In 2023, at least 225,000 sets of OpenAI credentials were listed for sale on the dark web, potentially enabling access to sensitive data sent to ChatGPT. Researchers at Group-IB discovered ChatGPT accounts compromised by information stealer malware between January and October 2023. The stolen credentials came from devices infected with LummaC2, Raccoon, and other infostealers. These malware tools look for and gather sensitive information stored on infected devices, such as login credentials and financial information.

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) on how to limit adversarial lateral movement within an organization's network aimed at gaining access to sensitive data and critical systems. The CSI, titled "Advancing Zero Trust Maturity Throughout the Network and Environment Pillar," explains how to use zero trust principles to strengthen internal network control and contain network intrusions to a specific network segment.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced several initial key actions that it will take in collaboration with the open source community to help secure the open source ecosystem. CISA is working with package repositories to encourage the adoption of the Principles for Package Repository Security. This framework, developed by CISA and the Open Source Security Foundation's (OpenSSF) Securing Software Repositories Working Group, delves into voluntary security maturity levels for package repositories.

Cisco recently announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.  The first issue tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and could be exploited remotely, without authentication, in carriage return line feed (CRLF) injection attacks.

A Nigerian national has recently pleaded guilty in a US court to his role in a business email compromise (BEC) fraud scheme that caused roughly $200,000 in losses.  Henry Echefu, 32, a resident of South Africa at the time the nefarious operation was conducted, was extradited from Canada on November 30.  According to the Department of Justice (DoJ), Echefu and co-conspirators, including individuals in Maryland, engaged in a BEC scheme between February and July 2017.

Late last night, Duvel Moortgat Brewery was hit by a ransomware attack, halting beer production in the company's bottling facilities.  Duvel is a Belgian beer brand best known for its strong and fruity golden pale ale bearing the same name.  The brewery also makes other popular abbey beers, such as Vedett, Maredsous, and La Chouffe, which are enjoyed all over the world.  The company said that they hope to restart production either today or tomorrow.  The company noted that their warehouses are stocked, so there should be no impact on distribution.

According to security researchers at Zscaler, a threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures.  The researchers noted that this campaign has been ongoing since at least December 2023.  The distributed RATs include Android-focused SpyNote RAT, Windows-focused NjRAT, and DCRat.  The researchers said that to lure the victims into downloading the RATs, the threat actor created several fake online meeting sites, impersonating brands like Microsoft-owned Skype, Google Meet, and Zoom.

Android recently announced security updates that resolve 38 vulnerabilities, including two critical severity issues in the System component.  Impacting Android 12, 12L, 13, and 14, and tracked as CVE-2024-0039 and CVE-2024-23717, the two critical flaws could lead to remote code execution and elevation of privilege, respectively.  Google noted that the most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.

The US cybersecurity agency CISA recently added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog.  The exploited Pixel vulnerability is tracked as CVE-2023-21237.  The flaw was patched in June 2023, and Google warned that it had been aware of “limited targeted exploitation,” but the company published its security bulletin for Pixel phones a week after the general Android security bulletin, and CVE-2023-21237 went unnoticed.

Facebook and Instagram users worldwide have been logged out of the sites and are having trouble logging in, receiving errors that their passwords are incorrect.  This recent outage affects people worldwide, including the USA, Europe, and Asia.  Downdetector, a website that tracks when online services stop working, has received numerous reports indicating that the outage is not isolated to a specific region or country.