Phishing campaigns involving Microsoft Azure and Cloudflare lures are now spreading "Latrodectus" malware. Latrodectus, also known as "Unidentified 111" and "IceNova," is a Windows malware downloader that serves as a backdoor, downloading EXE and DLL payloads or executing commands. Researchers have linked the malware to the developers of the IcedID modular malware loader. The newer malware is increasingly being used in phishing campaigns and contact form spam for initial access to corporate networks.

According to a study published by the University of Toronto's Citizen Lab, 1 billion smartphone users are exposed due to digital Chinese-language keyboards that are vulnerable to spying and eavesdropping. The discovered flaws provide a new cyberattack exploit, regardless of whether the device's keyboard is Chinese, English, or another language. Tencent's proprietary Chinese keyboard system was studied by the Citizen Lab last year.

Qantas Airways recently announced that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users. Qantas is Australia's flag carrier and the largest airline by fleet size, operating 125 aircraft and serving 104 destinations. Qantas has 23,500 employees and an annual revenue of almost $12.9 billion.

Gartner reports that 63 percent of organizations worldwide have implemented a zero trust strategy, fully or partially. This investment makes up less than 25 percent of the cybersecurity budget for 78 percent of organizations that have implemented a zero trust strategy. A fourth-quarter 2023 Gartner survey of 303 security leaders found that 56 percent of organizations were pursuing a zero trust strategy because it is considered an industry best practice.

According to the FBI, scammers stole more than $3.4 billion from older Americans last year. Losses from scams reported by Americans over the age of 60 last year were up 11% over the year before. The FBI is warning of a rise in bold schemes to drain bank accounts that involve sending couriers in person to collect cash or gold from victims. Deputy Assistant Director James Barnacle of the FBI's Criminal Investigative Division stated that it can have a devastating impact on older Americans who lack the ability to go out and make money.

Lumen's Black Lotus Labs discovered a new malware platform called "Cuttlefish" that collects public cloud authentication data from Internet traffic, targeting enterprise-grade and Small Office/Home Office (SOHO) routers. Cuttlefish is a platform that steals authentication material from web requests that transit the router from the adjacent Local Area Network (LAN).

Verizon's 2024 Data Breach Investigations Report (DBIR) found that the exploitation of vulnerabilities for initial access increased by 180 percent between 2022 and 2023. This method was used by 14 percent of malicious actors to breach networks. It follows credential theft and phishing as the third most used.

According to security researchers at Comparitech, nearly one in five (18%) ransomware incidents in the US led to a lawsuit in 2023, with 123 filed so far. The researchers noted that the number of lawsuits for 2023 is likely to increase, with many data breach notifications still being issued for incidents last year. The analysis showed a growth in the number of lawsuits filed following ransomware attacks in the period from 2018-2023. The researchers said that across just over 3000 confirmed ransomware incidents over the five years, 355 lawsuits were filed, a rate of 12%.

Performanta researchers noticed a trend in how nation-state actors target developing countries. The company analyzed "Medusa," a Ransomware-as-a-Service (RaaS) that targets organizations worldwide. Observed patterns suggest that ransomware activities are not entirely random, and there are strategies focusing on organizations within developing countries as initial targets. According to Guy Golan, CEO and Executive Chairman of Performanta, the company's analysis finds that the African continent has become a testing ground for nation-state attacks.

The US Department of Commerce has made several new announcements related to President Biden's Executive Order (EO) on the Safe, Secure, and Trustworthy Development of Artificial Intelligence (AI). The department's National Institute of Standards and Technology (NIST) released four draft publications to improve AI system safety, security, and trustworthiness.