The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) have released "Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations." The guidance document details the latest tactics used in foreign malign influence operations to shape US policies, decisions, and more. The document discusses common tactics in foreign malign influence operations, provides examples, and suggests mitigation strategies for election infrastructure stakeholders.

The New York state Legislature's bill drafting office was hit with an apparent cyberattack early today, April 17.  According to Gov. Kathy Hochulthe scope of the attack was not immediately clear but the bill drafting system has been down since early Wednesday.  The office is responsible for printing legislation for lawmakers at the state Capitol in Albany.  The investigation into the incident is ongoing, and they are working on getting their systems back up and running. 

According to security researchers, threat actors have been observed exploiting unpatched Atlassian servers and deploying a Linux variant of Cerber ransomware, also known as C3RB3R.  The attacks target CVE-2023-22518, a critical security vulnerability in Atlassian Confluence Data Center and Server, enabling an unauthenticated attacker to reset Confluence and create an administrator account.  Researchers noted that the vulnerability allows threat actors to gain control over systems, risking loss of confidentiality, integrity, and availability.

Researchers have discovered new tactics associated with the threat actor "Kimsuky." The group, believed to be linked to North Korea's Reconnaissance General Bureau, has been conducting email phishing campaigns aimed at experts to gain insights into US and South Korean foreign policies. According to Proofpoint, Kimsuky has contacted foreign policy experts directly since 2023, soliciting their opinions on topics such as nuclear disarmament, US-South Korean policies, and sanctions.

According to the Food and Agriculture-Information Sharing and Analysis Center's (Food and Ag-ISAC) first annual report, the US food and agriculture sector faced at least 167 ransomware attacks in 2023. The industry was the seventh most targeted sector in the country, following manufacturing, financial services, and others. So far, in the first quarter of 2024, the sector has counted 40 attacks, a slight decrease from the previous year. In 2023, several large food companies, including Dole, Sysco, and Mondelez, experienced cyber incidents.

At least six different botnet malware operations are seeking TP-Link Archer AX21 (AX1800) routers that are vulnerable to a command injection security flaw. The flaw, tracked as CVE-2023-1389, is a high-severity unauthenticated command injection vulnerability in the locale Application Programming Interface (API) reachable via the TP-Link Archer AX21 web management interface. Researchers discovered it in January 2023 and notified the vendor through the Zero-Day Initiative (ZDI). TP-Link addressed the issue by releasing firmware security updates in March 2023.

According to an investigation conducted by Google Cloud's Mandiant security group, over the past two years, the "Sandworm" hacker group has played a major role in supporting Russian military objectives in Ukraine. The group has been increasing cyber threat operations in other areas of strategic political, economic, and military interest to Russia. Researchers found that Sandworm, also tracked as APT44, has been responsible for almost all disruptive and destructive cyberattacks in Ukraine since Russia's invasion in February 2022.

Google and Mozilla recently announced security updates that address more than 35 vulnerabilities in their browsers, including a dozen high-severity flaws.  Chrome 124 was released in the stable channel with patches for 22 bugs, 13 of which were reported by external researchers.  Google noted that of the externally reported flaws, three are high-severity issues.  Based on the bug bounty reward handed out, the most severe of these is CVE-2024-3832, described as an object corruption defect in the V8 JavaScript engine.

Microsoft has discovered a new method for jailbreaking Large Language Model (LLM) Artificial Intelligence (AI) tools and has revealed its continued efforts to improve LLM safety and security. Microsoft described the "Crescendo" LLM jailbreak method in a recent paper, delving into how an attacker can send a series of seemingly benign prompts to gradually lead a chatbot, such as OpenAI's ChatGPT, Google's Gemini, Meta's LlaMA, or Anthropic's Claude, to deliver output that the LLM model would normally filter and refuse.