The Federal Bureau of Investigation (FBI) and international law enforcement agencies disrupted some of the BlackCat ransomware group's operations two months ago, but elements of the group remain active, primarily targeting healthcare organizations. The FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) released a new advisory on the group's activities, warning that BlackCat, also known as ALPHV, continues to operate despite law enforcement disruption and the release of a decryption tool for victims.

According to Enea, 76 percent of companies lack adequate voice and messaging fraud protection as Artificial Intelligence (AI)-powered voice phishing (vishing) and SMS phishing (smishing) increased after ChatGPT was launched. Sixty-one percent of businesses continue to suffer significant losses due to mobile fraud, with smishing and vishing being the most common and costly. Companies make up a sizable number of Communication Service Provider (CSP) subscribers.

Due to potential national security risks, the Biden administration will look into Chinese-made "smart cars" that can collect sensitive information about the Americans driving them. The investigation could result in new regulations preventing China from using sophisticated technology in electric vehicles and other connected vehicles to track drivers and their personal information. Officials are concerned about espionage activities being conducted through features such as driver assistance technology.

AI service Cutout.Pro has recently suffered a data breach exposing the personal information of 20 million members.  Cutout.Pro is an AI-powered photo and video editing platform for image enhancement, background removal, diffusion, colorizing, old photo restoration, and content generation.  On Tuesday, someone using the alias "KryptonZambie" shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.Pro.

In the SolarWinds attack, the threat actor behind it compromised the company's Orion network management product and used it to infiltrate target enterprise networks. The threat actor often used a technique called "Golden SAML" to maintain persistent access to applications and services in that environment. Semperis researchers have recently detailed a new version of the technique dubbed "Silver SAML." Silver SAML, like the original, uses SAML response forgery but does not require the attacker to have access to Active Directory Federation Services (ADFS).

At least 100 malicious Artificial Intelligence (AI)/Machine Learning (ML) models were discovered on the Hugging Face platform, with some capable of executing code on the victim's machine, providing attackers with a persistent backdoor. Hugging Face is a technology company specializing in AI, Natural Language Processing (NLP), and ML. It offers a platform for communities to collaborate and share models, datasets, and complete applications.

Meta recently patched a critical vulnerability that could have been exploited to take control of any Facebook account.  The security researcher who found the flaw noted that the vulnerability impacted Facebook’s password reset process, specifically an option where a six-digit unique authorization code is sent to a different device the user is logged into.  This code is provided to confirm the user’s identity and is used to complete the password reset process.

The Idaho National Laboratory has announced the award of two grants to Montana State University researchers to help them advance their efforts to make the country's critical infrastructure more secure against cyberattacks. Professors from the university's Department of Electrical and Computer Engineering and Gianforte School of Computing will conduct research on side-channel attacks, which are used by malicious actors to passively monitor the power consumption of computers. Attackers can use this information to figure out when a system is most vulnerable to attack.

UNC1549, an Iran-linked threat actor, has been attributed to new attacks targeting aerospace, aviation, and defense industries in the Middle East. According to Mandiant, the threat actor appears to overlap with Smoke Sandstorm (previously Bohrium) and Crimson Sandstorm (previously Curium). The attacks involve the use of Microsoft Azure cloud infrastructure for Command-and-Control (C2) and social engineering with job-related lures to deliver two backdoors called MINIBIKE and MINIBUS.

By krahal

U.S. Secretary of State Antony Blinken, as a well-read diplomat, is turning to Sun Tzu's famous military strategy: "The enemy of my enemy is my friend." Secretary Blinken, as of 16 February, is in fact approaching his Chinese and Indian counterparts to ward off a world-threatening cyber move by Russia's Vladimir Putin. This issue has apparently been brewing over the last few weeks.