In 2023, global ransomware attacks rose significantly, and they are expected to continue. Cyberattacks affect all types of businesses, but the healthcare industry is especially vulnerable. Phishing attacks are the biggest cyber threat to healthcare organizations, but ransomware is rising. Based on data from ransomware leak sites, nearly 200 ransomware attacks in 2023 impacted the healthcare sector. Threat actors know that ransomware in healthcare organizations can disrupt patient care because Protected Health Information (PHI) is highly valuable. These factors may increase ransom payments.

According to security researchers, a data breach faced by the cloud storage company Snowflake resulted in the theft of large amounts of information from Ticketmaster and other organizations. A hacking group recently claimed to have stolen Ticketmaster user data, impacting about 560 million users, and demanded $500,000. Live Nation Entertainment, a Ticketmaster parent company, reported unauthorized access to "a third-party cloud database environment" containing data from the ticket sales platform.

The Artificial Intelligence (AI) platform Hugging Face revealed that its Spaces platform was hacked, exposing member authentication secrets. Hugging Face Spaces lets community members demo AI apps created and submitted by users. Hugging Face says they revoked authentication tokens in compromised secrets and notified affected users via email. However, they recommend that all Hugging Face Spaces users refresh their tokens and switch to fine-grained access tokens to better control AI model access.

According to security researchers at Mandiant, ransomware activity increased in 2023 compared to 2022 despite law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat.  During the study, the researchers observed a 75% increase in posts on ransomware groups’ data leak sites (DLS) in 2023 compared to 2022.  In total, victims on DLS spanned more than 110 countries.  During 2023, ALPHV/BlackCat and LockBit were the most frequently observed ransomware groups.  The researchers also discovered that 2023 saw more than 50 new ransomware variants.

Proof-of-concept (PoC) code has recently been released for an actively exploited zero-day vulnerability affecting multiple Check Point Security Gateway iterations.  The vulnerability was disclosed on May 27 and is tracked as CVE-2024-24919 (CVSS score of 8.6).  The issue is described as an arbitrary file read issue in gateways that have IPSec VPN or Mobile Access blades enabled.  According to Check Point, its CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security gateways, and Quantum Spark appliances are impacted.

Spanish police have recently dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000.  The investigation began in November 2022 after a complaint submitted by the Alliance for Creativity and Entertainment (ACE), which reported two web pages for violations of intellectual property rights.  Those sites hosted the illegal IPTV service "TVMucho," also known as "Teeveeing," which had over 4 million visits in 2023.

Jianying Zhou, a professor at the Singapore University of Technology and Design (SUTD), and his team propose a tree-inspired One-Time Password (OTP) scheme that supports changing user environments as well as provides security and privacy. OTPs have become a standard in user verification for sensitive applications. A standard OTP, used in Multi-Factor Authentication (MFA), limits users' password input time to prevent hacking. However, cyber threats will slowly render OTP protocols obsolete. A new scheme proposed by Zhou and his team addresses some of the weaknesses of existing OTP methods.

According to experts, companies that use private instances of Large Language Models (LLMs) to make business data searchable through a conversational interface risk data poisoning and leakage if they do not harden their platforms. For example, Synopsys recently disclosed a Cross-Site Request Forgery (CSRF) flaw impacting applications based on SamurAI's EmbedAI component. Attackers could trick users into uploading poisoned data into their LLM.

Phil Lundrigan, a computer engineering professor at Brigham Young University (BYU), and a team of students have developed an in-between option that grants partial trust and enables consumers to connect basic Internet of Things (IoT) devices to their home network without the risk of compromising the network. Their solution enables communication between a Wi-Fi device, such as a sensor, that transmits small amounts of data, and a trusted Wi-Fi network without requiring the device to be connected to the network.

According to the 2024 IBM X-Force Threat Intelligence Index, phishing made up 30 percent of incidents last year, showing that it is still one of the top initial access vectors. Attackers often use phishing kits, which consist of a collection of tools, resources, and scripts packaged for easy deployment. IBM X-Force analyzed thousands of phishing kits and discovered trends, including which data these kits targeted and which brands were most exploited. This article continues to discuss key findings regarding phishing kits.