Researchers from the National Institute of Standards and Technology (NIST) discovered that Artificial Intelligence (AI) systems, which rely on large amounts of data to execute tasks, can fail when exposed to untrustworthy data. A new NIST report that is part of the institute's overall effort to support the development of trustworthy AI brings further attention to the possibility of cybercriminals poisoning AI systems by exposing them to bad data. NIST researchers also found that there is no single defense that developers or cybersecurity experts can use to protect AI systems.

BlackBerry researchers urge Mexican companies with annual revenues of over $100 million to be on the lookout for a cybercrime campaign. The researchers reported that financially motivated hackers are infecting systems with the AllaKore RAT malware in order to steal banking credentials and unique authentication information. This threat actor has persistently targeted Mexican entities for more than two years and shows no signs of slowing.

Turkish hackers infiltrated the system of Lev, a popular cinema chain in Israel, to spread a threatening message. On January 23, hackers screened a message written in Hebrew with video footage. To upload the message, the hackers broke into the external system that updates advertising screens and trailers. MeshSec, a threat actor, claims to be responsible for the cyberattack. This article continues to discuss the hijacking of Lev's cinema screens claimed by MeshSec.

According to the Cybernomics 101 report published Barracuda Networks, the average cost incurred by companies impacted by a cyberattack increased in 2023, as hackers launched more frequent and highly targeted attacks. The report presented findings from a survey of 1,917 Information Technology (IT) security professionals about changes in the threat landscape over the previous year and how their organizations adapt. The average cost of responding to breaches surpassed $5 million for the first time in 2023.

Cisco warns that several of its Unified Communications Manager (CM) and Contact Center Solutions products are impacted by a critical Remote Code Execution (RCE) flaw. The vulnerability, tracked as CVE-2024-20253, could allow an unauthenticated, remote attacker to execute arbitrary code on an impacted device. Synacktiv researcher Julien Egloff discovered the vulnerability, which received a severity score of 9.9. It stems from improper processing of user-provided data read into memory. Exploiting it involves sending a specially crafted message to a listening port.

Researchers have provided further details regarding the Command-and-Control (C2) server operations of SystemBC, a malware family. SystemBC can be purchased on underground markets and comes in an archive that includes the implant, a C2 server, and a PHP-based web administration portal. Kroll, a risk and financial advisory solutions provider, reported an increase in the use of the malware in the second and third quarters of 2023.

According to a new Specops Software report, 88 percent of organizations continue to rely on passwords as their primary authentication method. The report highlighted that 31.1 million breached passwords had more than 16 characters, suggesting longer passwords are still vulnerable to cracking. Researchers found that 40,000 admin portal accounts were using 'admin' as a password, and only half of organizations scan for compromised passwords more than once a month.

A Russian national has recently been sentenced in the US to five years and four months in prison for his role in the development and distribution of the TrickBot malware.  On November 30, 2023, the man, Vladimir Dunaev, 40, of Amur Oblast, Russia, admitted in court to his role in the TrickBot scheme, which caused tens of millions of dollars in losses to organizations worldwide, including schools and hospitals.