A new Group-IB report warns of an increase in fake delivery websites. Group-IB's Computer Emergency Response Team (CERT-GIB) identified 587 fake postal resources in the first ten days of December, 34 percent more than in the last ten days of November. CERT-GIB has identified 1,539 phishing websites impersonating postal operators and delivery companies since the beginning of November.

It has recently been discovered that the BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals.  BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites.

The National Institute of Standards and Technology (NIST) has issued a Request for Information (RFI) to help implement its responsibilities under the recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The order requires NIST to develop guidelines for evaluation, red-teaming, and other activities, as well as to facilitate the development of consensus-based standards. NIST will also provide testing environments for AI system evaluation.

According to security researchers at vpnMentor, an unprotected database belonging to Real Estate Wealth Network was left accessible from the internet for an unknown period.  Founded in 1993 and based in New York, Real Estate Wealth Network is an online real estate education platform that provides subscribers with access to courses, training materials, and a community. The researchers noted that the unprotected database was 1.16 terabytes in size, containing more than 1.5 billion records.

Researchers have detailed two security flaws in Microsoft Outlook that, when exploited together, enable attackers to execute arbitrary code on impacted systems without requiring user interaction. They can both be triggered using a sound file. One of the flaws, tracked as CVE-2023-35384, is the second patch bypass discovered by Akamai researchers for a critical privilege escalation vulnerability in Outlook that Microsoft first patched in March.

There has been a significant shift to remote encryption among ransomware groups. Mark Loman, vice president of threat research at Sophos, points out that it only takes one vulnerable device to compromise a company's entire network, with remote ransomware. Attackers are aware of this, so they look for that one gap that most companies have. Remote encryption, also known as remote ransomware, occurs when a compromised endpoint is used to encrypt data on other devices on a network.

The Chameleon Android banking trojan has resurfaced with a new version that disables fingerprint and face unlock in order to steal device PINs and take over devices. The technique involves using an HTML page trick to gain access to the Accessibility service and a method to disrupt biometric operations. Earlier Chameleon versions discovered in April this year impersonated Australian government agencies, banks, and the CoinSpot cryptocurrency exchange. They conducted keylogging, overlay injection, cookie theft, and SMS theft on compromised devices.

Bugcrowd, the crowdsourced security platform, has updated its Vulnerability Rating Taxonomy (VRT) to include vulnerabilities in Large Language Models (LLMs). According to Casey Ellis, CSO of Bugrowd, the long-term goal is to "demystify" the technology and foster a more transparent vulnerability reporting environment. He adds that this will help alleviate security and privacy concerns about using generative Artificial Intelligence (AI) models. Bugcrowd's VRT is an open-source platform designed to facilitate the sharing of information regarding known software vulnerabilities.

ESET has recently released patches for several of its endpoint and server security products to address a high-severity vulnerability that could have been exploited to cause web browsers to trust sites that should not be trusted.  ESET noted that the flaw tracked as CVE-2023-5594 affected their products' SSL/TLS protocol scanning feature.  It could have caused browsers to trust websites with certificates signed with outdated and insecure algorithms.

Google recently announced emergency patches for a Chrome vulnerability that is under active exploitation.  This is the eighth zero-day documented this year.  Google noted that the issue is tracked as CVE-2023-7024 and is a high-severity heap buffer overflow bug in Chrome’s WebRTC component.  WebRTC (Web Real-Time Communication) is an open-source project that provides real-time communication via APIs.  Google is aware that an exploit for CVE-2023-7024 exists in the wild.