According to a new SecurityScorecard report, in 2023, 90 percent of the world's top energy companies experienced data breaches caused by third parties. Their growing reliance on digital systems causes an increase in attacks on infrastructure networks. The breaches have resulted in financial losses, damaged reputations, and eroded trust. There were 264 reported breaches in the energy sector stemming from third-party issues. Confirmed third-party breaches affected the top ten energy companies in the US.

The China-backed hacking group Volt Typhoon failed to revive a botnet recently shut down by the FBI. The botnet had previously been used in attacks against US critical infrastructure. Before the KV-botnet was taken down, it enabled the Volt Typhoon threat group to evade detection by proxying malicious activity through hundreds of compromised Small Office/Home Office (SOHO) routers. On December 6, the FBI obtained a court order authorizing it to dismantle the botnet.

Mitsubishi Electric recently announced that two potentially serious vulnerabilities have been found in their factory automation products.  Mitsubishi Electric said several factory automation (FA) products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.  Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.

An international initiative involving over 35 nations aims to combat hack-for-hire operations. At a recent conference, countries led by the US, UK, and France, together with companies including Google, Apple, BAE Systems, and Microsoft, signed a declaration called the "Pall Mall Process." The goal is to establish guiding principles and policy options for states, industry, and civil society regarding developing and implementing commercially available cyber intrusion capabilities.

JetBrains has addressed a critical authentication bypass vulnerability, tracked as CVE-2024-23917, that affects TeamCity On-Premises continuous integration and deployment servers. The vulnerability could enable an unauthenticated threat actor with HTTP(S) access to a TeamCity server to evade authentication controls and gain administrative access on the server. JetBrains TeamCity servers were a popular target for state-sponsored hackers in 2023, exploiting another authentication bypass vulnerability, tracked as CVE-2023-42793.

The Shim maintainers have released version 15.8 to fix six security flaws, including a critical bug that could enable Remote Code Execution (RCE) under certain conditions. Shim is described as a "trivial" software package designed to serve as a first-stage boot loader on Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, tracked as CVE-2023-40547 with a CVSS score of 9.8, could be exploited to bypass Secure Boot.

According to security researchers at Chainalysis, ransomware actors collected over $1bn in extortion money from their victims in 2023, a record high.  The researchers noted that this is a conservative estimate of the financial impact of ransomware last year, as new cryptocurrency addresses are likely to be discovered over time.  The researchers said the figure for 2022 has already been revised up 24% to $567m, for example.

The Cybersecurity and Infrastructure Security Agency (CISA) has announced a renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, a public-private partnership with various representatives from public and private sector organizations. They are tasked with identifying challenges as well as developing realistic, actionable, and risk-based recommendations and solutions for managing risks faced by the global ICT supply chain.

In a recent position paper, intelligence agencies in Germany, France, the Netherlands, and Sweden gave their criticism about Quantum Key Distribution (QKD). This encryption method theoretically ensures the security of communications by preventing anyone from intercepting keys without detection. According to the agencies, there are several inherent flaws, and a practical implementation would be too expensive and limited. This article continues to discuss the intelligence agencies' criticism of QKD.

Threat actors have been using fake Facebook job advertisements to trick potential victims into installing a new Windows-based stealer malware called Ov3r_Stealer. According to Trustwave SpiderLabs, this malware steals credentials and cryptocurrency wallets. It then sends them to a Telegram channel monitored by the threat actors. Ov3r_Stealer can gather IP address-based locations, hardware information, passwords, cookies, credit card information, auto-fills, browser extensions, cryptocurrency wallets, Microsoft Office documents, and more.