Subscriber Identity Module (SIM) swappers have changed their attacks to steal a target's phone number by porting it to a new Embedded SIM (eSIM) card, which is a digital SIM in a rewritable chip found in many modern smartphones. An eSIM is a digital card stored on the chip of a mobile device that performs the same functions as physical SIM cards but can be remotely reprogrammed and provisioned, as well as deactivated, swapped, and deleted.

Researchers from Google DeepMind, Open AI, ETH Zurich, McGill University, and the University of Washington have developed a new attack that extracts key architectural information from proprietary Large Language Models (LLMs) such as ChatGPT and Google PaLM-2. The study shows how adversaries can extract supposedly hidden data from an LLM-enabled chatbot, allowing them to duplicate or steal its functionality. The attack is one of several highlighted in the past year that have delved into the security flaws of Artificial Intelligence (AI) technologies.

According to Claroty, healthcare networks have been found to contain 63 percent of the Known Exploited Vulnerabilities (KEVs) tracked by the US Cybersecurity and Infrastructure Security Agency (CISA). Twenty-three percent of medical devices, including imaging devices, clinical Internet of Things (IoT) devices, and surgery devices, have at least one KEV.

France’s Employment Agency recently suffered a data breach that could affect users who registered over the past 20 years, representing 43 million potential users’ data exposed.  France Travail, the French national employment agency, announced on March 13, 2024, that its IT systems and those of Cap Emploi, a government employment service that supports people with disabilities, were breached.

Nissan Oceania recently announced that roughly 100,000 individuals were affected by a data breach resulting from a ransomware attack conducted by a known cybercrime group in late 2023.  Nissan said it detected an intrusion on December 5, 2023, and informed customers about a disruptive cyber incident the same day.  The attack impacted Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand.

A team of mathematics researchers from RMIT University's Centre for Cyber Security Research and Innovation (CCSRI) collaborated with a tech startup called Tide Foundation to develop a breakthrough cybersecurity technology. The new technology, called "ineffable cryptography," enables data and devices to be locked with keys that no one will ever hold. It involves secretly generating and operating keys across a decentralized network of servers run by independent organizations. Only a part of a key is held by each server in the network.

Researchers at the University of Chicago explored a security flaw in Meta's Quest Virtual Reality (VR) system that could enable hackers to hijack users' headsets, steal sensitive information, and manipulate social interactions. In the "inception attack," hackers develop an app that injects malicious code into the Meta Quest VR system. They then launch a clone of the VR system's home screen and apps, appearing identical to the user's original screen. When inside, attackers can monitor, record, and modify everything the user does with the headset.