Mitsubishi Electric recently announced that two potentially serious vulnerabilities have been found in their factory automation products.  Mitsubishi Electric said several factory automation (FA) products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.  Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.

An international initiative involving over 35 nations aims to combat hack-for-hire operations. At a recent conference, countries led by the US, UK, and France, together with companies including Google, Apple, BAE Systems, and Microsoft, signed a declaration called the "Pall Mall Process." The goal is to establish guiding principles and policy options for states, industry, and civil society regarding developing and implementing commercially available cyber intrusion capabilities.

JetBrains has addressed a critical authentication bypass vulnerability, tracked as CVE-2024-23917, that affects TeamCity On-Premises continuous integration and deployment servers. The vulnerability could enable an unauthenticated threat actor with HTTP(S) access to a TeamCity server to evade authentication controls and gain administrative access on the server. JetBrains TeamCity servers were a popular target for state-sponsored hackers in 2023, exploiting another authentication bypass vulnerability, tracked as CVE-2023-42793.

The Shim maintainers have released version 15.8 to fix six security flaws, including a critical bug that could enable Remote Code Execution (RCE) under certain conditions. Shim is described as a "trivial" software package designed to serve as a first-stage boot loader on Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, tracked as CVE-2023-40547 with a CVSS score of 9.8, could be exploited to bypass Secure Boot.

According to security researchers at Chainalysis, ransomware actors collected over $1bn in extortion money from their victims in 2023, a record high.  The researchers noted that this is a conservative estimate of the financial impact of ransomware last year, as new cryptocurrency addresses are likely to be discovered over time.  The researchers said the figure for 2022 has already been revised up 24% to $567m, for example.

The Cybersecurity and Infrastructure Security Agency (CISA) has announced a renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, a public-private partnership with various representatives from public and private sector organizations. They are tasked with identifying challenges as well as developing realistic, actionable, and risk-based recommendations and solutions for managing risks faced by the global ICT supply chain.

In a recent position paper, intelligence agencies in Germany, France, the Netherlands, and Sweden gave their criticism about Quantum Key Distribution (QKD). This encryption method theoretically ensures the security of communications by preventing anyone from intercepting keys without detection. According to the agencies, there are several inherent flaws, and a practical implementation would be too expensive and limited. This article continues to discuss the intelligence agencies' criticism of QKD.

Threat actors have been using fake Facebook job advertisements to trick potential victims into installing a new Windows-based stealer malware called Ov3r_Stealer. According to Trustwave SpiderLabs, this malware steals credentials and cryptocurrency wallets. It then sends them to a Telegram channel monitored by the threat actors. Ov3r_Stealer can gather IP address-based locations, hardware information, passwords, cookies, credit card information, auto-fills, browser extensions, cryptocurrency wallets, Microsoft Office documents, and more.

Cybercriminals have expanded their botnet capabilities with about 3 million malware-infected smart toothbrushes. According to the Swiss newspaper Aargauer Zeitung, remotely controlled toothbrushes were pulled into a Distributed Denial-of-Service (DDoS) attack to access and disrupt a website belonging to a company in Switzerland. The threat actors behind the attack used flaws in the Java programming language to infect the smart toothbrushes. Then they used a single command to direct their requests to the server of interest.

According to the Military Intelligence and Security Service (MIVD) of the Netherlands, a Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices.  It was noted that despite backdooring the hacked systems, the damage from the breach was limited due to network segmentation.  The MIVD stated that the effects of the intrusion were limited because the victim network was segmented from the wider MOD networks.  The victim network had fewer than 50 users.