The IBM Institute for Business Value discovered that 84 percent of CEOs are concerned about widespread or destructive cyberattacks that generative Artificial Intelligence (AI) adoption could cause. As organizations consider how to incorporate generative AI into their business models and assess the security risks the technology may introduce, it is essential to look at the top attacks that threat actors could use against AI models.

Associate Research Professor Charles Harry at the University of Maryland shares his insights on the creativity of today's cyberattacks, as well as the five most unlikely places people could be vulnerable. Cyberattacks have grown in sophistication and complexity, with malicious hackers becoming more skilled at developing malware or gaining access to networks. Harry emphasizes that anyone who visits a commercial, government, or institutional website is a potential entry point.

Ukraine's National Cyber Security Coordination Center (NCSCC) has warned its military members about a new phishing campaign launched by the Russian-backed cybercriminal group APT28. According to the NCSCC, APT28 is targeting military personnel and units of the Ukrainian Defense Forces through phishing emails in an attempt to gain access to military email accounts. APT28, also known as Fancy Bear or Sandworm Team, was formed in 2004 and has been linked to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.

In response to the Chinese state-sponsored hacking group Volt Typhoon targeting critical infrastructure in the US, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) dismantled the group's infrastructure. It has been reported that the DOJ and the FBI sought and received a court order to disable the Volt Typhoon hacking campaign remotely.

According to CSIRT-CTI, Mustang Panda, a China-based threat actor, is suspected of targeting Myanmar's Ministry of Defence and Foreign Affairs as part of campaigns aimed at deploying backdoors and Remote Access Trojans (RATs). CSIRT-CTI noted that the activities occurred in November 2023 and January 2024, based on artifacts associated with the attacks uploaded to the VirusTotal platform.

According to a new report from the Berryville Institute of Machine Learning (BIML) titled "An Architectural Risk Analysis of Large Language Models," many of the security issues associated with Large Language Models (LLMs) stem from the fact that they all have a black box at their core. LLMs' end users typically have little information about how providers collected and cleaned the data used to train their models, and model developers generally conduct only a surface-level evaluation of the data due to the volume of information available.

The ChatGPT maker OpenAI has about a month to respond to the Italian data regulator following the agency's investigation that revealed the company's alleged violation of European privacy laws. In 2023, Garante, the Italian data protection authority temporarily banned OpenAI's Large Language Model (LLM) chatbot, citing a violation of the European General Data Protection Regulation (GDPR). It restored in-country access to the chatbot in April after OpenAI agreed to implement age verification and an opt-out form for removing personal data from the LLM.

According to security researchers at Corvus, ransomware incidents surged by 68% in 2023 to reach a record high.  However, law enforcement takedowns are having an impact on the prolific nature of ransomware gangs.  In total, 4496 ransomware leak site victims were observed in 2023.  This compares to 2670 in 2022 and 3048 in 2021.  The researchers also found that the number of active ransomware groups grew by 34% between Q1 and Q4 2023.

Resecurity found the credentials of over 1,572 RIPE, APNIC, AFRINIC, and LACNIC customers on the dark web. These individuals had been compromised because of malware activity involving password stealers such as Redline, Vidar, Lumma, Azorult, and Taurus. The stolen credentials were found to be available for purchase on underground marketplaces.

Security researchers at Shadowserver found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.  Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.