Security researchers at Lumen Technologies recently discovered a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities.  According to the researchers, a notorious cybercriminal group has been running a multi-year campaign targeting end-of-life small home/small office (SOHO) routers and IoT devices worldwide.  The router botnet, first seen in 2014, has been operating quietly while growing to more than 40,000 bots from 88 countries in January and February 2024.

The US government is trying to close gaps in its sanctions program against Russia by going after blockchain and virtual currency firms, which it says have helped entities circumvent existing controls.

Apple has recently released fresh security updates for iOS and macOS devices to resolve an arbitrary code execution vulnerability.  The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.  Apple noted that the security defect is not specific to Apple’s products but affects the dav1d open-source AV1 cross-platform decoder, which was resolved in dav1d version 1.4.0 in February.

The Science of Security (SoS) initiative has announced its newest iteration of collaborative academic research, the SoS Virtual Institutes (VIs). The goal of the SoS program is to foster a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved security and privacy.

Supply chains are facing SQL injection vulnerabilities, which have prompted a joint warning from the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to develop safer software products. CISA and the FBI have announced the new "Secure by Design" guidance as a direct response to the recent widespread exploitation of a SQLi flaw in the MoveIT file transfer application. SQL injection vulnerabilities enable threat actors to inject their own data into SQL commands.

The U.S. government recently announced a fresh round of sanctions against a pair of Chinese hackers, who are said to be responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”  The Department of the Treasury’s Office of Foreign Assets Control (OFAC) noted that the sanctions also extend to a Wuhan, China-based technology company serving as a front for multiple malicious cyber operations.  In tandem, the U.S.

The Sekoia Threat Detection and Research (TDR) team discovered a new phishing kit called "Tycoon 2FA" in October 2023. The kit, associated with the Adversary-in-the-Middle (AiTM) technique, is allegedly used by multiple threat actors to launch widespread attacks. Findings suggest that the Tycoon 2FA platform has been active since at least August 2023. An analysis revealed that the kit has become one of the most common AiTM phishing kits, with more than 1,100 domain names detected between October 2023 and February 2024.

Researchers at ETH Zurich have developed "ZenHammer," the first variant of the Rowhammer Dynamic Random-Access Memory (DRAM) attack, which works on CPUs based on the recent AMD Zen microarchitecture that maps physical addresses on DDR4 and DDR5 memory chips. AMD Zen chips and DDR5 RAM modules were previously thought to be less vulnerable to Rowhammer, but new findings call this into question. Rowhammer is an attack method that exploits a physical feature of modern DRAM.

A new study conducted by researchers at Charles Darwin University (CDU) has found that Artificial Intelligence (AI) could become a critical asset in combating the growing global threat of cybercrime. The study, led by researchers from CDU's Energy and Resources Institute and the Christ Academy Institute for Advanced Studies in India, explored whether generative AI could be used in penetration testing (pentesting). Researchers used ChatGPT to conduct various pentesting activities, including reconnaissance, scanning, vulnerability assessments, exploitation, and reporting.

Checkmarx reports that multiple Python developers, including a Top.gg maintainer, were infected with information-stealing malware after downloading a malicious clone of a popular tool. Colorama, a tool that makes ANSI escape character sequences work on Windows, has over 150 million monthly downloads. The hackers cloned the tool, inserted malicious code into it, and put the malicious version on a fake mirror domain that used typosquatting to trick developers into thinking it was the legitimate 'files.pythonhosted.org' mirror.