According to a new Georgia Tech cybersecurity study on the current state of password policies across the Internet, three out of four of the world's most popular websites fail to meet minimum requirement standards, allowing tens of millions of users to create weak passwords. Researchers discovered that 12 percent of websites completely lacked password length requirements. They made this discovery using a first-of-its-kind automated tool that can assess a website's password creation policies. Assistant Professor Frank Li and Ph.D.

Nitin Natarajan, Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), recently joined the Treasury Federal Insurance Office and the New York University Stern School of Business’ Volatility and Risk Institute at their conference on Catastrophic Cyber Risk and a Potential Federal Insurance Response, where he announced that CISA will relaunch the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG).

LockBit has become more visible, with several high-profile victims appearing on the group's website. The group hit the spotlight in 2019. Its high-profile victims include the UK's Royal Mail and the Ministry of Defence, as well as the Japanese cycling component manufacturer Shimano. LockBit has been linked to nearly 2,000 victims in the US alone since it first appeared on the cybercrime scene. This article continues to discuss insights from researchers at Edith Cowan University on the LockBit gang.

A federal government agency revealed that over 330,000 Medicare recipients were affected by a sensitive data leak in the latest disclosures about a Russian ransomware gang's exploitation of the popular MOVEit file transfer service. The US Center for Medicare & Medicaid Services (CMS) provides health coverage to over 160 million people through Medicare, Medicaid, the Children's Health Insurance Program, and the Health Insurance Marketplace.

SneakyPrompt is a new algorithm developed by a team of researchers that generates commands to circumvent the safety filters of text-to-image generative Artificial Intelligence (AI) models such as DALL-E 2 and Midjourney. The goal of this study is to find ways to improve those safeguards in the future. The algorithm's creators, which include researchers from Johns Hopkins University in Baltimore and Duke University in Durham, North Carolina, will present their findings at the IEEE Symposium on Security and Privacy in San Francisco in May 2024.

More than 250 organizations recently participated in GridEx VII, the seventh edition of the biennial exercise focusing on the security of the electrical grid in the United States and Canada.  GridEx is organized by the Electricity Information Sharing and Analysis Center (E-ISAC) at the North American Electric Reliability Corporation (NERC) and is the largest grid security exercise in North America.  GridEx VII's main focus was testing crisis response and recovery plans for cyber and physical threats targeting the electrical grid.

A team of researchers from MIT, the MIT-IBM Watson AI Lab, and other organizations developed a method for deep learning models to efficiently adapt to new sensor data directly on an edge device, thus increasing security and more. Personalized deep learning models can power Artificial Intelligence (AI) chatbots that adapt to understand a user's accent, as well as smart keyboards that regularly update to better predict the next word based on a user's typing history. This customization requires constant Machine Learning (ML) model fine-tuning with new data.

According to Check Point researchers, the Russia-linked cyber espionage group Gamaredon has been spreading a worm called LitterDrifter through USB attacks against Ukraine. Gamaredon, also known as Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa, has been active since 2014, with most of its activity focused on Ukraine. The Gamaredon Advanced Persistent Threat (APT) group continues targeting entities in Ukraine, including security services, military, and government organizations.

The LummaC2 stealer malware, also known as Lumma Stealer, now includes a new anti-sandbox technique that uses the mathematical principle of trigonometry to avoid detection and exfiltrate valuable data from infected hosts. The method is supposed to "delay detonation of the sample until human mouse activity is detected," according to Outpost24 security researcher Alberto Marn. LummaC2, which is written in the C programming language, has been sold in underground forums since December 2022.

Cybersecurity researchers at Abnormal Security have uncovered a charity attack exploiting the ongoing events in Gaza and Israel.  The researchers noted that cybercriminals targeted 212 individuals across 88 organizations, attempting to manipulate sympathy for children in Palestine to solicit fraudulent donations.  The attackers, posing as a group from “help-palestine.com,” urged recipients to contribute to a campaign supposedly providing vital support to families in Palestine.