ESET has released its H2 2023 threat report, which highlights cybercriminals' use of the ChatGPT name, the rise of the Lumma Stealer malware, the Android SpinOk Software Development Kit (SDK) spyware, and other issues. In the second half of 2023, ESET blocked 650,000 attempts to access malicious domains with "chatgpt" or a similar string in the name. Lumma Stealer, also known as LummaC2 Stealer, is a Malware-as-a-Service (MaaS) threat that targets multiple cryptocurrency wallets, user credentials, and Two-Factor Authentication (2FA) browser extensions.

The US Cybersecurity and Infrastructure Security Agency (CISA) included creating a "security.txt" file as one of the priority Cybersecurity Performance Goals (CPGs). When security researchers and bug hunters find flaws in an organization's ecosystem, they must know who to contact. Researchers may be unable to quickly determine where to report vulnerabilities if there are no clear reporting channels in place, leaving the organization vulnerable to attackers. However, all organizations can overcome this challenge using a simple security.txt file.

Xamalicious is a new Android backdoor that can perform various malicious actions on infected devices. The malware discovered by the McAfee Mobile Research Team was created using an open-source mobile app framework called Xamarin. It exploits the operating system's accessibility permissions to achieve its goals. It can also gather metadata about the compromised device and contact a command-and-control (C2) server to retrieve a second-stage payload, but only after determining whether it meets the criteria.

Distributed Denial-of-Service (DDoS) attacks have far-reaching consequences beyond inconvenience, as they can cause financial losses, result in compromised data, and erode customer trust. It is important for organizations and individuals to gain further insight into the nature and consequences of DDoS activity to protect their online presence and ensure that critical services continue to flow. To help organizations improve their cybersecurity strategies, Help Net Security has highlighted some excerpts from DDoS attack surveys covered in 2023.

Foreign cyber actors, mainly based in Russia, Iran, and China, are increasing their efforts to influence US audiences ahead of the 2024 national elections. Doppelganger, a Russia-based influence operation, is one example that has established several fake news sites and social media accounts to share stories aimed at inciting political and social divisions in the US in the run-up to the elections. A December 2023 report from Recorded Future identified the Doppelganger group, operating through three sites, each posing as a legitimate news outlet.

Integris Health, Oklahoma's largest non-profit healthcare system, has recently started informing patients of a data breach impacting their personal information.  The data breach occurred at the end of November, but the attack did not impact the healthcare provider's operations.  The company announced that the compromised personal information includes names, contact information, dates of birth, demographic data, and Social Security numbers.  Integris Health says that the personal information potentially affected varies by individual.

Since 2019, Operation Triangulation spyware attacks on iPhone devices have used undocumented features in Apple chips to evade hardware-based security protections. Over the past year, analysts have been reverse-engineering the sophisticated attack chain to get further details on the campaign discovered in June 2023. The use of obscure hardware features, most likely reserved for debugging and factory testing, to execute spyware attacks against iPhone users suggests that an advanced threat actor carried out the campaign.

The systems and operations of First American Financial Corporation and several of its subsidiaries appear to have been significantly disrupted by a cyberattack. First American provides title insurance and settlement services to the real estate and mortgage industries. It’s one of the largest title insurance companies in the United States.

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS has recently confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people.  The company announced that the hackers stole personal information from 82,128 people during a December 2022 data breach.  Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.