The National Security Agency has published their 2023 Cybersecurity Year in Review!

In an effort to be more transparent, the National Security Agency publishes an annual year in review sharing information regarding cybersecurity efforts that better equipped U.S. defenses against high priority cyber threats. NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services.

A malicious campaign has used a legitimate GitHub profile to spread information-stealing malware. Russian-speaking threat actors have impersonated 1Password, Bartender 5, and other legitimate applications to distribute Atomic macOS Stealer (AMOS), Vidar, Lumma, and Octo malware. The malware operations shared Command-and-Control (C2) infrastructure, suggesting the use of a centralized setup in cross-platform attacks to increase efficiency.

According to researchers at Belgium's KU Leuven, attackers can exploit a fundamental design flaw in the IEEE 802.11 Wi-Fi standard to trick victims into connecting to a less secure wireless network. The Virtual Private Network (VPN) review site Top10VPN, which worked with one of the KU Leuven researchers to release details about the flaw, warns that such attacks increase the risk of traffic interception and manipulation. The flaw impacts Wi-Fi clients across all Operating Systems (OS).

Researchers have found almost a dozen security flaws that affect the GE HealthCare Vivid Ultrasound product family. The exploitation of these vulnerabilities could allow malicious actors to tamper with patient data and install ransomware. From implanting ransomware on the ultrasound machine to accessing and manipulating patient data on vulnerable devices, the Operational Technology (OT) security vendor Nozomi Networks said these flaws have many effects.

Google recently announced the release of Chrome 125 to the stable channel with patches for nine vulnerabilities, including four reported by external researchers. The most critical bug is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine that has already been exploited. Google noted that successfully exploiting the vulnerability could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Researchers have discovered a sophisticated cyber campaign targeting US Artificial Intelligence (AI) organizations. "UNK_SweetSpecter," a May 2024 campaign, uses the "SugarGh0st RAT," a "Gh0stRAT"-based Remote Access Trojan (RAT). This variant, which Chinese-speaking threat actors have used, now targets AI-related entities. Proofpoint reported that the attacks used a free email account to send AI-themed lures to open zip archives. This article continues to discuss the campaign involving the SugarGh0st RAT variant.

The North Korean hacker group "Kimsuky" is now using "Gomir," a new Linux malware and version of the GoBear backdoor. Kimsuky is a state-sponsored threat actor connected to North Korea's military intelligence, the Reconnaissance General Bureau (RGB). Symantec researchers found a Linux variant of the GoBear backdoor while investigating a campaign reported by researchers at the SW2 threat intelligence company in early February 2024 that targeted South Korean government organizations. This article continues to discuss the Kimsuky hackers' use of a new Linux backdoor.

According to Check Point, 61 percent of organizations reported cloud security breaches in the past year, up from 24 percent the year before. Over 800 cloud and cybersecurity professionals provided their insights to the 2024 Cloud Security Report.

In a new update, the City of Wichita, Kansas, has revealed that files containing personal information were stolen in a ransomware attack in early May. The city disclosed the incident on May 5, when certain systems were shut down as a containment measure to stop the spreading of file-encrypting ransomware deployed during the attack. This week, Wichita revealed that, between May 3 and 4, the attackers copied certain files from its network, and those files contained personal information.

Nissan North America (NNA) recently notified consumers that a ransomware attack caused the loss of certain personal information relating to current and former NNA employees, including Social Security numbers. In a filing to the Maine Attorney General’s Office, NNA said the cybersecurity incident affected 53,038 individuals, including the NNA employees and consumers. The company noted that the date of the breach was Nov. 7, 2023, but was not discovered until Feb. 28 of this year.