"CLOUD#REVERSER," a new attack campaign, uses Google Drive and Dropbox to stage malicious payloads. Securonix researchers said the CLOUD#REVERSER's VBScript and PowerShell scripts use Google Drive and Dropbox as staging platforms for managing file uploads and downloads. The scripts fetch files matching certain patterns, which suggests they are waiting for commands and scripts in Google Drive or Dropbox. A phishing email with a ZIP archive file containing a Microsoft Excel file-looking executable starts the attack chain.

Rui-Siang Lin, a Taiwanese national, is facing multiple life sentences after being arrested on suspicion of owning and running one of the dark web’s most successful drugs marketplaces. Rui-Siang Lin was arrested at JFK Airport in New York on Saturday. The 23-year-old is accused of operating the Incognito Market, which, since its inception in 2020, has apparently sold an estimated $100m of illicit drugs and misbranded prescription medication to customers around the world.

According to security researchers at Rapid7, over 60% of vulnerabilities discovered in network and security appliances in 2023 were exploited as zero days. Their research found that more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023 (53% vs 47%). The researchers noted that last year’s numbers represent a return to 2021 levels of widespread zero-day exploitation (52%), following a slight respite (43%) in 2022.

Some versions of the Intel Neural Compressor software for Artificial Intelligence (AI) model compression have a maximum severity vulnerability. The bug found in the software enables unauthenticated attackers to execute arbitrary code on Intel systems running impacted versions. According to Intel, the bug stems from improper input validation or user input sanitization. Since the vulnerability is remotely exploitable with low complexity and highly impacts data confidentiality, integrity, and availability, the chip maker gave it a maximum CVSS score of 10.

At-Bay reported a 64 percent increase in ransomware claims in the US in 2023. About 415 percent more "indirect" ransomware incidents occurred in 2023 than in 2022, driving this increase in ransomware claims. Remote access tools were the leading cause of loss, making up 58 percent of ransomware attacks. Double leverage attacks, which use both data encryption and exfiltration, increased by 51 percent in 2023, suggesting that threat actors shifted their tactics to pressure more victims into paying demanded ransoms.

According to researchers at Tenable, the popular logging utility Fluent Bit, which several major companies use, has a critical vulnerability that could enable Denial-of-Service (DoS) attacks, information disclosure, and Remote Code Execution (RCE). Fluent Bit is an open source data collector and processor that can handle large amounts of log data from various sources. With billions of downloads, the tool is deployed over 10 million times daily. Microsoft, Google Cloud, AWS, Cisco, LinkedIn, VMware, Splunk, Intel, Arm, and Adobe use it.

A new version of "BiBi Wiper" malware deletes the disk partition table, making data restoration harder and prolonging victim downtime. BiBi Wiper attacks on Israel and Albania are linked to "Void Manticore," also tracked as Storm-842, an Iranian hacking group suspected of being affiliated with Iran's Ministry of Intelligence and Security (MOIS). Security Joes discovered BiBi Wiper in October 2023, and Israel's CERT warned in November 2023 of large-scale offensive cyber operations involving it against critical organizations.

IBM X-Force warns of a new "Grandoreiro" banking Trojan campaign. After a January law enforcement takedown, the Grandoreiro banking Trojan operators resumed operations. The recent campaign targeted more than 1,500 banks in over 60 countries in Central and South America, Africa, Europe, and the Indo-Pacific. Grandoreiro, a modular backdoor, is capable of keylogging, command execution, imitating mouse movements, and more. This article continues to discuss findings regarding the new Grandoreiro banking Trojan campaign.