According to new research published by Specops, RedLine malware was used to steal over 170 million passwords in the last six months, making it the most notorious credential stealer during that period. The malware was used in half of all cyber incidents involving stolen passwords, significantly surpassing the next closest stealer, Vidar. Vidar was used to steal over 65 million passwords. Raccoon Stealer, the malware responsible for the theft of over 42 million passwords, ranks third, making up 11.7 percent.

MarineMax, one of the world’s largest retailers of recreational boats and yachts, recently disclosed a cyberattack that has caused some disruption.  The Florida-based company revealed in a regulatory filing that it detected a cybersecurity incident on March 10.  The company noted that hackers gained access to its systems, which prompted them to initiate incident response and business continuity protocols.  The incident is still being investigated, but at the time of the regulatory filing, it did not have a material impact on operations.

Threat actors are using Scalable Vector Graphic (SVG) image files to hide malware and avoid detection. In January, researchers at Cofense Intelligence discovered a two-month campaign involving the use of SVG files to distribute Agent Tesla Keylogger and XWorm RAT malware. The SVG file format uses mathematical equations to describe images, allowing them to be scaled without losing image quality and making them suitable for various design applications.

A new BlackBerry report reveals a significant increase in attacks on the global financial sector, with 1 million attacks recorded in just 120 days. According to BlackBerry's current Global Threat Intelligence Report, attacks on the global financial sector were primarily launched using commodity malware. The use of such malware suggests that many independent threat actors are targeting the industry for financial gain.

SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) have announced the launch of the 911 Cybersecurity Resource Hub where Emergency Communications Centers (ECCs) can report cyber incidents, find real-world case studies, access cybersecurity education and training opportunities, and learn best practices regarding identifying and protecting networks from cyberattacks.

Subscriber Identity Module (SIM) swappers have changed their attacks to steal a target's phone number by porting it to a new Embedded SIM (eSIM) card, which is a digital SIM in a rewritable chip found in many modern smartphones. An eSIM is a digital card stored on the chip of a mobile device that performs the same functions as physical SIM cards but can be remotely reprogrammed and provisioned, as well as deactivated, swapped, and deleted.

Researchers from Google DeepMind, Open AI, ETH Zurich, McGill University, and the University of Washington have developed a new attack that extracts key architectural information from proprietary Large Language Models (LLMs) such as ChatGPT and Google PaLM-2. The study shows how adversaries can extract supposedly hidden data from an LLM-enabled chatbot, allowing them to duplicate or steal its functionality. The attack is one of several highlighted in the past year that have delved into the security flaws of Artificial Intelligence (AI) technologies.