ESET researchers analyzed an increasing number of new OilRig downloaders used by the group in multiple campaigns in 2022 to maintain access to targeted Israeli organizations. OilRig is an Advanced Persistent Threat (APT) group believed to be based in Iran. Its operations, including the latest downloaders, are aimed at cyber espionage. Victims have included a healthcare organization, a manufacturing company, and a local government agency. This article continues to discuss the new lightweight downloaders used by the OilRig APT group in attacks against Israeli organizations.

Researchers have discovered 116 malicious packages in the Python Package Index (PyPI) repository. These packages are designed to install a custom backdoor on Windows and Linux systems. According to ESET researchers, in some cases, the final payload is a variant of the W4SP Stealer, or a clipboard monitor that steals cryptocurrency, or both. Since May 2023, the packages have likely been downloaded more than 10,000 times. This article continues to discuss the 116 malicious packages on the PyPI repository designed to infect Windows and Linux systems with a custom backdoor.

Idaho National Laboratory (INL) has recently started notifying 45,000 individuals that their personal information was stolen in a data breach last month.  The incident was identified on November 20 and impacted the Oracle Human Capital Management (HCM) software that INL uses for certain human resources applications.  INL noted that no INL systems nor other "networks or databases used by employees, lab customers or other contractors" were compromised as part of the attack.

A known ransomware group known as Snatch claims to have breached the systems of Kraft Heinz, but the food giant says it's unable to verify the cybercriminals' allegations.  The ransomware group publicly named Kraft Heinz on its website on December 14, but the post appears to have been created on August 16, which indicates that the attack occurred months ago.  Kraft Heinz said it's investigating claims of a cyberattack that occurred several months ago.

A ChatGPT vulnerability, described in a new report by a group of researchers from Google DeepMind, Cornell University, Carnegie Mellon University (CMU), UC Berkeley, ETH Zurich, and the University of Washington, exposes random training data that can be triggered only by telling the chatbot to repeat a specific word forever. According to the researchers, when ChatGPT is made to repeat a word such as "poem" or "part" forever, it will do so for a few hundred repetitions, then it will have a meltdown and begin outputting random text.

A well-known technique for lattice basis reduction has been improved by two researchers, unlocking new avenues for practical cryptography and mathematics experiments. Cryptography is essential for security in our increasingly digital lives. When sending a private message or paying a bill online, algorithms designed to keep this information private are critical. Some people seek to unveil those secrets, so researchers must work to put these systems to the test to ensure they can withstand sophisticated attacks.

The US Senate recently confirmed Harry Coker as the next National Cyber Director serving in the White House’s Office of the National Cyber Director (ONCD).  Coker previously served as executive director of the NSA and held various leadership positions in the CIA.  The role of National Cyber Director was established in 2021 after the massive SolarWinds hack came to light.  The ONCD will advise President Biden on cybersecurity policy and strategy.  

According to Zscaler's ThreatLabz 2023 State of Encrypted Attacks Report, most cyberattacks involve malware being hidden in encrypted web traffic. The spread of cyber threats through encrypted (HTTPS) web traffic is increasing year after year. It increased by 24 percent in 2023 compared to 2022. According to researchers at Zscaler,  this would amount to around 30 billion blocked threats. The report shows that 86 percent of cyberattacks now occur through encrypted channels. Malicious web content, malware payloads, and macro-based malware are all examples of encrypted malware.

Corvus Insurance recently did a study and found that threat actors are switching tactics to compromise their victims with ransomware, with more attacks now exploiting vulnerabilities rather than using phishing emails.  The insurer analyzed claims data from this year to better understand threat actor activity.  The insurer claimed that vulnerability exploitation rose as an initial access method from nearly 0% of ransomware claims in H2 2022 to almost a third in the first half of 2023.

According to new Sophos X-Ops research, ransomware gangs use media coverage of attacks to increase pressure on victims to meet their demands. An analysis conducted by Sophos X-Ops emphasized that ransomware groups and the media now have a closer relationship, suggesting that while hackers have traditionally been secretive, some now see the potential in using their publicity to strengthen extortion techniques.