A CACTUS ransomware campaign has been spotted gaining a foothold in targeted environments by exploiting previously discovered security holes in the cloud analytics and business intelligence platform Qlik Sense. According to Arctic Wolf researchers Stefan Hostetler, Markus Neis, and Kyle Pagelow, this is the first documented instance of threat actors deploying CACTUS ransomware, exploiting vulnerabilities in Qlik Sense for initial access.

FjordPhantom, a new Android malware, was discovered using virtualization to execute malicious code in a container and avoid detection. Promon discovered the malware, which is currently spreading via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia. Victims are tricked into downloading what seem to be legitimate banking apps but contain malicious code that runs in a virtual environment to attack the real banking app. FjordPhantom's goal is to steal online banking credentials and manipulate transactions through on-device fraud.

Following news that Iran-linked attackers had taken control of a Programmable Logic Controller (PLC) at a water system facility in Pennsylvania, a public alert was published by the Cybersecurity and Infrastructure Security Agency (CISA) urging other water authorities to secure their PLCs immediately. The cyber threat actors most likely gained access to the affected device, a Unitronics Vision Series PLC with a Human Machine Interface (HMI), by exploiting cybersecurity vulnerabilities such as poor password security and Internet exposure, according to CISA.

Marco Liberale, a 13-year-old from Saudi Arabia, recently presented on navigating ransomware at the Black Hat Middle East and Africa conference. He taught himself lockpicking at the age of three, Python coding at the age of five, and malware writing shortly after. Liberale's presentation was praised, particularly by researcher and Boom Supersonic CISO Chris Roberts, who pointed out that Liberale demonstrated how to write, build, design, and launch ransomware. He also showed how to protect systems from being taken over by it.

American office supply retailer Staples took down some of its systems on November 27th after a cyberattack to contain the breach's impact and protect customer data.  Staples operates 994 US and Canada stores and 40 fulfillment centers for nationwide product storage and dispatch.  The company noted that the response measures disrupted its business operations, specifically the backend processing and product delivery.

The US Department of the Treasury recently announced sanctions against cryptocurrency mixer Sinbad for laundering stolen cryptocurrency for the North Korean state-sponsored hacking group Lazarus.  Sinbad, the Treasury says, is the preferred mixing service for Lazarus and is responsible for laundering millions of dollars in stolen cryptocurrency for the nation state threat actor.  Sinbad operates on the Bitcoin blockchain, and the mixer obfuscates illicit transactions' origin, destination, and counterparties.

According to researchers at Corvus Insurance, a prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022.  The researchers used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group.  The tool helped the researchers uncover patterns in the group’s online activities, which enabled them to trace a large number of Bitcoin ransoms with a high degree of certainty.  The researchers found that Black Basta has received at least $107m in ransom payments since early 2022 across more than 90 victims.

A major data breach at IT provider Zeroed-In Technologies has impacted nearly two million end users, including thousands of Dollar Tree and Family Dollar employees.  The data breach affected 1,977,486 users on August 7-8, 2023.  Zeroed-In Technologies stated that the investigation determined that an unauthorized actor gained access to certain systems between August 7, 2023, and August 8, 2023.  The company found that the threat actor stole names, dates of birth, and Social Security numbers.

Computer scientists led by Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis, created AntiFake, a tool to protect voice recordings from unauthorized speech synthesis. Recent advancements in generative Artificial Intelligence (AI) have accelerated progress in realistic speech synthesis.

A recent North Korean attack on a Taiwanese company spreads malware to the United States, Canada, Japan and Taiwan. Microsoft discovered that a hacker gang known as Diamond Sleet gained access to a Taiwan software company CyberLink Corporation producers of audio, video, and photo editing software. They added malware to the application installer and managed to get their modified version signed with a CyberLink certificate and hosted on a valid update system. The code checks to see if security software from CrowdStrike, FireEye, or Tanium is present before running the malicious code.