YouTube has become a major cybercrime channel, with telemetry from Avast showing that 4 million users were protected against YouTube threats in 2023 and 500,000 in January-March 2024. Automated advertising systems and user-generated content allow cybercriminals to bypass security, making YouTube a powerful phishing and malware channel. Credential stealers, phishing landing pages, and malicious software disguised as legitimate software or updates are notable threats on YouTube.

The US Environmental Protection Agency (EPA) released an alert highlighting cyber-protection measures for drinking water systems. Since September 2023, EPA inspections have found that over 70 percent of water systems violate the Safe Drinking Water Act. Some systems were found to contain critical cyber vulnerabilities, including those caused by default passwords and authentication systems that can be compromised. The agency has detailed how drinking water system operators can protect their assets.

GitHub fixed a maximum severity authentication bypass vulnerability that affects GitHub Enterprise Server (GHES) instances using SAML Single Sign-On (SSO) authentication. An attacker could forge a SAML response and gain administrator privileges, enabling unrestricted access to the instance's contents without authentication. GHES is a self-hosted alternative that caters to the needs of organizations that would rather store repositories on private cloud environments or their own servers.

"CLOUD#REVERSER," a new attack campaign, uses Google Drive and Dropbox to stage malicious payloads. Securonix researchers said the CLOUD#REVERSER's VBScript and PowerShell scripts use Google Drive and Dropbox as staging platforms for managing file uploads and downloads. The scripts fetch files matching certain patterns, which suggests they are waiting for commands and scripts in Google Drive or Dropbox. A phishing email with a ZIP archive file containing a Microsoft Excel file-looking executable starts the attack chain.

Rui-Siang Lin, a Taiwanese national, is facing multiple life sentences after being arrested on suspicion of owning and running one of the dark web’s most successful drugs marketplaces. Rui-Siang Lin was arrested at JFK Airport in New York on Saturday. The 23-year-old is accused of operating the Incognito Market, which, since its inception in 2020, has apparently sold an estimated $100m of illicit drugs and misbranded prescription medication to customers around the world.

According to security researchers at Rapid7, over 60% of vulnerabilities discovered in network and security appliances in 2023 were exploited as zero days. Their research found that more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023 (53% vs 47%). The researchers noted that last year’s numbers represent a return to 2021 levels of widespread zero-day exploitation (52%), following a slight respite (43%) in 2022.

Some versions of the Intel Neural Compressor software for Artificial Intelligence (AI) model compression have a maximum severity vulnerability. The bug found in the software enables unauthenticated attackers to execute arbitrary code on Intel systems running impacted versions. According to Intel, the bug stems from improper input validation or user input sanitization. Since the vulnerability is remotely exploitable with low complexity and highly impacts data confidentiality, integrity, and availability, the chip maker gave it a maximum CVSS score of 10.

At-Bay reported a 64 percent increase in ransomware claims in the US in 2023. About 415 percent more "indirect" ransomware incidents occurred in 2023 than in 2022, driving this increase in ransomware claims. Remote access tools were the leading cause of loss, making up 58 percent of ransomware attacks. Double leverage attacks, which use both data encryption and exfiltration, increased by 51 percent in 2023, suggesting that threat actors shifted their tactics to pressure more victims into paying demanded ransoms.

According to researchers at Tenable, the popular logging utility Fluent Bit, which several major companies use, has a critical vulnerability that could enable Denial-of-Service (DoS) attacks, information disclosure, and Remote Code Execution (RCE). Fluent Bit is an open source data collector and processor that can handle large amounts of log data from various sources. With billions of downloads, the tool is deployed over 10 million times daily. Microsoft, Google Cloud, AWS, Cisco, LinkedIn, VMware, Splunk, Intel, Arm, and Adobe use it.