The US Cybersecurity and Infrastructure Security Agency (CISA) recently released 15 advisories addressing serious vulnerabilities in industrial control products from Siemens, Mitsubishi Electric, Delta Electronics, and more. One of the vulnerabilities is a critical buffer overflow issue, with a CVSS score of 10.0, in the Sinteso EN and Cerberus PRO EN Fire Protection Systems. The vulnerability stems from the network communication library used in the systems improperly validating the length of X.509 certificate attributes.

Microsoft has recently released a patch for an Xbox vulnerability after initially telling the reporting researcher that it was not a security issue.  The vulnerability is tracked as CVE-2024-2891, and it impacts Xbox Gaming Services.  Microsoft says that it has "important" severity and can easily be exploited by a local attacker with low privileges to escalate permissions to the System.

In "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations," the National Institute of Standards and Technology (NIST) defines different Adversarial Machine Learning (AML) tactics and cyberattacks, as well as provides guidance on how to mitigate and manage them. AML tactics gather information about how Machine Learning (ML) systems work in order to determine how they can be manipulated.

According to GuidePoint Security, smaller Ransomware-as-a-Service (RaaS) groups are trying to recruit new and "displaced" LockBit and Alphv/BlackCat affiliates by offering better payout splits, full-time support, and more. RaaS operations typically include a core group that develops the ransomware and maintains the underlying infrastructure. Such operations also involve affiliates who use it after infiltrating target systems and networks. They pay the core group a part of the ransom for their services.

A threat actor, tracked as "Fluffy Wolf," is spreading different types of malware using accounting report lures in a phishing campaign that relies on malicious and legitimate software. According to researchers from Bi.Zone, Fluffy Wolf's active phishing campaign shows how even unskilled threat actors can use Malware-as-a-Service (MaaS) models to execute successful cyberattacks. The campaign is currently aimed at Russian organizations but could expand to other regions.

According to the 2024 Thales Data Threat Report, ransomware attacks increased by 27 percent in 2023, with 8 percent of impacted organizations deciding to pay the demanded ransom. These numbers suggest that less than half of organizations have formal ransomware response plans in place. The report also cites malware as the fastest-growing threat, with 41 percent of companies reporting malware incidents in the past year. Phishing and ransomware attacks on cloud assets such as Software-as-a-Service (SaaS) applications and cloud-based storage are also growing.

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and several other agencies in the US and around the world urge critical infrastructure leaders to protect their systems from the "Volt Typhoon" hacking group. Last month, they also warned that the Chinese hackers had breached multiple critical infrastructure organizations in the US, gaining access to at least one of them for at least five years before being detected.

According to a survey commissioned by Palo Alto Networks, many industrial organizations are hit with cyberattacks, which result in the shutdown of Operational Technology (OT) processes in a significant percentage of cases. The survey was conducted in December 2023, with nearly 2,000 respondents from 16 countries in the Americas, Europe, and the Asia-Pacific region. Three-quarters of respondents revealed they had detected malicious cyber activity in their OT environment.