It was recently announced that a data breach at Connecticut College early last year resulted in the unauthorized release of personal information, including social security numbers, for an unspecified number of people affiliated with the private liberal arts college in New London.  The college said that the breach was detected in March 2023 and prompted college officials to contact law enforcement and take steps to "remediate" the issue and launch a third-party investigation.

A new study by William & Mary (W&M), Google, and IBM researchers examined 2,060 House, Senate, and presidential campaigns from the 2020 US election cycle, marking the first large-scale analysis of political campaign websites' privacy practices. According to the study, those campaigns often retained private data for an unspecified time, provided incomplete or no privacy disclosures, and were likely to share or sell data.

Car maker Hyundai Motor Europe has recently suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.  Hyundai Motor Europe is Hyundai Motor Company's European division, headquartered in Germany.  Hyundai Motor Europe says it is investigating a case in which an unauthorized third party has accessed a limited part of its network.  The investigation is ongoing, and local law enforcement has been notified.

The US Secretary of Commerce, Gina Raimondo, has announced the launch of the US Artificial Intelligence (AI) Safety Institute Consortium (AISIC), which will bring AI creators, academics, government researchers, civil society organizations, and more together to support the development and implementation of safe and trustworthy AI. The consortium will contribute to President Biden's Executive Order priority actions, such as developing guidelines for red-teaming operations, capability evaluations, risk management, security, and watermarking synthetic content.

The U.S. Federal Trade Commission (FTC) has recently announced that Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.  The FTC noted that over 2.6 million consumers filed fraud reports with the FTX the previous year, a figure almost identical to 2022.  Imposter scams emerged as the most frequently reported fraud category, with notable upticks in business and government impersonation reports.

According to Check Point Research (CPR), the developers behind the Raspberry Robin malware are now purchasing exploits to accelerate cyberattacks. Researchers believe an exploit developer is either on the Raspberry Robin payroll or a close contact who sells them to the group. CPR has observed how long it takes for vulnerability exploits to be incorporated as features of the malware. Raspberry Robin added exploits for vulnerabilities up to 12 months old in 2022, but this has been changed to those less than a month old.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) recently hosted an event titled "Boosting Water Sector Cybersecurity," which featured CISA Deputy Director Nitin Natarajan and EPA Director of the Water Infrastructure and Cyber Resilience Division David Travers. They emphasized the criticality of water sector cybersecurity. The event shared resources designed specifically for the water sector, including the Water and Wastewater Sector Cybersecurity Toolkit, released by CISA and the EPA on January 30, 2024.

The U.S. State Department recently announced that it is rewarding up to $10 million for information that could help locate, identify, or arrest key leadership positions in the Hive ransomware gang.  The FBI says this ransomware group had extorted roughly $100 million from over 1,300 companies across more than 80 countries between June 2021 and November 2022.  The U.S.

A new version of the XLoader Android malware executes automatically on infected devices, thus requiring no user interaction to run. XLoader, also known as MoqHao, is an Android malware operated and most likely created by the financially motivated threat group called Roaming Mantis, which has previously targeted users in the US, UK, Germany, France, Japan, South Korea, and Taiwan. The malware is primarily distributed via SMS text with a shortened URL pointing to a website containing an Android APK installation file for a mobile app.

The threat actors behind HijackLoader, a loader malware, have added new defense evasion techniques, as other malicious actors increasingly use the malware to deliver additional payloads and tools. CrowdStrike researchers reported that the malware developer used a standard process hollowing technique in conjunction with an additional trigger activated by the parent process writing to a pipe, making defense evasion more stealthy. HijackLoader was first identified by Zscaler ThreatLabz in September 2023 as a conduit for delivering DanaBot, SystemBC, and RedLine Stealer.