On January 11, 2024, the Science of Security (SoS) initiative held the kickoff meeting for its newest iteration of collaborative academic research, the SoS Virtual Institutes (VIs).

According to Cisco Talos researchers, hackers are abusing the Google Cloud Run service to spread massive amounts of banking Trojans such as Astaroth, Mekotio, and Ousaban. Google Cloud Run allows users to deploy frontend and backend services, websites, and applications, as well as manage workloads, without the need for infrastructure management or scaling.

According to security researchers at Trend Micro, LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev, likely to become LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.  Trend Micro analyzed a sample of the latest LockBit development that can work on multiple operating systems.

US healthcare technology giant Change Healthcare recently fell victim to a cyberattack that resulted in widespread network disruptions.  The incident was initially disclosed on February 21 at 02:15 EST, when the company announced that some of its applications are unavailable.  In an update at 08:38 EST, Change Healthcare said that it was experiencing enterprise-wide connectivity issues as a result of the incident.  Over 100 applications across dental, pharmacy, medical record, clinical, enrollment, patient engagement, revenue, and payment services were listed as affected.

Sylvester Kaczmarek, Chief Technology Officer at OrbiSky Systems, emphasizes the need for robust cybersecurity measures to protect space assets from attacks threatening global stability and security. A cyberattack could disrupt a satellite's service or disable a spacecraft. Expanding the digital realm into space has created new opportunities for cyber threats and presented significant challenges. This article continues to discuss Kaczmarek's insights on the need to improve cybersecurity for satellites as threats to space-based infrastructure rise.

A new study introduces an innovative approach to addressing the ongoing challenge of zero-day phishing attacks in cybersecurity. Zero-day threats exploit previously unknown vulnerabilities in software, networks, and computer systems before a patch or update is made. Thomas Nagunwa from the Department of Computer Science at the Institute of Finance Management in Dar Es Salaam, Tanzania, has proposed a Machine Learning (ML) model for detecting these emerging and ever-changing threats in real-time.

Iranian state-sponsored Advanced Persistent Threat (APT) groups have posed as hacktivists, claiming attacks launched against Israeli critical infrastructure and air defense systems. According to researchers at Crowdstrike, most cyberattacks against Israel in recent months have been executed by hacktivists and nation-state actors "playing them on TV." These "faketivists" imitate the tactics, techniques, and procedures (TTPs), as well as the aesthetic and rhetoric of legitimate hacktivist groups.

In the past two years, 60 percent of organizations have suffered a breach involving Application Programming Interfaces (APIs). Hackers exploit APIs because they allow them to bypass security controls, gain access to sensitive company data, take over certain functionalities, and more. A publicly exposed API of the social media platform Spoutible could have resulted in attackers stealing users' Two-Factor Authentication (2FA) secrets and encrypted password reset tokens.

Security experts at Crowdstrike recorded a surge in “hands-on-keyboard” threats in 2023, with the average time it took to move laterally from initial access dropping 35% annually to just 62 minutes.  The researchers noted that this so-called “breakout time” is a critical factor in how successful attacks are, as it signifies how long defenders have to detect and contain threats before attackers are able to conduct reconnaissance, establish persistence, and locate their targets.