According to researchers at Lloyds Bank, romance scam victims surged by more than a fifth (22%) in 2023 compared to 2022.  The average amount lost per incident was $8847 last year, which is lower than in 2022 when the average loss was $10,505.  The researchers noted that romance scams have exploded in prominence in recent years, with attackers leveraging fake profiles on social media and online dating apps to lure in potential victims.  They are also commonly used as a gateway to other types of fraud and malicious cyber activity.

According to security researchers at ReliaQuest, a hyper-active LockBit group led to a surge in ransomware campaigns in the last quarter of 2023.  The researchers found that ransomware activity was up 80% between October and December 2023 compared with the same period in 2022. Over this period, a total of 1262 victims were listed on data leak sites, with victims ranging from several industries, including manufacturing, construction, professional, scientific, and technical services.

Duke University engineers have demonstrated a system called "MadRadar" that can deceive automotive radar sensors. The technology can hide an approaching car, create a phantom car where none exists, or even mislead the radar into believing a real car has quickly deviated from its course. It can do this without having prior knowledge regarding the specific settings of the victim's radar, thus making it a significant threat to radar security.

Two more individuals have recently been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website.  According to the Department of Justice (DoJ), the individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches and attempted to sell access to the accounts.

A threat actor who uses USB devices for initial infection has been discovered abusing legitimate online platforms such as GitHub, Vimeo, and Ars Technica to host encoded payloads hidden in content that appears to be harmless. The attackers put these payloads in forum user profiles on technology news websites or video descriptions on media hosting platforms. The payloads pose no risk to those visiting these web pages because they are just text strings. However, they still play a major role in downloading and executing malware.

International law enforcement has detained 31 suspected cybercriminals and discovered 1,300 malicious servers used to conduct phishing attacks and distribute malware. Interpol's Operation Synergia ran from September to November 2023. It was launched in response to the growth and escalation of transnational cybercrime, as well as the need for coordinated action against new cyber threats. The operation involved nearly 60 law enforcement agencies and a few private companies.

A comprehensive code security audit focusing on several components of the Tor anonymity network conducted by researchers at Radically Open Security discovered more than a dozen vulnerabilities, including an issue classified as "high risk."  The researchers conducted that audit between April and August 2023, covering the Tor browser, exit relays, exposed services, infrastructure, and testing and profiling tools.  The audit, a crystal box penetration test (where the tester has access to the source code), uncovered a total of 17 security issues.

The Computer Emergency Response Team in Ukraine (CERT-UA) recently warned about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.  The CERT-UA noted that the exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined.  PurpleFox (or "DirtyMoe") is a modular Windows botnet malware first spotted in 2018 that comes with a rootkit module allowing it to hide and persist between device reboots.

The US government took action to neutralize a botnet of hundreds of US-based Small Office and Home Office (SOHO) routers hijacked by Volt Typhoon, a China-linked Advanced Persistent Threat (APT) actor. The Black Lotus Labs team at Lumen Technologies revealed the botnet's existence in mid-December 2023. According to the Department of Justice (DOJ), most of the routers in the KV-botnet were Cisco and NetGear routers that were vulnerable because they were no longer supported through their manufacturer's security patches or software updates.