Cisco's 2024 Cybersecurity Readiness Index reveals that only 3 percent of organizations are resilient against cybersecurity threats, representing a significant drop in the proportion of global organizations with a mature level of readiness. Nearly 71 percent of organizations fell into the bottom two categories: 'formative' (60 percent) and 'beginner' (11 percent).

Security researchers at Human Security discovered that dozens of VPN applications that turn Android devices into residential proxies were being offered on the Google Play store.  The researchers noted that all the identified malicious applications contained a Golang library responsible for enrolling the device as a proxy node and appeared linked to Asocks, a residential proxy seller.  At least 28 VPN applications containing the malicious library were submitted to Google Play.  After being notified, all apps have been removed from the store.

According to researchers at Netcraft, the Chinese-language Phishing-as-a-Service (PhaaS) platform "Darcula" created 19,000 phishing domains in cyberattacks against over 100 countries. The platform provides cybercriminals with easy access to branded phishing campaigns for a monthly subscription fee of around $250. Darcula is said to be more sophisticated than other PhaaS platforms. It supports many of the same tools used by application developers, such as JavaScript, React, Docker, and Harbor.

According to Google, the volume of zero-day vulnerabilities it detected increased by over 50% from 2022 to 2023, with bugs in third-party components on the rise.  Google discovered a total of 97 zero days in 2023, just shy of the record 106 detected in 2021.  Google claimed end-user platform vendors like Apple, Google, and Microsoft have made “notable investments” to reduce the number of exploitable zero days threat actors can find, making certain types “virtually non-existent” today.

By grigby1 

By krahal

The U.S. House of Representatives has been very busy lately, and the Senate and White House are keeping unusual working hours as well. Tempus fugit, and so also may TikTok though in a different direction.

By aekwall 

CISA recently added a second SharePoint flaw, demonstrated last year at a Pwn2Own hacking competition, to its Known Exploited Vulnerabilities (KEV) list.  The Star Labs team demonstrated the flaw, tracked as CVE-2023-24955, in March 2023 at Pwn2Own Vancouver alongside CVE-2023-29357.   This two-bug exploit chain, which allows unauthenticated remote code execution on SharePoint servers with elevated privileges, earned the Star Labs team $100,000 at Pwn2Own. Microsoft patched CVE-2023-24955 and CVE-2023-29357 with SharePoint updates released in May and June 2023, respectively.

A new hacking campaign called "ShadowRay" exploits an unpatched vulnerability in Ray, a popular open source Artificial Intelligence (AI) framework, to hijack computing power and leak sensitive data. Oligo reported that these attacks have been ongoing since at least September 5, 2023, with targets including education, cryptocurrency, biopharma, and others. Ray is a framework developed by Anyscale that allows users to scale AI and Python applications across a cluster of machines for distributed computing workloads.

Researchers at ReversingLabs have discovered a suspicious package in the NuGet package manager that is likely aimed at developers using tools developed by a Chinese company specializing in industrial and digital equipment manufacturing. The package, "SqzrFramework480," first published on January 24, 2024, has been downloaded 2,999 times. ReversingLabs believes that the campaign is being used to orchestrate industrial espionage on systems equipped with cameras, machine vision, and robotic arms. This article continues to discuss findings regarding the malicious NuGet package.