In a new phishing campaign, malicious actors store malware on public cloud services such as Amazon Web Services (AWS) and GitHub. Then they use email to launch an attack and gain control of newly infected systems. According to FortiGuard Labs, the phishing email tricks victims into running a malicious, high-severity Java downloader to spread a new VCURMS Remote Access Trojan (RAT) and a STRRAT RAT. This article continues to discuss findings regarding the phishing campaign involving the use of AWS and GitHub to launch RATs.

According to IRONSCALES and Osterman Research, 70 percent of organizations believe their current security stacks are effective against image-based and QR code phishing attacks. However, 76 percent were still compromised in the last 12 months. Organizations are aware of the growing threat posed by image-based and QR code phishing attacks, with 90 percent of respondents revealing that such attacks target their organizations. Despite this high level of awareness, 94 percent of these organizations have seen these new attacks evade their email security stack.

Researchers have discovered seven packages on the Python Package Index (PyPI) repository designed to steal BIP39 mnemonic phrases used to recover private keys of cryptocurrency wallets. ReversingLabs has codenamed the software supply chain attack campaign "BIPClip." The packages were downloaded 7,451 times before being removed from PyPI. BIPClip, aimed at developers on projects related to generating and securing cryptocurrency wallets, is said to have been in operation since at least December 4, 2022.

The ALPHV/BlackCat ransomware gang has committed a scam on its way out. BlackCat affiliates complained on dark web forums that they had successfully breached victims, but the ransomware gang had not paid their share, becoming unresponsive. This was quickly followed by the closure of affiliate accounts and a law enforcement seizure notice posted on its dark web site, which does not appear to be legitimate. The ransomware gang's unusual behavior is likely due to international law enforcement taking down its data leak site in December.

Several French government agencies have experienced "intense" cyberattacks. The description of the attacks aligns with that of Distributed Denial-of-Service (DDoS) attacks. According to the French government, the attack was carried out with familiar technical means but at an unprecedented level of intensity. Although DDoS incidents have been attributed to state-sponsored groups, the attack's simplicity prevents it from providing a long-term disruptive capability or a method for the attacker to infiltrate target networks.

Google recently revealed that it had awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.  Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

A team of researchers has developed ArtPrompt, a new approach for bypassing the safety measures built into Large Language Models (LLMs). According to the researchers' paper titled "ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs," users can make chatbots such as GPT-3.5, GPT-4, Gemini, Claude, and Llama2 respond to queries that are supposed to be rejected. The attack involves using ASCII art prompts generated by their ArtPrompt tool.

An experimental multiplayer online war game named "Tantalus," after a figure from Greek mythology, provides insightful data for real-world cyberattacks. Researchers at Sandia National Laboratories have used the game to study different conditions in cyberdeterrence strategies. The game is a human research study designed to collect data on how people's decisions during threatening situations affect national security.

Fintech firm EquiLend has recently started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.  On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.  EquiLend confirmed the next day that a ransomware attack caused the disruption and was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.

Security researchers at SpecterOps have developed a knowledge base repository for attack and defense techniques stemming from the improper setup of Microsoft's Configuration Manager (MCM). Improper setup could enable attackers to execute payloads or become domain controllers. MCM, formerly known as System Center Configuration Manager (SCCM, ConfigMgr), is used in many Active Directory (AD) environments to help administrators manage servers and workstations on a Windows network.