The complexity of Application Programming Interface (API) security continues to grow as technology advances. The rise of APIs in modern applications and services calls for organizations to better understand their API environments and the operational risks that APIs pose. Graylog CEO Andy Grolnick highlights several key trends and predictions that will shape the API security landscape in 2024. According to Grolnick, the number of targeted application-level attacks will increase.

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new phishing campaign launched by the Russia-linked APT28 group to steal sensitive information. The campaign involves previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK. The agency discovered the activity between December 15 and December 25, 2023, targeting government entities with email messages urging recipients to click on a link to view a document. This article continues to discuss the APT28 group's new phishing campaign that distributes OCEANMAP, MASEPIE, and STEELHOOK.

The shift toward content credentials comes as interest in automated deepfake-detection systems wanes. The Coalition for Content Provenance and Authenticity (C2PA) group combines the Adobe-led Content Authenticity Initiative and Project Origin, a media provenance effort. In 2021, initial standards were released for attaching cryptographically secure metadata to image and video files. Any change to the file in its system is automatically reflected in the metadata, breaking the cryptographic seal and revealing any tampering.

Multiple financially motivated threat groups have abused the MSIX ms-appinstaller protocol handler to infect Windows users with malware, prompting Microsoft to disable it again. Attackers exploited the Windows AppX Installer spoofing vulnerability to bypass security measures implemented to protect Windows users from malware. According to Microsoft, threat actors use malicious advertisements for popular software as well as Microsoft Teams phishing messages to distribute signed malicious MSIX application packages.

Cybercriminals have released 50 million stolen consumer records, including credit card data and Personally Identifiable Information (PII), as a "Free Leaksmas" gift. According to researchers at Resecurity, criminals posting on underground forums used the Free Leaksmas tag to promote the data, which included data stolen from companies and governments in a dozen countries.

The US Department of Defense recently published a proposed rule and requested public feedback for the Cybersecurity Maturity Model Certification (CMMC) program.  The CMMC program is meant to establish an assessment mechanism to verify that defense contractors and subcontractors have implemented the security measures required to protect federal contract information (FCI) and controlled unclassified information (CUI).

EasyPark Group, Europe’s largest parking application operator, has recently disclosed a data breach impacting customer information.  The company said it determined on December 10 that it was targeted in a cyberattack, and an investigation revealed that “non-sensitive customer data” had been compromised.  Data stolen by hackers includes name, phone number, physical address, email address, and partial IBAN or credit/debit card numbers.