China's Beijing Wangshendongjian Judicial Appraisal Institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature. This operation would allow the government to identify the phone numbers or email addresses of those who have shared content. In order to avoid censorship in the country, people turned to Apple's AirDrop feature. The feature does not require cellular service, sending images between devices via Bluetooth and a private Wi-Fi network. This article continues to discuss the AirDrop cracking claimed by the Chinese state-backed research institute.

Since early 2023, threat actors have been using a new Mirai-based botnet called NoaBot as part of a cryptocurrency mining campaign. According to Akamai security researcher Stiv Kupchik, the new botnet's capabilities include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread to new victims. Mirai source code was leaked in 2016, which has given rise to several botnets.

Security researchers at Patchstack discovered a critical vulnerability in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations.  The plugin is widely recognized for its diverse AI-related functionalities, allowing users to create chatbots, manage content, and utilize various AI tools such as translation, SEO, and more.  The researchers noted that the security flaw is an unauthenticated arbitrary file upload vulnerability in the plugin’s rest_upload function within the files.php module.

According to security researchers at Arctic Wolf, under 4% of US states are fully prepared to detect and recover from election-targeted cybersecurity incidents.  The researchers surveyed state and local government leaders across the US and found that 14.3% of states were "not at all prepared" to deal with such incidents, with 42.9% only "somewhat prepared" ahead of the 2024 US election cycle, which includes presidential and other state and local elections.

Google recently released patches for 58 vulnerabilities in the Android platform and fixes for three security bugs in Pixel devices.  The first part of Android’s January 2024 update, which arrives on devices as the 2024-01-01 security patch level, addresses ten security holes in the Framework and System components, all rated high severity.  Google noted that the most severe of these issues is a security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.

According to Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), hackers and propagandists are using generative Artificial Intelligence (AI) chatbots such as ChatGPT to make their operations appear more legitimate to native English speakers. Cybercriminals and hackers working for foreign intelligence agencies have been observed using chatbots to appear as native English speakers. Generative AI chatbots have become skilled at mimicking believable and grammatically correct writing.

Threat actors had public access to the private data of hundreds of millions of Brazilians, putting individuals at risk of identity theft, fraud, and targeted cybercrimes. According to Cybernews, a publicly accessible Elasticsearch instance contained a massive amount of private data belonging to Brazilian citizens. Elasticsearch is a popular tool for searching, analyzing, and visualizing large amounts of data. Since the leaked data was not linked to a specific organization, Cybernews was unable to determine the source of the leak.

Researchers have discovered a sophisticated attack campaign dubbed "RE#TURGENCE" that is targeting Microsoft SQL (MSSQL) database servers in the US, EU, and Latin America, to deploy Mimic ransomware payloads. According to a Securonix report, RE#TURGENCE leads to another possible outcome, which is the unlawful sale of access to compromised servers. The malicious actors, who are based in Turkey, appear to be financially motivated. Securonix gained insights into the current attacks after the threat group made a significant Operational Security (OPSEC) lapse.

When an organization faces a ransomware attack and pays the malicious actors behind it to decrypt the encrypted data and delete the stolen data, there is no guarantee that the criminals will do what they promised. Even if an organization's data is decrypted, there is no guarantee that the stolen data has been wiped and will not be used or sold in the future.

Security researchers at FortiGuard have observed that attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary malicious servers to distribute the malware.