According to CloudSEK researchers, the dark web is experiencing a "gold rush" as threat actors target verified accounts on X, formerly Twitter, for large-scale attacks. There has been a surge of posts selling accounts with X gold verification on dark web forums, marketplaces, and Telegram channels. On X, verified organizations can buy a gold checkmark, which is part of the platform's verification system. Blue badges are available for premium subscribers, while gray badges are available for NGOs and government agencies.

"This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorized parties. This document is aimed primarily at providers of AI systems who are using models hosted by an organization, or are using external application programming interfaces (APIs).

The Security Service of Ukraine (SSU) has recently revealed that Russian intelligence hacked online surveillance cameras to spy on air defense activities and critical infrastructure in Kyiv ahead of recent missile strikes.  The SSU noted that the Kremlin was able to remotely control two residential cameras, which it used to collect information to target critical infrastructure in Ukraine’s capital Kyiv.  This likely includes the large-scale missile attack that took place on Tuesday, January 2, 2024, in which Russia fired around 100 drones and missiles against Kyiv and Kharkiv.

For the nation's most sensitive systems, cryptography is both the first and last line of defense. The quantum threat exists, and it is critical to modernize in order to protect these systems. In the new video for the National Security Agency's (NSA) Cybersecurity Speaker Series, NSA's Senior Cryptographic Authority, Dr. Adrian Stanger, and NSA's Cryptographic Solutions Technical Director, Dr. William J. Layton, discuss preparing for the post-quantum era with NSA's Cybersecurity Collaboration Center Chief of DIB Defense, Bailey Bickley.

In the days leading up to Christmas, cybercriminals leaked 50 million records on the dark web containing sensitive personal information. Many of the leaks on the dark web were labeled "Free Leaksmas," which could mean the threat actors were sharing their data with other cybercriminals out of mutual gratitude and to attract new customers. Researchers at Resecurity observed several threat actors releasing large data dumps nearly simultaneously on and just before Christmas Eve.

Printing solutions giant Xerox recently confirmed that its US-based subsidiary Xerox Business Solutions experienced a data breach.  The incident, the company says, was limited to Xerox Business Solutions US and was contained by its cybersecurity team.  The company noted that while the attack did not affect Xerox’s corporate systems and had no impact on the company’s operations or data, the investigation launched into the matter determined that personal information was compromised.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. The first is a recently patched flaw in Google Chrome, and the second bug affects Spreadsheet::ParseExcel, an open-source Perl library for reading information from Excel files. The agency has given federal agencies until January 23 to mitigate the two security flaws or to stop using the vulnerable products. The Remote Code Execution (RCE) flaw affects versions 0.65 and older of the Spreadsheet::ParseExcel library.

According to Zimperium, the rise in mobile banking is accompanied by a significant increase in financial fraud. Zimperium's research found that 29 malware families targeted 1,800 banking apps in 61 countries last year. In 2022, Zimperium discovered ten active malware families targeting 600 banking apps. Banking trojans continue to advance because of their persistence, security evasion, and avoidance of detection on mobile devices. US banking institutions are the most targeted by financially motivated threat actors. In 2023, 109 US banks were targeted by banking malware.

Malware that steals information is exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions and enable continuous access to Google services even if a password is reset. According to researchers at CloudSEK, the critical exploit helps with session persistence and cookie generation, thus allowing threat actors to maintain unauthorized access to a valid session. PRISMA, a threat actor, first revealed the technique on their Telegram channel on October 20, 2023.

According to Uri Dorot, senior security solutions lead at Radware, a new breed of destructive Distributed Denial-of-Service (DDoS) attacks, called the Web DDoS Tsunami, is causing significant problems worldwide. These attacks are unsatisfied with intense bursts of simple pings or flooding ports at layer 3 or 4. Instead, they are increasing the volume and intensity. In order to further understand Web DDoS Tsunami attacks, it is important to consider four basic dimensions: attack volume, attack duration, botnet type, and the type of attack transactions.