In response to the Chinese state-sponsored hacking group Volt Typhoon targeting critical infrastructure in the US, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) dismantled the group's infrastructure. It has been reported that the DOJ and the FBI sought and received a court order to disable the Volt Typhoon hacking campaign remotely.

According to CSIRT-CTI, Mustang Panda, a China-based threat actor, is suspected of targeting Myanmar's Ministry of Defence and Foreign Affairs as part of campaigns aimed at deploying backdoors and Remote Access Trojans (RATs). CSIRT-CTI noted that the activities occurred in November 2023 and January 2024, based on artifacts associated with the attacks uploaded to the VirusTotal platform.

According to a new report from the Berryville Institute of Machine Learning (BIML) titled "An Architectural Risk Analysis of Large Language Models," many of the security issues associated with Large Language Models (LLMs) stem from the fact that they all have a black box at their core. LLMs' end users typically have little information about how providers collected and cleaned the data used to train their models, and model developers generally conduct only a surface-level evaluation of the data due to the volume of information available.

The ChatGPT maker OpenAI has about a month to respond to the Italian data regulator following the agency's investigation that revealed the company's alleged violation of European privacy laws. In 2023, Garante, the Italian data protection authority temporarily banned OpenAI's Large Language Model (LLM) chatbot, citing a violation of the European General Data Protection Regulation (GDPR). It restored in-country access to the chatbot in April after OpenAI agreed to implement age verification and an opt-out form for removing personal data from the LLM.

According to security researchers at Corvus, ransomware incidents surged by 68% in 2023 to reach a record high.  However, law enforcement takedowns are having an impact on the prolific nature of ransomware gangs.  In total, 4496 ransomware leak site victims were observed in 2023.  This compares to 2670 in 2022 and 3048 in 2021.  The researchers also found that the number of active ransomware groups grew by 34% between Q1 and Q4 2023.

Resecurity found the credentials of over 1,572 RIPE, APNIC, AFRINIC, and LACNIC customers on the dark web. These individuals had been compromised because of malware activity involving password stealers such as Redline, Vidar, Lumma, Azorult, and Taurus. The stolen credentials were found to be available for purchase on underground marketplaces.

Security researchers at Shadowserver found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.  Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.

Brazil's Federal Police, with support from cybersecurity researchers, have disrupted the Grandoreiro banking malware operation, which has targeted Spanish-speaking countries since 2017. ESET, Interpol, the National Police of Spain, and Caixa Bank provided critical data that led to the identification and arrest of individuals behind the malware's infrastructure. The police made five arrests and conducted thirteen search and seizure actions in Sao Paulo, Santa Catarina, Para, Goias, and Mato Grosso.

CloudSEK reports that a massive database containing the information of roughly 750 million individuals in India was offered for sale on the dark web earlier this month.  The company noted that the database, 1.8 terabytes in size, contains personal information such as names, mobile phone numbers, addresses, and Aadhaar details (the Aadhaar number is unique to an individual and serves for identification purposes).

Insurance consulting and brokerage firm Keenan & Associates has recently started informing more than 1.5 million individuals that their personal information was stolen in an August 2023 cyberattack.  The company noted that the cyberattack was discovered on August 27, when disruptions occurred on some of its servers, and was contained within hours.  Keenan’s investigation into the cyberattack revealed that an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023.