According to researchers from the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT), ambient light sensors are vulnerable to privacy threats when embedded in a smart device's screen. The team has presented a computational imaging algorithm to recover an image of the environment from the perspective of the display screen using these sensors' subtle single-point light intensity changes in order to show how hackers could use them in conjunction with monitors.

The Farm and Food Cybersecurity Act would require the agriculture secretary to conduct a survey every two years on the state of cyber vulnerabilities and threats to the food and agriculture sectors, as well as collaborate with major intelligence community officials to perform exercises simulating industry-disrupting cyberattacks. According to the US Agency for International Development (USAID), cyberattacks on agriculture supply chains pose a significant threat to global food security because the sector's digitization enables hackers to disrupt farming equipment.

Quantum communication transmission rates have been limited by the "dead time" of single-photon detectors. Researchers at LG Electronics in South Korea recently revealed a new protocol to improve transmission rates while also increasing security. The novel protocol introduces techniques for overcoming the limitations posed by single-photon detectors' dead time and channel loss.

Three former Department of Homeland Security (DHS) employees have recently been sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.  The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced to 2 years of probation; and Murali Y. Venkata, also from the IT department, sentenced to 4 months in prison.

Schneider Electric, the energy management and automation giant, has been targeted in a Cactus ransomware attack, resulting in data theft. Researchers discovered that the ransomware attack targeted the company's Sustainability Business division. The attack disrupted some of Schneider Electric's Resource Advisor cloud platform, which continues to experience outages today. The ransomware group allegedly stole terabytes of data during the cyberattack and is now extorting the company by threatening to leak the data if the demanded ransom is not paid.

Researchers have discovered Faust, a new variant of the Phobos ransomware family, in the wild. According to Fortinet FortiGuard Labs, the latest variant of the ransomware is spread through an infection that delivers a Microsoft Excel document containing a VBA script. Security researcher Cara Lin says the attackers used the Gitea service to store several Base64-encoded files, each of which contained a malicious binary. These files trigger a file encryption attack when they are injected into a system's memory.

According to Forescout, Operational Technology (OT) is under constant attack, with key protocols facing many persistent attacks. Many of the attacks involve protocols used in industrial automation and power sectors, such as Modbus, Ethernet/IP, Step7, DNP3, and more. Persistence tactics have increased by 50 percent from 3 percent in 2022. Although most observed commands used by threat actors are still aimed at generic Linux systems, there is a noticeable trend of specific commands executed for network operating systems on widely used routers.

Threat actors installed the Pegasus spyware on phones belonging to several journalists in Togo. Pegasus spyware, developed by the Israeli company NSO Group, enables the controller to access and extract information from an exploited mobile device. The spyware can also intercept and transmit messages, emails, media files, passwords, and more without the user's knowledge or interaction. This article continues to discuss the infection of Togolese journalists' mobile devices with the Pegasus spyware.

The Kansas City Area Transportation Authority (KCATA) recently announced it was targeted by a ransomware attack on Tuesday, January 23.  KCATA is a bi-state public transit agency serving seven counties of Missouri and Kansas, operating 78 bus routes and 6 MetroFlex routes using a fleet of 300 buses.  The company reports that 10.5 million people use their services in a year.  The ransomware attack impacted all its communication systems.  KCATA noted that all services are operating, including fixed-route buses and Freedom and Freedom-On-Demand paratransit services.

A Canadian involved in numerous ransomware and other types of cyberattacks against businesses, government entities, and individuals in Canada was recently sentenced to two years in prison.  The man, Matthew Philbert, 33, of Ottawa, Ontario, was arrested by the Ontario Provincial Police in November 2021, following a 23-month investigation, being charged with fraud, computer intrusions, and intent to perform computer intrusions.  In December 2021, the US Department of Justice (DOJ) also announced charges against Philbert.