A 20-year-old Remote Access Trojan (RAT) has reemerged with new variants targeting Linux and impersonating a trusted hosted domain. Palo Alto Networks discovered a new Linux variant of the Bifrost malware, also known as Bifrose, that applies the typosquatting tactic to mimic a legitimate VMware domain, allowing the malware to avoid detection. Bifrost is a RAT that has been active since 2004, gathering sensitive information from compromised systems, including hostnames and IP addresses. Bifrost Linux variants have increased significantly in recent months, raising concerns.

Researchers from Georgia Tech's College of Engineering developed web-based Programmable Logic Controller (PLC) malware capable of targeting most PLCs from major manufacturers. Their web-based PLC malware resides in PLC memory but is eventually executed client-side by different browser-equipped devices in the ICS environment. The researchers explained that the malware then uses ambient browser-based credentials to interact with the PLC's legitimate web Application Programming Interfaces (APIs) in order to attack the underlying real-world machinery.

According to Cybereason researchers, threat actors are using Facebook messages to spread malware called "Snake," which is a Python-based information stealer. The malware extracts credentials from the infected system and sends them to various platforms such as Discord, GitHub, and Telegram by abusing their Application Programming Interfaces (APIs). The threat actors send victims direct messages through Facebook Messenger, attempting to trick them into downloading archive files like RAR or ZIP files.

Fidelity Investments Life Insurance Company recently started informing roughly 28,000 individuals that their personal information was compromised in a data breach at third-party services provider Infosys McCamish System (IMS).  The data breach, Fidelity says, was the result of a cyberattack on IMS’ systems, which occurred in October 2023 and led to unauthorized access to data that IMS was holding on behalf of its customers.

The Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, revealing a 22 percent increase in reported losses compared to 2022, totaling a record $12.5 billion. The number of relevant complaints received by the FBI in 2023 reached 880,000, a 10 percent increase over the previous year. Business Email Compromise (BEC), investment fraud, ransomware, and tech/customer support and government impersonation scams caused the most financial losses in the US last year.

In 2023, at least 225,000 sets of OpenAI credentials were listed for sale on the dark web, potentially enabling access to sensitive data sent to ChatGPT. Researchers at Group-IB discovered ChatGPT accounts compromised by information stealer malware between January and October 2023. The stolen credentials came from devices infected with LummaC2, Raccoon, and other infostealers. These malware tools look for and gather sensitive information stored on infected devices, such as login credentials and financial information.

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) on how to limit adversarial lateral movement within an organization's network aimed at gaining access to sensitive data and critical systems. The CSI, titled "Advancing Zero Trust Maturity Throughout the Network and Environment Pillar," explains how to use zero trust principles to strengthen internal network control and contain network intrusions to a specific network segment.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced several initial key actions that it will take in collaboration with the open source community to help secure the open source ecosystem. CISA is working with package repositories to encourage the adoption of the Principles for Package Repository Security. This framework, developed by CISA and the Open Source Security Foundation's (OpenSSF) Securing Software Repositories Working Group, delves into voluntary security maturity levels for package repositories.

Cisco recently announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.  The first issue tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and could be exploited remotely, without authentication, in carriage return line feed (CRLF) injection attacks.

A Nigerian national has recently pleaded guilty in a US court to his role in a business email compromise (BEC) fraud scheme that caused roughly $200,000 in losses.  Henry Echefu, 32, a resident of South Africa at the time the nefarious operation was conducted, was extradited from Canada on November 30.  According to the Department of Justice (DoJ), Echefu and co-conspirators, including individuals in Maryland, engaged in a BEC scheme between February and July 2017.