Ruhr University Bochum security researchers discovered Terrapin, a vulnerability tracked as CVE-2023-48795 with a CVSS score of 5.9, in the Secure Shell (SSH) cryptographic network protocol. The exploitation of the flaw allows an attacker to downgrade the connection's security. Terrapin is a prefix truncation attack that compromises the integrity of SSH's secure channel.

According to researchers at Security Joes, there is a new variant of the Dynamic Link Library (DLL) search order hijacking technique that threat actors could use to evade security mechanisms and execute malicious code on Microsoft Windows 10 and Windows 11 systems. The approach involves executables commonly found in the trusted WinSxS folder and exploits them using the classic DLL search order hijacking technique. Through this method, malicious actors can avoid the need for elevated privileges when trying to run malicious code on a compromised machine.

Over $80m worth of cryptocurrency was recently stolen following a cyberattack on the cross-chain bridge project Orbit Chain.  The blockchain revealed the incident on January 1, 2024, informing users that an “unidentified access” to Orbit Bridge was confirmed on December 31, 2023.  The attackers stole 26,741.6 of Ether (ETH), which were transferred to five wallet addresses, and around 15,498,358 of DAI (a stablecoin on the Ethereum blockchain) transferred to three addresses.  This is worth a total of around $84.5 million at current prices.

Researchers have developed a decryptor that uses a flaw in the Black Basta ransomware and allows victims to recover their files for free. However, Bleeping Computer has discovered that the Black Basta developers fixed the bug in their encryption routine, thus preventing the decryptor technique from being used in newer attacks. Security Research Labs (SRLabs) developed the 'Black Basta Buster' decryptor after finding a flaw in the encryption algorithm applied for the gang's encryptors that enables the discovery of the ChaCha keystream used to XOR encrypt a file.

With about 50,000 cyberattacks reportedly thwarted every day, the United Arab Emirates (UAE) has spent the last year fortifying its digital borders and developing key partnerships in order to get ahead of attackers. Artificial Intelligence (AI) has been a major topic in the Middle East this year, with generative AI promising significant benefits. However, AI adoption poses risks as cybercriminals increasingly use AI tools for spoofing, creating phishing emails, and more. This article continues to discuss the UAE's vulnerability to cyber risks and efforts to boost cybersecurity.

An Ohio banking company recently announced that it was impacted by a “security incident” in April. Middlefield Bank experienced a data security incident that impacted certain computer systems and caused a temporary disruption to certain corporate operations around April 12, 2023. The company said it promptly launched an investigation and only recently concluded its review around November 21, at which time it was able to determine the individuals included in the potentially impacted data set.

According to the Court Services Victoria (CSV), court cases and tribunals in Australia have recently been impacted by a cybersecurity incident, with attackers potentially accessing recordings of hearings.  The CSV revealed the incident in a statement on January 2, 2024.  This public notice came some 12 days after the CSV was first alerted to the cyber incident on December 21, 2023.  The CSV said it took time to establish which recordings and transcripts were affected.

The Knight Foundation School of Computing and Information Sciences (KFSCIS) Research Symposium featured innovations in cybersecurity, Artificial Intelligence (AI), data science, federated learning, and more. Maryna Veksler, Harun Oz, and Mahshad Shariatnasab are three KFSCIS Ph.D. students who received top honors at the symposium for their work in cybersecurity and AI. Oz presented research on a newly discovered attack vector that may increase the risk of ransomware attacks.

The National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project aims to deliver cybersecurity guidance that will help consumers and operators of 5G networks adopt, deploy, and use 5G technology in a more secure and privacy-enhancing way. The NCCoE 5G Cybersecurity project involves building a 5G network using commercial-grade telecommunication components found in 5G networks worldwide.

A new study conducted by researchers at the University of Waterloo reveals that Large Language Models (LLMs) repeat conspiracy theories, harmful stereotypes, and other types of misinformation. The researchers tested an early version of ChatGPT's understanding of facts, conspiracies, controversies, misconceptions, and more. This study is part of the researchers' efforts to explore human-technology interactions and determine how to mitigate risks. They found that GPT-3 often made errors, contradicted itself, and repeated harmful misinformation.