Multiple financially motivated threat groups have abused the MSIX ms-appinstaller protocol handler to infect Windows users with malware, prompting Microsoft to disable it again. Attackers exploited the Windows AppX Installer spoofing vulnerability to bypass security measures implemented to protect Windows users from malware. According to Microsoft, threat actors use malicious advertisements for popular software as well as Microsoft Teams phishing messages to distribute signed malicious MSIX application packages.

Cybercriminals have released 50 million stolen consumer records, including credit card data and Personally Identifiable Information (PII), as a "Free Leaksmas" gift. According to researchers at Resecurity, criminals posting on underground forums used the Free Leaksmas tag to promote the data, which included data stolen from companies and governments in a dozen countries.

The US Department of Defense recently published a proposed rule and requested public feedback for the Cybersecurity Maturity Model Certification (CMMC) program.  The CMMC program is meant to establish an assessment mechanism to verify that defense contractors and subcontractors have implemented the security measures required to protect federal contract information (FCI) and controlled unclassified information (CUI).

EasyPark Group, Europe’s largest parking application operator, has recently disclosed a data breach impacting customer information.  The company said it determined on December 10 that it was targeted in a cyberattack, and an investigation revealed that “non-sensitive customer data” had been compromised.  Data stolen by hackers includes name, phone number, physical address, email address, and partial IBAN or credit/debit card numbers.

Eagers Automotive, a vehicle dealer in Australia and New Zealand, recently announced that some of its operations have been disrupted due to a cyberattack that forced the company to halt trading on the Australian Securities Exchange.  The company announced a pause in trading on December 27 and revealed the next day that the cause was a cybersecurity incident that resulted in an outage of certain IT systems at some operational locations across Australia and New Zealand.

Nanyang Technological University (NTU) computer scientists have discovered a way to compromise Artificial Intelligence (AI) chatbots by training and using an AI chatbot to generate prompts capable of jailbreaking other chatbots. According to the team, jailbreaking involves computer hackers finding and exploiting flaws in a system's software to force it to do something its developers have purposefully restricted it from doing. The researchers named the method they used to jailbreak Large Language Models (LLMs), Masterkey.

A team of Information Technology (IT) security researchers from Technische Universität Berlin (TU Berlin) were able to activate a powerful "Elon mode" and gain access to secrets through Tesla's driving assistant. All Tesla models are said to be vulnerable to their demonstrated attack. The researchers were able to extract arbitrary code and user data from the system, including cryptographic keys and critical system components, allowing them to reconstruct how it works. They could also access a video with GPS coordinates that the previous owner of the vehicle had deleted.

Professor Chan Chi-hou, Chair Professor of Electronic Engineering at City University of Hong Kong (CityU), led a research team that advanced antenna technology by enabling the manipulation of all five fundamental properties of electromagnetic waves through software control. The team created a universal metasurface antenna that allows for independent and simultaneous manipulation of electromagnetic radiation amplitude, phase, frequency, polarisation, and direction.

IRONSCALES' Eyal Benishti provides a guide to establishing a phishing simulation testing program. Employee phishing training has become critical in developing a security-conscious workforce, lowering the risk of successful phishing attacks, and cultivating a resilient organizational culture capable of effectively responding to evolving cybersecurity threats. Today's average enterprise receives hundreds of phishing emails daily, with hundreds of thousands of attempts yearly.

Threat actors are using a new malware loader, tracked under the name Win/TrojanDownloader.Rugmi, to deliver various information stealers such as Lumma Stealer, Vidar, RecordBreaker, and Rescoms. According to researchers at ESET, this malware is a loader composed of a downloader that downloads an encrypted payload, a loader that executes the payload from internal resources, and another loader that runs the payload from an external file on the disk. The company's telemetry data shows that detections for the Rugmi loader increased significantly in October and November 2023.