According to CloudSEK researchers, a threat actor known as PRISMA boasted a powerful zero-day exploit and developed a sophisticated solution for generating persistent Google cookies by manipulating a token. This exploit allows for continued access to Google services, even after a user's password has been reset. Open Authorization 2.0 (OAuth 2.0) is a protocol for securing and authorizing access to resources on the Internet.

A zero-day vulnerability impacting Barracuda Networks' Email Security Gateway (ESG) enables hackers to install backdoors. The vulnerability exists in Spreadsheet::ParseExcel, an open-source library for processing Excel files. The library is used by the Amavis virus scanner on the ESG to scan Excel attachments sent via email. The vulnerability, tracked as CVE-2023-7102, allows malicious Excel attachments to run arbitrary code on a Barracuda ESG. According to Barracuda, there have already been several exploits of this vulnerability.

The Resecurity's HUNTER unit discovered a new version of the Meduza stealer that supports more software clients, including browser-based cryptocurrency wallets. Meduza 2.2 also has an improved credit card grabber. According to researchers, Meduza is a strong competitor to Azorult, Redline, Racoon, and Vidar Stealer for Account Takeover (ATO), online banking theft, and financial fraud. This article continues to discuss key findings regarding the new version of the Meduza stealer.

The complexity of Application Programming Interface (API) security continues to grow as technology advances. The rise of APIs in modern applications and services calls for organizations to better understand their API environments and the operational risks that APIs pose. Graylog CEO Andy Grolnick highlights several key trends and predictions that will shape the API security landscape in 2024. According to Grolnick, the number of targeted application-level attacks will increase.

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new phishing campaign launched by the Russia-linked APT28 group to steal sensitive information. The campaign involves previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK. The agency discovered the activity between December 15 and December 25, 2023, targeting government entities with email messages urging recipients to click on a link to view a document. This article continues to discuss the APT28 group's new phishing campaign that distributes OCEANMAP, MASEPIE, and STEELHOOK.

The shift toward content credentials comes as interest in automated deepfake-detection systems wanes. The Coalition for Content Provenance and Authenticity (C2PA) group combines the Adobe-led Content Authenticity Initiative and Project Origin, a media provenance effort. In 2021, initial standards were released for attaching cryptographically secure metadata to image and video files. Any change to the file in its system is automatically reflected in the metadata, breaking the cryptographic seal and revealing any tampering.

Multiple financially motivated threat groups have abused the MSIX ms-appinstaller protocol handler to infect Windows users with malware, prompting Microsoft to disable it again. Attackers exploited the Windows AppX Installer spoofing vulnerability to bypass security measures implemented to protect Windows users from malware. According to Microsoft, threat actors use malicious advertisements for popular software as well as Microsoft Teams phishing messages to distribute signed malicious MSIX application packages.