AT&T warns of a new trend of malicious QR codes being embedded in phishing attempts. Some users recently received an email from Microsoft with an attached PDF file containing a QR code and an urgent message instructing users to enable multi-factor authentication (MFA). After scanning the QR code, users were redirected to a fake Microsoft sign-in page where they entered their username and password. Once entered, their legitimate login credentials were then stored and made available to the threat actor.

A recent study by Princeton University, Virginia Tech, and IBM Research reveals that fine-tuning Large Language Models (LLMs) can weaken the safety measures designed to prevent the models from generating harmful content such as malware, illegal activity, and child abuse content. As LLMs continue to evolve, businesses are becoming increasingly interested in fine-tuning these models for custom applications. LLM providers offering features and easy-to-use tools for customizing models for specific applications fuel this trend.

The maximum severity vulnerability in unpatched WS_FTP servers from Progress Software has been exploited in ransomware attacks. According to Sophos X-Ops, not all servers have been patched despite Progress Software releasing a fix for the vulnerability last month. Researchers say that the ransomware actors, self-described as the Reichsadler Cybercrime Group, attempted unsuccessfully to deploy ransomware payloads created with a LockBit 3.0 builder reportedly stolen in September 2022. This article continues to discuss the targeting of WS_FTP servers in ransomware attacks.

Due to the threat posed by Harvest Now, Decrypt Later (HNDL), data transmission itself is inherently vulnerable. To protect data from risks of the future, organizations must take proactive steps to secure data against quantum risks. In the HNDL strategy, malicious actors collect and store encrypted data to decrypt it later, either by capitalizing on technological advances and new cryptographic attacks or by using future quantum computers that can break our current encryption standards. This article continues to discuss the HNDL strategy. 

A threat actor has been compromising Skype and Microsoft Teams accounts to distribute DarkGate, a loader associated with information theft, keylogging, cryptocurrency mining, and Black Basta ransomware. According to Trend Micro researchers, 41 percent of the campaign targets are organizations in the Americas. Trend Micro noted that its researchers had observed the developer of DarkGate advertising the malware on underground forums and renting it out to affiliated threat actors as Malware-as-a-Service.

Networking equipment manufacturer Juniper Networks recently announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws.  The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges.  Tracked as CVE-2023-44194 (CVSS score of 8.4), the company noted that the flaw exists because a specific system directory has improper permissions associated with it.

In order to infect developers with the SeroXen Remote Access Trojan (RAT), malicious NuGet packages with over 2 million downloads impersonate cryptocurrency wallets, cryptocurrency exchanges, and Discord libraries. NuGet is an open-source package manager and software distribution system operating package hosting servers so users can download and use them for development projects. Researchers at Phylum discovered the malicious packages uploaded to NuGet by a user named 'Disti' and published a report warning of the threat. This article continues to discuss the malicious NuGet packages.

According to a new advisory issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, the AvosLocker ransomware gang has been linked to attacks targeting critical infrastructure sectors in the US. The joint advisory details the tactics, techniques, and procedures (TTPs) involved in the Ransomware-as-a-Service (RaaS) operation. The agencies said AvosLocker affiliates infiltrate organizations' networks using legitimate software and open-source remote system administration tools.

According to researchers at the FTC, fraud victims lost $2.7bn to scammers operating on social media between January 2021 and June 2023.  The FTC stated that the sum of money lost to fraud on sites like Instagram and Facebook dwarfed that lost via regular websites and apps ($2bn), phone calls ($1.9bn), and email ($900m).  Most common on social media were reports of online shopping scams (44%), particularly clothing and electronics that were purchased but never arrived.  Investment (20%) and romance fraud (6%) were also common during the period.

Computer scientists from the Artificial Intelligence (AI) security startup Mindgard and Lancaster University in the UK have demonstrated the possibility of copying large chunks of Large Language Models (LLMs) such as ChatGPT and Bard in less than a week for as little as $50. The information gathered from this copying can be used to perform targeted attacks. According to the researchers, these vulnerabilities enable attackers to reveal confidential information, evade guardrails, provide incorrect answers, or stage additional targeted attacks.