Nations Direct Mortgage recently started informing more than 83,000 individuals that their personal information was compromised in a December 2023 data breach.  The company says the incident was identified on December 30 and resulted in unauthorized access to certain systems containing clients’ personal information and other Nations Direct data.  The compromised information, the company reveals, includes names, addresses, Social Security numbers, and Nations Direct loan numbers.

"Earth Krahang," a previously unknown Advanced Persistent Threat (APT) group linked to China, compromised 70 organizations in 23 countries as part of a cyber espionage campaign. Most of the targeted organizations are government entities. According to Trend Micro researchers who discovered the campaign, the group targeted public-facing servers, exploited known vulnerabilities, and sent spear-phishing emails to deliver previously unknown backdoor malware. The campaign mainly focused on Southeast Asia but also targeted entities in America, Europe, and Africa.

"AcidPour," a new destructive malware with data-wiping capabilities, has been discovered in the wild. It targets Linux x86 Internet of Things (IoT) and networking devices. Data wipers are a type of malware used in destructive attacks to delete files and data on targeted devices. This type of malware is typically used to disrupt an organization's operations for political reasons or to divert attention from a larger attack. AcidPour, discovered by SentinelLabs security researcher Tom Hegel, is a variant of the "AcidRain" data wiper.

Security researchers are warning that hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords.  The researchers were able to hack Chattr, the AI hiring system that serves multiple organizations in the US, including fast food chains such as Applebee's, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy's.  The researchers noted that a weakness in Chattr's Firebase implementation allowed them to gain full privileges to the database by registering a new user.

A research team at the University of Rovira i Virgili (URV) has developed an innovative environment based on blockchain technology that enables users to keep track of who has their information and what it is used for by means of a smart contract. The study involved developing a blockchain technology-based personal data management platform. It generates smart contracts that are permanently published on the blockchain and cannot be interfered with. The terms agreed upon cannot be changed, and the contract's binding nature cannot be denied.

For the third year in a row, the Georgia Institute of Technology (Georgia Tech) won the Codebreaker Challenge (CBC) sponsored by the National Security Agency (NSA). The CBC develops and tests students' skills in reverse engineering, computer programming, forensics, and vulnerability analysis through increasingly difficult mission-oriented scenarios mirroring some NSA-specific technical and analytic challenges. This year's CBC featured a signal with an unknown origin identified by the US Coast Guard.

Researchers have discovered a new malware campaign involving the use of fake Google Sites pages and HTML smuggling to distribute "AZORult," a commercial malware designed to facilitate information theft. Netskope Threat Labs researcher Jan Michael Alcantara noted that it applies an HTML smuggling technique in which the malicious payload is embedded in a separate JSON file hosted on an external website. The campaign, not yet attributed to any specific threat actor or group, is described as widespread. Its goal appears to be to collect sensitive data to sell in underground forums.

G Data CyberDefense discovered multiple GitHub repositories posing as cracked software codes and attempting to drop the RisePro infostealer on victim systems. The campaign involves a new variant of the RisePro infostealer malware designed to crash malware analysis tools such as IDA and ResourceHacker. The cybersecurity company found at least 13 repositories belonging to the RisePro stealer campaign, dubbed "Gitgub" by the threat actors. The repositories are all similar and contain a README.md file that promises free cracked software.

A Moldovan national has recently been sentenced to 42 months in prison in the US for operating an illicit marketplace on which hundreds of thousands of compromised credentials were offered for sale.  According to the Department of Justice (DoJ), Sandu Boris Diaconu, 31, created and managed E-Root Marketplace, a series of websites for selling access to compromised systems.  Diaconu was arrested in the UK in May 2021 and extradited to the US in October 2023.  He pleaded guilty in December 2023.

Hackers are increasingly using cookies to gain unauthorized access to sessions and accounts. Cookie hijacking involves hackers stealing session cookies, which are small files used by apps and websites to recognize returning users and provide personalized experiences. Their use among cybercriminals has increased significantly in recent months. Most hackers have attempted to gain access to user accounts by obtaining usernames and passwords.