The United States Department of Justice and the cybersecurity agency CISA have started seeking comments on a proposed rule for protecting the personal data of Americans against foreign adversaries.  The goal is to prevent data brokers, which are companies that collect and aggregate information and then sell it or share it, from providing bulk data collected on American citizens, as well as government-related data, to countries of concern, such as China, Cuba, Iran, North Korea, Russia, or Venezuela.

Researchers at SentinelOne have observed a new macOS malware family dubbed "NotLockBit" that poses as "LockBit" ransomware. NotLockBit, which is written in the Go programming language, targets both Windows and macOS systems. According to SentinelOne, the malware is distributed as an x86_64 binary, suggesting that it only works on Intel and Apple silicon macOS devices running the Rosetta emulation software. This article continues to discuss findings regarding the NotLockBit ransomware.

The Sysdig Threat Research Team (TRT) has reported that cloud-based cyberattacks increased significantly in 2024 as threat actors used new methods to exploit cloud resources. In addition to LLMjacking, which targeted Large Language Models (LLMs), attackers weaponized open source tools and increased automation in 2024, causing financial damage and expanding the attack surface for cloud-hosted enterprises. This article continues to discuss the rise in the performance and abuse of LLMjacking and open source tools in cloud attacks.

The "Alphv/BlackCat" ransomware gang appears to have resurfaced as "Cicada3301," which is written in the Rust programming language. It has many similarities to BlackCat, claiming over 30 victims since June 2024, primarily in the healthcare, hospitality, manufacturing/industrial, and retail industries of North America and the UK. This article continues to discuss findings regarding the Cicada3301 ransomware.

SecurityWeek reports "BlackCat Ransomware Successor Cicada3301 Emerges"

Researchers at Iowa State University are building zero-trust cybersecurity tools to protect power grids that include renewable resources such as wind or solar farms. The research project, supported by the US Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER), will develop zero-trust-based cybersecurity algorithms and tools to reduce cyber exposure. The developed solutions will also improve real-time situational awareness and mitigate attacks on grids integrated with renewable energy sources.

Germany's CERT@VDE has notified organizations of several critical and high-severity vulnerabilities found in industrial routers. One of the vulnerable devices is the MB Connect Line's mbNET.mini router, which is used worldwide as a Virtual Private Network (VPN) gateway for remote access and maintenance of industrial environments. This article continues to discuss the potential exploitation and impact of the vulnerabilities found in mbNET.mini and Helmholz industrial routers.

Researchers at the University of Pennsylvania's School of Engineering and Applied Science (Penn Engineering) discovered that certain features of Artificial Intelligence (AI)-governed robots have previously unidentified security vulnerabilities. The research, funded by the National Science Foundation (NSF) and the Army Research Laboratory (ARL), seeks to address the emerging vulnerability to ensure the safe deployment of Large Language Models (LLMs) in robotics.

According to ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong, multiple End-to-End Encrypted (E2EE) cloud storage platforms have security vulnerabilities that could expose user data to malicious actors. The researchers revealed issues with Sync, pCloud, Icedrive, Seafile, and Tresorit, which over 22 million people collectively use. They found severe vulnerabilities in all five products, including implementations that enable malicious actors to inject files, tamper with data, or access user files.

Datadog's "State of Cloud Security 2024" report found that 46 percent of organizations have unmanaged users with long-lived credentials in cloud services, putting them at risk of data breaches. Long-lived credentials, which are authentication tokens or keys in the cloud that remain valid for a long time, can give attackers persistent access with the same privileges as the owner. According to the report, long-lived credentials are widespread across Google Cloud, Amazon Web Services (AWS), and more.

ESET is investigating the abuse of the systems of its official product distributor in Israel to send emails delivering wiper malware. ESET's Advanced Threat Defense (ATD) team notified targeted users of government-backed attackers trying to compromise their devices. The attack's email passed DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) checks, and linked to the ESET Israel store, according to researcher Kevin Beaumont. The link pointed to a ZIP file with ESET DLLs and an executable aimed at installing wiper malware on the victim's system.