Security researcher MalwareHunterTeam has found a sample of the Qilin ransomware gang's VMware ESXi encryptor, and it could be one of the most advanced and customizable Linux encryptors seen to date.  The researcher noted that enterprises are increasingly moving to virtual machines to host their servers, as they allow for better usage of available CPU, memory, and storage resources.  Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi encryptors to target these servers.

Researchers have discovered a new variant of the botnet called P2PInfect that can target routers and Internet of Things (IoT) devices. According to Cado Security Labs, the latest version is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, thus increasing its capabilities and impact. P2PInfect, a Rust-based malware, was first reported in July 2023, targeting unpatched Redis instances and gaining initial access through a critical Lua sandbox escape vulnerability, tracked as CVE-2022-0543 with a CVSS score of 10.0.

There has been a significant increase in attacks involving malicious files in Microsoft Office document formats. In 2023, malicious Microsoft Office documents and other popular document formats, such as PDFs, were used in 53 percent more attacks. Windows remains the top target for cybercriminals, accounting for 88 percent of all malware detected daily.

AeroBlade, a previously unknown cyber espionage hacking group, was discovered targeting organizations in the US aerospace sector. BlackBerry found the campaign unfolding in two phases: a testing wave in September 2022 and a more advanced attack in July 2023. In order to gain initial access to corporate networks, the attacks use spear-phishing with weaponized documents. A reverse-shell payload capable of file listing and data theft is dropped. BlackBerry believes the goal of the attacks was commercial cyber espionage to gather valuable information.

Security professionals should view Artificial Intelligence (AI) similarly to any other significant technological advancement. It has the potential to do immeasurable good in the right hands, but there will always be someone who wants to use it to harm others. For example, ChatGPT and other generative AI tools are being used to help scammers create convincing phishing emails, but the less-known uses should worry CISOs. Large Language Models (LLMs) such as OpenAI's ChatGPT, Meta's LLaMA, and Google's PaLM2 are some of the most common and accessible AI tools.

Interpol arrested a fugitive smuggler in November using a new biometric security system that will be rolled out across its 196 member countries. The "Biometric Hub" gathers Interpol's existing fingerprint and facial recognition data, enabling border control and frontline officers to query criminal biometric records in real-time. Certain privacy guarantees back the system, but questions remain about the scope of its reach and any organization's ability to keep such privileged data under lock and key.

Vladimir Dunaev, 40 and a Russian national, recently pleaded guilty to his involvement in developing and deploying the TrickBot malware, which was used in cyberattacks against organizations worldwide, including hospitals and schools, causing tens of millions of dollars in losses. TrickBot came to life in 2016 and was used to steal money and information. It acted as an initial access vector for other malware families, including ransomware such as Ryuk and Conti. The operation was taken down by law enforcement in 2022.

The Intelligence Advanced Research Projects Activity (IARPA) wants to provide novel technologies that will help law enforcement and the Intelligence Community (IC) better attribute the sources of malicious cyberattacks. Securing Our Underlying Resources in Cyber Environments (SoURCE CODE) is a program aimed at providing technologies to help forensic experts identify the most likely attackers based on coding styles in both source code and binary executables.

The International Committee of the Red Cross (ICRC) wants to protect its digital infrastructure and that of humanitarian organizations with a digital emblem in response to warfare increasingly spreading into cyberspace. Cyberattacks on critical digital infrastructure cause more than just financial and logistical harm. They can also have disastrous humanitarian consequences in hospitals. ETH Zurich computer scientists collaborated with ICRC to develop a protective emblem that can be easily and affordably integrated into existing digital systems around the world.

The sensitive legal court filings discovered by security researcher Jason Parker to be exposed to the open Internet for anyone to access, include witness lists, mental health evaluations, detailed allegations of abuse, corporate trade secrets, and more. The court records system, which is the technology stack used to submit and store legal filings for criminal trials and civil legal cases, is at the heart of any judiciary.