The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting Controlled Unclassified Information (CUI) in two publications titled "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" and "Assessing Security Requirements for Controlled Unclassified Information." Contractors and other organizations doing business with the federal government now have clearer guidance for protecting the sensitive data they handle.

New research from King's College London and University College London (UCL) delved into the poor data handling practices followed by apps designed for female health monitoring, which put users at risk of privacy and safety issues.

The Federal Bureau of Investigation (FBI) has seized BreachForums, a forum that leaked and sold corporate data to cybercriminals. The seizure follows the leak of Europol law enforcement portal data on the website. BreachForums now shows a message saying the FBI controls the website and its backend data, suggesting that its servers and domains were seized. Gaining access to the hacking forum's backend data could help in law enforcement investigations due to the exposure of email addresses, IP addresses, and private messages between members.

Banking giant Santander has recently announced that customer and employee data has been breached following a compromise of a third-party provider. The bank revealed that “certain information” relating to customers of Santander Chile, Spain, and Uruguay, as well as all current and some former Santander employees of the group, had been accessed by hackers. Customer data in all other Santander markets and businesses have not been affected. Santander said the breach was caused by threat actors’ unauthorized access to a Santander database hosted by a third-party provider.

According to ESET, the Ebury Linux botnet has continued to grow over the past decade, with about 100,000 systems found to be infected at the end of 2023. Ebury, a botnet discovered in 2014, survived a takedown attempt and Maxim Senakh's sentencing for his involvement in the botnet's operation. Ebury is an OpenSSH backdoor and credential stealer that has continually been updated. It has infected over 400,000 hosts since 2009 for financial gain.

The US Military Academy won the sixth National Security Agency (NSA) Cyber Exercise (NCX). Participants from US service academies and senior military colleges competed for the NCX trophy alongside individuals from NSA professional development programs. Teams conducted offensive cyber activities against a fictional adversary that attacked a satellite downlink.

Rapid7 researchers have found a social engineering campaign that sends spam emails to enterprises to gain initial access for follow-on exploitation. The researchers reported that a threat actor floods a user's email with junk and calls to offer help to the user. The threat actor then prompts affected users to download Remote Monitoring and Management (RMM) software such as AnyDesk or run Microsoft's Quick Assist feature in order to set up a remote connection.

Software maker Adobe recently documented 35 security vulnerabilities in a wide range of products and urged users to pay immediate attention to critical severity bugs in its widely deployed Adobe Acrobat and Reader programs. As part of its scheduled Patch Tuesday updates, Adobe patched a dozen security bugs in Acrobat and Reader and slapped a critical severity label on several issues that expose users to code execution attacks. According to the advisory, the Acrobat and Reader vulnerabilities affect both macOS and Windows users.

The US Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and Federal Bureau of Investigation (FBI), in collaboration with international cyber partners have published "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society." The guide aims to help civil society organizations reduce their risk of cyber intrusions, particularly state-sponsored ones. It also encourages software manufacturers to implement and publicly commit to Secure by Design practices to protect vulnerable and high-risk communities.