Group-IB researchers have detailed the operations of a threat actor named "Boolka." Their activities include launching sophisticated malware and web attacks. The group has been exploiting vulnerabilities through SQL injection attacks on websites since 2022. The injected scripts intercept user inputs to steal data. In January 2024, Group-IB analysts found a Boolka-linked landing page that distributed the "BMANAGER" modular Trojan. This discovery revealed Boolka's malware delivery platform, which leverages the BeEF framework.

A flaw in a premium Facebook module for PrestaShop named "pkfacebook" allows hackers to use a card skimmer on vulnerable e-commerce websites to steal credit card information. PrestaShop is an open source e-commerce platform where individuals and businesses develop and manage online stores. Promokit's pkfacebook add-on lets shop visitors log in with Facebook, leave comments on shop pages, and chat with support agents via Messenger. The critical SQL injection vulnerability in pkfacebook's facebookConnect.php Ajax script enables remote attackers to trigger SQL injection using HTTP requests.

In an attack called "SnailLoad," computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users' online activities in detail by analyzing fluctuations in the speed of their Internet connection. The attack does not require malicious code or access to the data traffic. Internet users leave traces on websites and online services. Firewalls, Virtual Private Network (VPN) connections, and browser privacy modes are measures that provide some level of data protection.

"Rafel" is an open source Android RAT used by multiple threat actors, including an espionage group. According to an earlier Check Point Research (CPR) report, Rafel had already been linked to the "APT-C-35/DoNot Team." CPR highlighted the RAT's remote access, surveillance, data exfiltration, and persistence maintenance capabilities. Through collecting malware samples and analyzing around 120 Command-and-Control (C2) servers, CPR identified the US, China, and Indonesia as the most impacted countries. Most of the devices infected were Samsung phones, followed by Xiaomi, Vivo, and Huawei.

The Electronic Frontier Foundation (EFF) warns of risks and threats associated with mass surveillance technologies after the disclosure of several potentially severe vulnerabilities in Automated License Plate Readers (ALPRs). ALPRs are high-speed camera systems that automatically capture license plate numbers in their view. They can also capture location, date, time, and other data. The organization's latest warning follows the US Cybersecurity and Infrastructure Security Agency's (CISA) advisory about vulnerabilities in Vigilant license plate readers made by Motorola Solutions.

Researchers at the University of Texas at Arlington (UTA) have developed software that prevents Artificial Intelligence (AI) chatbots like ChatGPT from creating phishing websites. Their software enables AI chatbots to better detect and reject instruction prompts that could be used to develop phishing websites. AI chatbots have built-in detection capabilities, but the team found loopholes that could sidestep them and abuse the chatbots to launch these attacks. This article continues to discuss the tool developed to prevent AI phishing scams.

In collaboration with Google, Florida International University (FIU) researchers have identified a new threat: ransomware over a browser, which is malware embedded in a browser. According to the researchers, this threat is not specific to a particular browser type or version. Many browsers now include many advanced features in addition to allowing users to surf the web, making them more vulnerable from a cybersecurity standpoint. Cybercriminals have begun to exploit these vulnerabilities to install ransomware in browsers.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released recommendations to help small and medium-sized businesses (SMBs) adopt Single Sign-On (SSO) services. The recommendations are based on a CISA study that included focus groups with stakeholders such as SMBs, SSO service vendors, Managed Service Providers (MSPs), and network auditors. The study sought to identify stakeholders' attitudes toward SMBs' SSO adoption as well as potential adoption barriers. This article continues to discuss CISA's recommendations regarding the adoption of SSO services by SMBs.

A cryptocurrency theft campaign is spreading infostealers through fake virtual meeting software for macOS and Windows. The campaign, discovered by the Recorded Future's Insikt Group and attributed to a threat actor dubbed "Markopolo" is behind the elaborate web and social media presence for a fake app called "Vortax." The app appears to be a virtual meeting software for different platforms, but delivers "Rhadamanthys," "Stealc," and "Atomic" infostealers.

Medical device manufacturer LivaNova USA has recently started notifying 130,000 individuals, warning that their personal information was compromised in an October 2023 data breach.  LivaNova says it took certain systems offline in response to the incident, without sharing further details on the nature of attack.  In December 2023, the LockBit ransomware gang claimed responsibility for the incident and for the theft of 2.2 terabytes of data from the company.