Group-IB researchers have discovered a new iOS Trojan dubbed GoldPickaxe.iOS that steals facial recognition data and identity documents, as well as intercepts SMS. The Trojan has been attributed to GoldFactory, a Chinese-speaking threat actor responsible for developing a suite of highly sophisticated banking Trojans. The threat actor exploits the stolen biometric data by using Artificial Intelligence (AI) face-swapping services to create deepfakes that replace their faces with those of the victims.

According to security researchers at Chainalysis, just over $22bn worth of cryptocurrency was laundered in 2023, a 30% drop from the previous year, with nefarious actors switching techniques to stay hidden from investigators.  The researchers claimed that some of the decline in crypto-money laundering could be explained by an overall decrease in crypto-transaction volumes during the same period.  The researchers noted that centralized exchanges remain the main destination for funds sent from illicit addresses, as they have for the past five years.

Microsoft recently warned that a newly addressed vulnerability in Exchange Server has been actively exploited in attacks.  Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.  According to Microsoft, an attacker could exploit the bug to relay a user's Net-NTLMv2 hash against a vulnerable server and authenticate as that user.

With funding from Google, the Technical University of Munich (TUM) is launching seven new research projects to address critical questions at the intersection of cybersecurity and Artificial Intelligence (AI). These projects focus on the data security risks of general-purpose AI models, patterns of cyberattacks on Large Language Models (LLMs), and more. For example, one of the projects aims to better understand how attacks on LLMs work, what triggers them in LLMs, and how they can be prevented. This article continues to discuss the new TUM research projects on cybersecurity and AI.

Multi-factor authentication (MFA) has been the recommended way to strengthen password access for users. But hackers are finding ways around MFA as well using social engineering. Here are a couple of popular methods used. One method is an Adversary-in-the-Middle (AITM) attack. In this hack, the users are tricked into thinking that they are logging into a real network, website, or app. The hackers then can capture passwords and use them to manipulate the requests for the MFA, which the victim unwittingly approves, granting the attacker access.

Microsoft has patched a Windows Defender SmartScreen zero-day vulnerability exploited in the wild by the financially motivated threat group, tracked as Water Hydra and DarkCasino, to deploy the DarkMe Remote Access Trojan (RAT). Trend Micro security researchers discovered the hacker group using the zero-day vulnerability in attacks on New Year's Eve day. According to a recent security advisory from Microsoft, an unauthenticated attacker could send a specially crafted file to a targeted user in order to evade displayed security checks.

Dr. Santosh Ganji, a computer engineering doctoral graduate, and Dr. P.R. Kumar, a Department of Electrical and Computer Engineering professor at Texas A&M University, are working on improving wireless network security. When two entities communicate wirelessly, it is difficult to determine whether a Man-in-the-Middle (MitM) is present. Kumar and Ganji have discovered how to flush out the MitM using a timing-based protocol called REVEAL, which overloads the MitM with messages and causes it to fail.

According to security researchers at JumpCloud, cybersecurity spending is predicted to be cut by 41% of SMEs over the coming year amid the challenging economic environment.  Nearly three-quarters (72%) of IT admins surveyed in the US, UK, and India agreed that any cuts to their security budgets would increase organizational risk.  The researchers noted that SMEs in India were most likely to experience cybersecurity cuts (58%).  This was followed by the US (40%) and UK (25%).

Microsoft and OpenAI have pointed out the different ways in which state-sponsored threat actors have attempted to use Large Language Models (LLMs) to improve their cyber operations. Threat actors, like defenders, are using Artificial Intelligence (AI), specifically LLMs, to increase efficiency. For example, the Iranian threat actor called Crimson Sandstorm, also known as CURIUM, has used LLMs to get help with social engineering, error troubleshooting, code development, and more.

Nominations are now open for the 12th Annual Best Scientific Cybersecurity Paper Competition. The National Security Agency (NSA) welcomes nominations of papers published in 2023 in peer-reviewed journals and technical conferences that show an outstanding contribution to cybersecurity science. Winners will be announced at the end of 2024.