New research by David Choffnes, an associate professor of computer science at Northeastern University, and a team of others explores the privacy and security flaws of smart home devices, also known as the Internet of Things (IoT). The team tested 93 IoT devices to see how they interacted within a local network for the study. They discovered security flaws in the way these devices' mobile apps work.

Google warns of a public Proof-of-Concept (PoC) exploit called Google Calendar RAT (GCR) that uses the Calendar service to host Command-and-Control (C2) infrastructure. Google has yet to observe the use of GCR in the wild, but Mandiant has observed that multiple actors have shared the public PoC on underground forums. The misuse of the Google service makes it difficult for defenders to detect malicious activity. This article continues to discuss threat actors using GCR to abuse Google's Calendar service as C2 infrastructure.

Palo Alto Networks' Unit 42 has revealed an active attack campaign in which a threat actor searches GitHub repositories in real-time for Amazon Identity and Access Management (IAM) credentials and begins using them less than five minutes later. On virtual machines deployed on Amazon instances, the final payload runs customized Monero cryptocurrency mining software. GitHub provides many features for managing code on the platform.

A new Akamai Technologies report titled "The State of Segmentation 2023" highlights the growing number of ransomware attacks and the need for microsegmentation to recover from them. The report is based on a survey of 1,200 computer professionals working for large companies. Although microsegmentation is one of the best ways to protect their digital assets, less than a third of respondents used more than two network segments.

According to a new study on cloud-native security, many cloud adopters do not understand the security risks of moving legacy applications to the cloud, leaving them vulnerable to various cloud-based attacks. Venafi surveyed 800 security and Information Technology (IT) leaders from organizations in the US, UK, Germany, and France. The study explored the top threats and challenges facing cloud-native security.

The US government has sanctioned a Russian national for allegedly laundering millions of dollars in victim ransom payments on behalf of people associated with the Ryuk ransomware group. According to the US Treasury's Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova is accused of using virtual currency exchange transfers and fraudulent accounts to launder money for Russian ransomware gangs and others to help them avoid economic sanctions imposed on Russia's financial system following the February 2022 Ukraine invasion.

Aqua Nautilus researchers reported the first instance of an exploit attack on the "Looney Tunables" Linux privileged escalation vulnerability. They say they are "100% certain" that the threat actor Kinsing was behind the attack, but they are not ready to reveal how. Kinsing poses a significant threat to cloud environments, specifically Kubernetes clusters, Docker Application Programming Interfaces (APIs), Redis servers, and Jenkins servers.

Socks5Systemz, a proxy botnet, has infected about 10,000 systems through the PrivateLoader and Amadey malware loaders. Infected computers become traffic-forwarding proxies for malicious, illegal, or anonymous traffic. It charges subscribers between $1 and $140 per day in cryptocurrency to access this service. Socks5Systemz is described in detail in a BitSight report, which states that the proxy botnet has been active since at least 2016, but has remained relatively unknown until recently. This article continues to discuss the Socks5Systemz proxy botnet.

SecuriDropper is a new Dropper-as-a-Service (DaaS) for Android capable of bypassing Google's new security restrictions and delivering malware. Dropper malware on Android is designed to act as a conduit for a payload to be installed on a compromised device, making it a profitable business model for threat actors who can advertise the capabilities to other cybercriminals. Furthermore, doing so allows adversaries to separate the development and execution of an attack from the malware installation.

According to a new report from researchers at Duke University's Sanford School of Public Policy, data brokers are selling large amounts of highly sensitive data on American military service members. The study delves into the data broker industry, which collects personal information on individual consumers before selling it to marketers. The industry has grown rapidly in recent years, prompting California to enact a law that lets consumers prevent data brokers from gathering and selling their information with the click of a button.