When an organization faces a ransomware attack and pays the malicious actors behind it to decrypt the encrypted data and delete the stolen data, there is no guarantee that the criminals will do what they promised. Even if an organization's data is decrypted, there is no guarantee that the stolen data has been wiped and will not be used or sold in the future.

Security researchers at FortiGuard have observed that attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary malicious servers to distribute the malware.

Toronto Zoo, the largest zoo in Canada, recently confirmed that a ransomware attack that hit its systems on early Friday, 1/5, had no impact on the animals, its website, or its day-to-day operations.  The zoo said it doesn't store any credit card information and is also investigating whether the incident affected its guests', members', or donors' records.  The zoo said that this incident has not impacted their animal well-being, care, and support systems, and they are continuing with normal zoo operations, including being open to guests.

Cisco Talos researchers collaborated with Dutch police to obtain a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that resulted in the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant that appeared in the wild shortly after the original malware's source code was leaked on a hacker forum. The threat actor used ProxyShell exploits on Microsoft Exchange servers to deploy the data-encrypting malware.

In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September.

According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year.  The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022.  This is an average of nearly 80 new CVEs per day.  The number of published CVEs has been steadily increasing since 2017.

According to security researchers at Nozomi Networks, vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization.  The researchers found security holes in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations.

A Nigerian national is going to go to jail for 10 years and one month and is ordered to pay almost $1.5m in restitution after being convicted of serious money laundering offenses.  Olugbenga Lawal, 33, of Indianapolis, Indiana, was convicted in August last year of conspiring to commit money laundering after three co-conspirators had already pleaded guilty to the same crime.  According to the Department of Justice (DoJ), he laundered millions of dollars generated by various internet fraud schemes, including romance scams and business email compromise (BEC).

According to a team led by researchers at Pennsylvania State University, people process information more efficiently on mobile phones but are less vigilant about misinformation than on Personal Computers (PCs), especially when users have developed a mobile phone routine or habit. The researchers also discovered that PC users are more likely to click on malicious links in phishing e-mails. Their findings have implications for cybersecurity and highlight the need for more alerts on mobile devices to combat misinformation and warnings on PCs to reduce susceptibility to phishing attempts.

In the attacks on Albanian organizations earlier in December 2023, Iran-linked hackers used wiper malware dubbed No-Justice. The attacks, linked to the Iranian threat actor known as Homeland Justice, targeted the Albanian parliament, two telecommunications companies, and the country's flag air carrier. Although the hackers claimed to have stolen data from the targeted systems, this claim has yet to be confirmed. ClearSky researchers identified two main tools used in this campaign: No-Justice and a PowerShell script.