Security researchers at threat intelligence and incident response firm Volexity have started seeing widespread exploitation of the recently disclosed Ivanti Connect Secure VPN appliance vulnerabilities. The researchers warned on January 10 that they had seen threat actors, a group tracked as UTA0178 and likely linked to China, exploiting two Ivanti VPN zero-day vulnerabilities in an attempt to gain access to internal networks and steal information. The vulnerabilities are an authentication bypass flaw tracked as CVE-2023-46805 and a command injection issue tracked as CVE-2024-21887.

According to security researchers at Egress, email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack.  This is up 2% from the previous year.  The researchers found that the top three phishing techniques used throughout 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts.

Security researchers at Microsoft and the Pacific Northwest National Laboratory (PNNL) have used artificial intelligence (AI) and supercomputing to discover a brand new substance which could reduce lithium use in batteries.  The researchers say that the material could potentially reduce lithium use by up to 70%.  Since its discovery, the new material has been used to power a lightbulb.

Security researchers at Bishop Fox have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.  The researchers noted that these appliances are affected by two DoS security flaws tracked as CVE-2022-22274 and CVE-2023-0656, the former also allows attackers to gain remote code execution.

Juniper Networks has recently published more than two dozen security advisories to inform customers about well over 100 vulnerabilities affecting its products, with a majority of the flaws impacting third-party components.  The company has released patches and mitigations for the vulnerabilities, most of which affect its Junos operating system.  The most serious of the flaws is CVE-2024-21591, which affects Junos OS on SRX series firewalls and EX series switches.

Netscout has announced that malicious actors are increasingly abusing free cloud services, which has led to a significant spike in botnet scanning activity.  Netscout typically sees 10,000-20,000 IP addresses conducting internet scans every day.  However, the company observed an increase to more than 35,000 devices on December 8 and another spike that reached 43,000 devices on December 20.  According to the company, the number of source IPs associated with scanning activity saw a sharp increase on several days since, peaking on January 5, with nearly 1.3 million IPs.

Europol has recently announced that a 29-year-old man in Ukraine was arrested for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.  The suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for cryptomining.  Europol noted that by using the computing resources of others' servers to mine cryptocurrency, cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

In a recent study, a team of LG Electronics researchers developed a new protocol for Quantum Secure Direct Communication (QSDC), which aims to improve the security and transmission rate of quantum communication systems. QSDC is a method of directly transmitting messages through a quantum channel without using a secret key. The new method could overcome challenges in transmission rates stemming from limitations imposed by the dead time of Single Photon Detectors (SPDs). This article continues to discuss the QSDC method.

A team of researchers at the University of Copenhagen is developing a language for discussing weaknesses in Machine Learning (ML) algorithms, which could lead to the creation of guidelines describing how algorithms should be tested. In the long run, this may lead to the development of better, more stable algorithms. One of the potential applications of this work could be testing algorithms for digital privacy protection. Some companies may claim to have made a secure solution for privacy protection.

SentinelLabs warns of FBot, a sophisticated Python-based malware that targets cloud and payment services. The FBot malware poses a significant threat, targeting web servers, cloud services, and Software-as-a-Service (SaaS) platforms, including Amazon Web Services (AWS), PayPal, and more. According to researchers, FBot has a smaller footprint than similar tools, suggesting private development and a more focused distribution strategy. The malware features an IP address generator, port scanner, email validator, and many other tools.