Millions of names, usernames, and emails associated with public Trello boards have been made available for sale on the dark web, potentially leading to Account Takeover (ATO) and spear-phishing attacks. Atlassian, Trello's parent company, now says it has made changes to a critical Application Programming Interface (API) to prevent scraping attacks. Trello, a project management and collaboration platform, allows users to make their "boards" or workspaces publicly findable, facilitating collaboration between different companies and stakeholders.

In a recent SEC filing, Hewlett Packard Enterprise (HPE) revealed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government.  The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment.   HPE says that it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023.

Mozilla recently announced security updates for both Firefox and Thunderbird to patch 15 vulnerabilities, including five rated "high severity." The first high-severity flaw is an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the open-source graphics engine used as the default WebGL backend in both Firefox and Chrome.  Tracked as CVE-2024-0741, Mozilla noted that the issue could be exploited to corrupt memory and cause a crash that could potentially lead to denial of service or arbitrary code execution.

A team of researchers from Concordia and Hydro-Quebec conducted a study on the risks of cyberattacks faced by offshore wind farms. The researchers focused on wind farms that use Voltage-Source Converter High-Voltage Direct-Current (VSC-HVDC) connections, which are quickly becoming the most cost-effective solution for harvesting offshore wind energy. Offshore wind farms rely on complex, hybrid communication architecture, thus providing multiple entry points for cyberattacks.

Some Virtual Reality (VR) technologies pose significant privacy risks by improperly collecting and sharing users' data. Yan Shvartzshnaider, an assistant professor in the Electrical Engineering and Computer Science Department at York University's Lassonde School of Engineering, is working to address virtual privacy concerns and develop cybersecurity solutions.

Researchers at the University of Alabama in Huntsville (UAH) are leading a NATO collaboration to address emerging security challenges posed by quantum technologies. Quantum computers use quantum phenomena to solve mathematical problems that conventional computers find difficult or intractable. Researchers have stressed that quantum computers will eventually be able to break many of today's public-key cryptosystems, thus putting digital communications at risk.

Thousands of GitLab servers are vulnerable to zero-click Account Takeover (ATO) attacks involving the exploitation of a critical vulnerability. GitLab recently released security updates to address two critical vulnerabilities that affect both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 with a CVSS score of 10, enables ATO via Password Reset. Threat actors can use the flaw to hijack an account without user interaction. Most of the vulnerable servers are in the US (964), Germany (730), and Russia (721).

The US Securities and Exchange Commission (SEC) confirmed that a SIM swapping hack resulted in its X (Twitter) account getting hijacked. On January 9, hackers took control of the account and posted a false announcement claiming that the commission had approved Bitcoin futures Exchange-Traded Funds (ETFs). Due to the post, Bitcoin surged to a 19-month high before falling nearly 6 percent after SEC staff used Chair Gary Gensler's X account to reveal that the ETF announcement was false.

According to Ukraine's defense intelligence directorate (GUR), the pro-Ukraine hacker group called BO Team infiltrated the Russian State Research Center on Space Hydrometeorology, destroying its database and valuable equipment. The hackers claimed to have destroyed 280 servers and two petabytes of data, which included weather and satellite information, as well as unique research. GUR estimates that the lost data could cost Russia at least $10 million.

Security researchers at Menlo Security have observed a 198% increase in browser-based phishing attacks during the latter half of 2023 compared to the first half, with a 206% rise in evasive attacks.  Evasive attacks, designed to circumvent traditional security controls, now constitute 30% of all browser-based phishing assaults, according to the researchers.  These sophisticated tactics include SMS phishing, Adversary in the Middle (AITM) frameworks, image-based phishing, brand impersonation, and Multi-Factor Authentication (MFA) bypass.