According to mobile researcher Mysk, many iOS apps collect user data about devices through background processes triggered by push notifications, potentially enabling the creation of fingerprinting profiles for tracking. These apps evade Apple's background app activity restrictions, posing a privacy risk for iPhone users. After analyzing what data is sent by iOS background processes when receiving or clearing notifications, Mysk discovered that the practice was far more common than previously thought, affecting many widely used apps.

Researchers have discovered an updated version of the LODEINFO backdoor, which is distributed via spear-phishing attacks. According to researchers at ITOCHU Cyber & Intelligence, the malware now has new features and changes to anti-analysis techniques. Versions 0.6.6 and 0.6.7 of LODEINFO were first documented in November 2022. These findings detailed the backdoor's capabilities to execute arbitrary shellcode, take screenshots, and send files to an actor-controlled server. There were attacks on Japanese political establishments that resulted in the deployment of LODEINFO.

According to the Identity Theft Resource Center (ITRC), the number of reported data compromises in the US in 2023 increased by 78% compared to 2022, reaching 3205.  The number of victims of these data breaches reached 353,027,892.  The ITRC noted that while this is still a staggering number, it represents a 16% decrease compared with 2022.  The ITRC believes that the general trend of the number of victims dropping is because organized identity criminals now focus on specific information and identity-related fraud and scams rather than mass attacks.

Researchers, staff, and licensees from the Department of Energy's Oak Ridge National Laboratory (ORNL) were honored in the Federal Laboratory Consortium's (FLC) annual awards competition. There are 32 award winners, including ORNL, for contributions to technology transfer, turning advanced research into impactful products and services. ORNL's Heartbeat and Situ technologies provide new methods for advanced cybersecurity monitoring in real time.

According to security researchers at Bugcrowd, the government sector has witnessed the most significant growth in crowdsourced security in 2023, marking a 151% increase in vulnerability submissions and a substantial 58% rise in Priority 1 (P1) rewards for critical vulnerabilities.  The researchers noted that there was a noteworthy increase in vulnerability submissions also observed in the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.

ESET researchers have uncovered NSPX30, an implant used by the China-aligned Advanced Persistent Threat (APT) group called Blackwood. Blackwood has conducted cyber espionage operations against individuals and organizations in China, Japan, and the UK. It uses Adversary-in-the-Middle (AitM) techniques to take over update requests from legitimate software in order to deliver the NSPX30 implant. According to ESET, based on the NSPX30's evolution mapping, the sophisticated implant's earlier ancestor is Project Wood, a simple backdoor. The oldest sample was compiled in 2005.

Millions of names, usernames, and emails associated with public Trello boards have been made available for sale on the dark web, potentially leading to Account Takeover (ATO) and spear-phishing attacks. Atlassian, Trello's parent company, now says it has made changes to a critical Application Programming Interface (API) to prevent scraping attacks. Trello, a project management and collaboration platform, allows users to make their "boards" or workspaces publicly findable, facilitating collaboration between different companies and stakeholders.

In a recent SEC filing, Hewlett Packard Enterprise (HPE) revealed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government.  The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment.   HPE says that it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023.

Mozilla recently announced security updates for both Firefox and Thunderbird to patch 15 vulnerabilities, including five rated "high severity." The first high-severity flaw is an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the open-source graphics engine used as the default WebGL backend in both Firefox and Chrome.  Tracked as CVE-2024-0741, Mozilla noted that the issue could be exploited to corrupt memory and cause a crash that could potentially lead to denial of service or arbitrary code execution.

A team of researchers from Concordia and Hydro-Quebec conducted a study on the risks of cyberattacks faced by offshore wind farms. The researchers focused on wind farms that use Voltage-Source Converter High-Voltage Direct-Current (VSC-HVDC) connections, which are quickly becoming the most cost-effective solution for harvesting offshore wind energy. Offshore wind farms rely on complex, hybrid communication architecture, thus providing multiple entry points for cyberattacks.