Toronto Zoo, the largest zoo in Canada, recently confirmed that a ransomware attack that hit its systems on early Friday, 1/5, had no impact on the animals, its website, or its day-to-day operations.  The zoo said it doesn't store any credit card information and is also investigating whether the incident affected its guests', members', or donors' records.  The zoo said that this incident has not impacted their animal well-being, care, and support systems, and they are continuing with normal zoo operations, including being open to guests.

Cisco Talos researchers collaborated with Dutch police to obtain a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that resulted in the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant that appeared in the wild shortly after the original malware's source code was leaked on a hacker forum. The threat actor used ProxyShell exploits on Microsoft Exchange servers to deploy the data-encrypting malware.

In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September.

According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year.  The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022.  This is an average of nearly 80 new CVEs per day.  The number of published CVEs has been steadily increasing since 2017.

According to security researchers at Nozomi Networks, vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization.  The researchers found security holes in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations.

A Nigerian national is going to go to jail for 10 years and one month and is ordered to pay almost $1.5m in restitution after being convicted of serious money laundering offenses.  Olugbenga Lawal, 33, of Indianapolis, Indiana, was convicted in August last year of conspiring to commit money laundering after three co-conspirators had already pleaded guilty to the same crime.  According to the Department of Justice (DoJ), he laundered millions of dollars generated by various internet fraud schemes, including romance scams and business email compromise (BEC).

According to a team led by researchers at Pennsylvania State University, people process information more efficiently on mobile phones but are less vigilant about misinformation than on Personal Computers (PCs), especially when users have developed a mobile phone routine or habit. The researchers also discovered that PC users are more likely to click on malicious links in phishing e-mails. Their findings have implications for cybersecurity and highlight the need for more alerts on mobile devices to combat misinformation and warnings on PCs to reduce susceptibility to phishing attempts.

In the attacks on Albanian organizations earlier in December 2023, Iran-linked hackers used wiper malware dubbed No-Justice. The attacks, linked to the Iranian threat actor known as Homeland Justice, targeted the Albanian parliament, two telecommunications companies, and the country's flag air carrier. Although the hackers claimed to have stolen data from the targeted systems, this claim has yet to be confirmed. ClearSky researchers identified two main tools used in this campaign: No-Justice and a PowerShell script.

According to the Cybernews research team, Saudi Arabia's Ministry of Industry and Mineral Resources (MIM) had an environment file exposed for 15 months, leaving sensitive information open to anyone. An environment file is a critical component for any system because it serves as a set of instructions for computer programs. Leaving environment files open to the public exposes critical data and gives threat actors opportunities for attacks.

According to recent research conducted by Noname Security, many organizations say they understand the importance of properly protecting Application Programming Interfaces (APIs), but in practice, these organizations do not appear to do so. This seems to be due to a fundamental lack of knowledge. APIs are used to connect various components in almost all modern environments. Around 80 percent of all Internet traffic goes through an API at some point. APIs are used as getaway vehicles in attacks because they are effective in data exfiltration, according to Noname Security CMO Mike O'Malley.