Sygnia reports that a Chinese state-sponsored threat actor dubbed "Velvet Ant" used a legacy F5 BIG-IP appliance to access a victim organization's network for three years. The threat actor used multiple mechanisms to gain a foothold in the organization's network. The cybersecurity company notes that this threat actor had infiltrated the organization's network at least two years before the investigation, gaining a strong foothold and gathering intelligence about it. Velvet Ant has used different tools and techniques to compromise critical systems and access sensitive data.

Rochester Institute of Technology (RIT) researchers created CTIBench, the first benchmark designed for assessing the performance of Large Language Models (LLMs) in Cyber Threat Intelligence (CTI) applications. The researchers emphasized that LLMs could revolutionize CTI by improving security analysts' ability to process and examine massive amounts of unstructured threat and attack data, as well as use more intelligence sources. However, they add that LLMs are vulnerable to hallucinations and text misunderstandings, especially in technical fields.

A team of researchers from Seoul National University, Samsung Research, and the Georgia Institute of Technology revealed a new speculative execution attack called "TikTag" targeting a hardware security feature in Arm CPUs. TikTag enables attackers to bypass protections. The researchers demonstrated the attack on the Memory Tagging Extension (MTE), a security feature introduced with the 8.5-A architecture that detects memory corruption.

Truist Bank has recently confirmed that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.  A threat actor known as Sp1d3r is selling what they claim is stolen data containing information belonging to 65,000 employees for $1 million.  The threat actor claims that the data for sale includes bank transactions with names, account numbers, balances, and source codes for Truist Bank's Interactive Voice Response (IVR) automated phone system for transferring funds.

In a new study conducted by researchers at Salt Security, 250 respondents were pooled across various job responsibilities, industries, and company sizes globally to compile a new report titled "State of API Security Report 2024." The researchers found that digital transformation projects appear to be accelerating faster than organizations' efforts to secure them, with nearly a quarter (23%) admitting they suffered a breach via production APIs last year.

Security researchers at Insikt Group recently observed a widespread malicious campaign targeting cryptocurrency users and involving Vortax, a fake virtual meeting software.  Vortax has a presence on social media and is marketed as a cross-platform and in-browser enterprise-focused alternative to other video chat services that leverages artificial intelligence to generate meeting summaries and action items and suggest questions or comments with its “MeetingGPT” product.

Texas-based insurance company Globe Life recently announced that it is investigating a data breach impacting the information of consumers and policyholders.  Globe Life said it launched an investigation into “potential vulnerabilities related to access permissions and user identity management for a company web portal” after an inquiry from a state insurance regulator.  The company noted that the probe showed that the vulnerabilities likely allowed unauthorized access to consumer and policyholder information.  It’s unclear what type of data may have been compromised.

Los Angeles County Department of Public Health (DPH) has recently disclosed a data breach impacting more than 200,000 individuals.  The incident took place between February 19 and 20, 2024, and was caused by an attacker gaining the login credentials of 53 Public Health employees through a phishing email.

Apple recently announced its new "Apple Intelligence" system, which it is integrating into its products.  Most large language models are run on remote, cloud-based server farms, so some users have been reluctant to share personally identifiable and/or private data with AI companies.  Apple says that its new system will use a new "Private Cloud Compute" to ensure any data processed on its cloud servers is protected in a transparent and verifiable way.  According to Apple, "a brand new standard for privacy and AI" is achieved through on-device processing.

According to security researchers at Volexity, a newly discovered Linux malware dubbed "DISGOMOJI" uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India.  The malware is believed to be linked to a Pakistan-based threat actor known as "UTA0137."  The researchers noted that the malware is similar to many other backdoors/botnets used in different attacks, allowing threat actors to execute commands, take screenshots, steal files, deploy additional payloads, and search for files.