Fintech firm EquiLend has recently started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.  On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.  EquiLend confirmed the next day that a ransomware attack caused the disruption and was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.

Security researchers at SpecterOps have developed a knowledge base repository for attack and defense techniques stemming from the improper setup of Microsoft's Configuration Manager (MCM). Improper setup could enable attackers to execute payloads or become domain controllers. MCM, formerly known as System Center Configuration Manager (SCCM, ConfigMgr), is used in many Active Directory (AD) environments to help administrators manage servers and workstations on a Windows network.

Despite its safeguards and safety protocols, Google's Gemini Large Language Model (LLM) is still vulnerable to attacks that could cause it to generate harmful content, reveal sensitive data, or perform malicious actions. Google Gemini, formerly known as Bard, is a multimodal Artificial Intelligence (AI) tool capable of processing and generating text, images, audio, video, and code. In a new study, HiddenLayer researchers discovered that they could manipulate Google's AI technology to generate election misinformation, cause it to leak system prompts, and more.

According to security researchers at Sophos, over three-quarters of cyber incidents impacted small businesses in 2023, with ransomware having the biggest impact on these firms.  The researchers noted that the notorious LockBit group made up the highest number of small business ransomware incidents handled by Sophos Incident Response last year, at 27.59%.  LockBit infections were considerably higher than the next highest groups: Akira (15.52%), BlackCat (13.79%), and Play (10.34%).

According to Japanese cybersecurity officials, the North Korea-affiliated Lazarus Group recently launched a supply chain attack on the PyPI software repository for Python apps. The threat actors uploaded malicious packages named "pycryptoenv" and "pycryptoconf," which are similar to the legitimate "pycrypto" encryption toolkit for Python. Developers who have downloaded the malicious packages onto their Windows machines are infected with a Trojan called "Comebacker." The malicious Python packages had been downloaded between 300 and 1,200 times.

A new banking Trojan called "CHAVECLOAK" targets Brazilian users through phishing emails with PDF attachments. According to Cara Lin, a Fortinet FortiGuard Labs researcher, the attack involves the PDF downloading a ZIP file and then executing the final malware using DLL side-loading techniques. Contract-themed DocuSign lures are used to trick users into opening PDF files with a button to read and sign the documents. Clicking the button triggers the retrieval of an installer file from a shortened remote link.

Generative Artificial Intelligence (AI) is expected to help with secure code writing, code analysis, test creation, documentation, and various other DevSecOps functions. According to most industry surveys, many developers are already using generative AI. For example, a CoderPad survey of over 13,000 developers released found that 67 percent of technology professionals already use AI, with ChatGPT coming in first, followed by GitHub Copilot, and Bard.

To help ensure a safe and secure digital ecosystem for all Americans, the Biden-Harris Administration has approved a secure software development attestation form, taking a step in implementing its requirement that those who produce software used by the Federal Government attest to the adoption of secure development practices. The release of the secure software development attestation form reinforces the secure-by-design principles advocated by the US Cybersecurity and Infrastructure Security Agency (CISA), federal government partners, and international allies.

Security researchers at Check Point Security have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN.  The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities.  Tracking these exploits, the researchers said it encountered a cluster of activities attributed to a threat actor dubbed Magnet Goblin.

Roku recently disclosed a data breach in which over 15,000 customer accounts were hacked to make fraudulent purchases of hardware and streaming subscriptions. According to researchers, threat actors are selling the compromised accounts for as little as $0.50 each. Those who purchase the accounts can use stored credit cards to make illegal purchases. Roku first disclosed the data breach, revealing that 15,363 customer accounts had been hacked in a credential stuffing attack where threat actors collect credentials from previous data breaches and use them to log in to other websites.