The U.S. government recently announced a fresh round of sanctions against a pair of Chinese hackers, who are said to be responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”  The Department of the Treasury’s Office of Foreign Assets Control (OFAC) noted that the sanctions also extend to a Wuhan, China-based technology company serving as a front for multiple malicious cyber operations.  In tandem, the U.S.

The Sekoia Threat Detection and Research (TDR) team discovered a new phishing kit called "Tycoon 2FA" in October 2023. The kit, associated with the Adversary-in-the-Middle (AiTM) technique, is allegedly used by multiple threat actors to launch widespread attacks. Findings suggest that the Tycoon 2FA platform has been active since at least August 2023. An analysis revealed that the kit has become one of the most common AiTM phishing kits, with more than 1,100 domain names detected between October 2023 and February 2024.

Researchers at ETH Zurich have developed "ZenHammer," the first variant of the Rowhammer Dynamic Random-Access Memory (DRAM) attack, which works on CPUs based on the recent AMD Zen microarchitecture that maps physical addresses on DDR4 and DDR5 memory chips. AMD Zen chips and DDR5 RAM modules were previously thought to be less vulnerable to Rowhammer, but new findings call this into question. Rowhammer is an attack method that exploits a physical feature of modern DRAM.

A new study conducted by researchers at Charles Darwin University (CDU) has found that Artificial Intelligence (AI) could become a critical asset in combating the growing global threat of cybercrime. The study, led by researchers from CDU's Energy and Resources Institute and the Christ Academy Institute for Advanced Studies in India, explored whether generative AI could be used in penetration testing (pentesting). Researchers used ChatGPT to conduct various pentesting activities, including reconnaissance, scanning, vulnerability assessments, exploitation, and reporting.

Checkmarx reports that multiple Python developers, including a Top.gg maintainer, were infected with information-stealing malware after downloading a malicious clone of a popular tool. Colorama, a tool that makes ANSI escape character sequences work on Windows, has over 150 million monthly downloads. The hackers cloned the tool, inserted malicious code into it, and put the malicious version on a fake mirror domain that used typosquatting to trick developers into thinking it was the legitimate 'files.pythonhosted.org' mirror.

Japan last month, held cyber defense exercises with five Pacific island nations in an effort to shore up cybersecurity defenses in the region.  The cybersecurity exercise event, held in Guam in mid-February, was a first for Japan.  Japan's Ministry of Internal Affairs and Communications led the event, including government officials and network providers from Kiribati, the Marshall Islands, Micronesia, Nauru, and Palau, with Fiji and Tonga on-site observers.

German authorities recently announced that they have taken down a major online marketplace for drugs, cybercrime services, and fraudulently obtained credit card data.  Investigators seized the Nemesis Market platform’s server infrastructure in Germany and Lithuania and cryptocurrency worth 94,000 euros ($102,000).  The authorities noted that the seizure followed an investigation in cooperation with the FBI, the U.S. Drug Enforcement Administration, and Internal Revenue Service Criminal Investigation.

Sangeetha Ganesan of the Department of Artificial Intelligence and Data Science at the R.M.K College of Engineering and Technology in Tamil Nadu, India, explains how JavaScript, a popular web development programming language, allows access to a variety of Application Programming Interfaces (APIs) and sensors. He points out that the prevalence of this language raises privacy concerns as malicious third parties discover and exploit vulnerabilities.

Researchers at Colorado State University have released a new paper detailing vulnerabilities found in commercial trucking systems. The exploitation of these vulnerabilities could enable hackers to take control of, steal data from, or disrupt entire fleets by spreading malware between vehicles. The study delves into the trucking industry's cybersecurity gaps through Electronic Logging Devices (ELDs). This federally mandated supplemental system tracks hours of service compliance and other metrics for later inspection and is closely linked to vehicle control systems.

Cybersecurity researchers at Florida International University (FIU) warn that websites requesting access to a user's files may be able to bypass antivirus software and launch ransomware attacks. According to a study conducted by the FIU College of Engineering and Computing, free photo editors, tax document assistants, and other online apps that request permission to access a user's media can encrypt and control files. Attackers could then demand a ransom for the files' safe return. The hack is said to work on all three major PC operating systems: Windows, Linux, and macOS.