According to security researchers at Cisco Talos, the hacking group GhostSec has significantly increased its malicious activities over the past year.  This surge includes the emergence of GhostLocker 2.0, a new variant of ransomware developed by the group using the Golang programming language.  The researchers noted that GhostSec, in collaboration with the Stormous ransomware group, has been conducting double extortion ransomware attacks across multiple countries and business sectors.

Hackers operating from Ukraine’s Main Intelligence Directorate (GUR) have recently claimed another breach, this time against the Russian Ministry of Defense (MoD).  The GUR, part of Kyiv’s Ministry of Defense, said a “special operation” enabled it to breach the servers of the Russian MoD (Minoborony) to obtain sensitive documents.  The GUR claimed that the sensitive documents included orders and reports apparently circulated among over 2000 structural units of the ministry.

According to security researchers at WithSecure, the ALPHV/BlackCat ransomware group’s operations seem to have halted amid allegations of defrauding an affiliate involved in the Optum attack, which targeted the Change Healthcare platform, resulting in a loss of $22m.  The researchers noted that over the weekend, negotiation sites linked to the ransomware activities were confirmed to have been shut down, indicating a possibly deliberate dismantling of the gang’s infrastructure.

Georgia’s largest county, Fulton County, is still repairing the damage inflicted on its government a month ago by hackers who shut down office phone lines, left clerks unable to issue vehicle registrations or marriage licenses, and threatened to publicly release sensitive data they claimed to have stolen unless officials paid the ransom.  The ransomware syndicate LockBit took credit for the cyberattack in late January that temporarily crippled government services in Fulton County, which includes most of Atlanta.

American Express recently started warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked.  In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.  The company said that the account information of some of their Card Members, including account information, may have been involved.

Chinese video surveillance equipment manufacturer Hikvision has recently announced patches for two vulnerabilities in its security management system, HikCentral Professional.  The most important of these flaws is CVE-2024-25063, a high-severity bug that could lead to unauthorized access to certain URLs.  The bug affects HikCentral Professional version 2.5.1 and below.

Energinet, the Danish national transmission system operator for electricity and natural gas, together with researchers from the Technical University of Denmark (DTU), demonstrated how quantum key encryption can protect society from the threat posed by quantum computers. Quantum computers have the potential to penetrate current Information Technology (IT) security systems and be used to gain control of the critical infrastructure that supports the supply of electricity, gas, and water.

A team of researchers developed one of the first generative Artificial Intelligence (AI) worms, which can spread from one system to another. Ben Nassi, a Cornell Tech researcher, together with fellow researchers Stav Cohen and Ron Bitton, developed the AI worm dubbed "Morris II." They demonstrated how the AI worm can attack a generative AI email assistant, stealing data from emails and sending spam messages. The team was able to break some security protections in ChatGPT and Gemini.

A new research project led by David Lo, a computer science professor at Singapore Management University (SMU), aims to develop a method for finding cybersecurity vulnerabilities in a software application's source code. Professor Lo and his team propose developing a localized and specialized Large Language Model (LLM) solution, specifically a large data model tuned for vulnerability discovery and contextualized to the government code base.

New research proposes a novel approach to addressing the challenges posed by deepfake technology, which creates manipulated media content resembling authentic footage. The researchers' method combines the miniXception and Long Short-Term Memory (LSTM) models to better analyze suspicious content and identify deepfake images with greater than 99 percent accuracy. The continued development of deepfakes may reduce the effectiveness of security systems put in place for authentication.