security Agency publishes an annual year in review sharing information regarding cybersecurity efforts that better equipped U.S. defenses against high priority cyber threats. NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services.

Researchers at the University of Missouri are developing a Virtual Reality (VR) platform named "USucceed" to help teach cybersecurity to people with autism, dyslexia, attention deficit disorders, and other neurodevelopmental differences. Noah Glaser, an assistant professor and director of the Information Experience Laboratory in Mizzou's College of Education and Human Development, explained that the platform serves two critical functions, the first of which aims to meet the growing demand for a skilled cybersecurity workforce.

Cybersecurity researchers at the Georgia Institute of Technology (Georgia Tech) seek to identify "abnormal" and "illogical" control system commands suggesting the presence of insider threats or malicious attackers. They are doing so by gaining further insight into what are considered "normal" operations within electric power systems. Understanding normal operations and detecting suspicious activities will rely on using Artificial Intelligence (AI) to understand what the complex grid systems usually do and to identify actions that logically should not happen.

Researchers at North Carolina State University are conducting a project to raise awareness among young students about the safety risks that come with being online, as well as prepare elementary school teachers to teach cybersecurity topics. The project, funded by a National Science Foundation (NSF) DRK-12 grant and conducted in collaboration with the University of Delaware, will develop and test a professional development program that will support teachers in integrating cybersecurity lessons into fourth and fifth-grade math and science instruction.

Researchers at watchTowr showed the ability to seize part of the Internet's infrastructure for just $20, bringing attention to the fragility of the trust and cybersecurity mechanisms that organizations and users depend on. While looking for Remote Code Execution (RCE) vulnerabilities in WHOIS clients, the researchers found that the WHOIS server for the .mobi Top Level Domain (TLD) (for mobile-optimized sites) had migrated years ago from "whois.dotmobiregistry.net" to "whois.nic.mobi".

Apple has patched its Vision Pro Mixed Reality (MR) headset after researchers showed that an attacker could track a user's eyes to infer what they are typing. Vision Pro users can type by using a virtual keyboard and looking at each of the keys they want to press. "GAZEploit," an attack method shown by a team of researchers from the University of Florida and Texas Tech University, can be used to guess what a Vision Pro user is typing by tracking their avatar's eye movement. This article continues to discuss Apple's patching of Vision Pro following researchers' GAZEploit demonstration.

Researchers at Cleafy found a new variant of the Android banking trojan called "TrickMo" that can evade analysis and display fake login screens to steal victims' banking credentials. According to Cleafy, the new capabilities involve using malformed ZIP files together with JSONPacker. The application is installed via a dropper app with the same anti-analysis mechanisms. This article continues to discuss findings regarding the new variant of TrickMo.

One of the most dangerous ransomware groups, "Scattered Spider," has been using its clever social engineering approach to launch targeted, sophisticated phishing attacks against financial and insurance companies to steal high-level cloud permissions and deliver ransomware. Scattered Spider has been conducting smishing and vishing attacks to target the accounts of Information Technology (IT) service desk administrators and other high-privileged accounts.

According to the Select Committee on the Chinese Communist Party (CCP) and House Committee on Homeland Security, US seaports are dangerously dependent on Chinese cranes, which could threaten US port infrastructure security. A new joint report by the two committees focuses on Shanghai Zhenhua Heavy Industries (ZPMC), a company owned and controlled by the People's Republic of China (PRC) that operates about 80 percent of US Ship-to-Shore (STS) port cranes.