Researchers have discovered a new variant of the "BunnyLoader" malware with a modular structure and improved evasion capabilities. In October 2023, Zscaler ThreatLabz researchers discovered BunnyLoader, a new Malware-as-a-Service (MaaS) advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is available on several forums for $250 for a lifetime license. According to researchers, BunnyLoader is in rapid development, with the authors releasing multiple updates to implement new features and address bugs.

Recent cyberattacks on water plants have driven the US Environmental Protection Agency (EPA) to form a task force aimed at addressing the security risks that water infrastructure providers face. Attacks on US water and wastewater facilities could put a "critical lifeline" at risk and inflict significant costs on impacted communities, according to a letter from White House National Security Advisor Jake Sullivan and EPA Administrator Michael Regan to state governors.

Robert Purbeck, an Idaho man who hacked and extorted medical clinics and a police department, has pleaded guilty in Georgia federal court to computer fraud and abuse charges. According to a release from the Northern District of Georgia announcing the guilty plea, Purbeck, who used the aliases "Lifelock" and "Studmaster," stole the personal information of over 130,000 people. In 2017 and 2018, he purchased stolen credentials from the dark web and used them to infiltrate the networks of a medical clinic in Griffin, Georgia.

Google and Mozilla recently announced web browser security updates that address dozens of vulnerabilities, including one critical severity and multiple high-severity flaws.  Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.  According to Google, the most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine.

Researchers from the CISPA Helmholtz-Center for Information Security have detailed a new Denial-of-Service (DoS) attack vector that has been targeting application-layer protocols based on the User Datagram Protocol (UDP), threatening hundreds of thousands of hosts. According to the researchers, "Loop DoS attacks," pair servers of these protocols so that they can communicate with each other indefinitely. UDP is a connectionless protocol that does not validate source IP addresses, leaving it vulnerable to IP spoofing.

Ukrainian cyber police recently arrested three men suspected of hijacking the accounts of over 100 million internet users.  The trio, aged between 20 and 40, were arrested by police in the country’s Kharkiv region under the guidance of the regional prosecutor’s office.  The police said that the trio were operating as part of a cybercrime group and used brute-force techniques to hijack victims’ email and Instagram accounts that were protected by easy-to-guess passwords.

Nigel Smart, Chief Academic Officer at Zama, calls on organizations to prepare for the future arrival of quantum computers capable of breaking current cryptographic solutions. The National Institute of Standards and Technology (NIST) recently announced post-quantum-secure public key encryption and signature standards. However, Smart points out that NIST's standards only consider traditional forms of public key encryption and signatures.

Threat actors are using Digital Document Publishing (DDP) sites hosted on platforms such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet to perform phishing, credential harvesting, and session token theft, bringing further attention to how threat actors repurpose legitimate services. According to Cisco Talos researcher Craig Jackson, hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack because these sites often have a positive reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security.

Repositories for Machine Learning (ML) models, such as Hugging Face, provide threat actors with the same opportunities to sneak malicious code into development environments as open source public repositories. In a presentation titled "Confused Learning: Supply Chain Attacks through Machine Learning Models," two Dropbox researchers will demonstrate multiple techniques that threat actors can use to distribute malware through ML models on Hugging Face.

Resecurity reported on the growing number of cyber incidents targeting the aerospace and aviation sectors. Researchers have emphasized the importance of conducting rigorous cybersecurity risk assessments for airports as well as proactive threat intelligence because of the activities of major ransomware groups and advanced threat actors. As geopolitical tensions rise, the civil aviation and aerospace industries face an increased risk of destructive cyberattacks. Resecurity has documented recent notable activities by threat actors launching attacks against these sectors.