Lending giant LoanDepot recently announced that roughly 16.6 million individuals were impacted by a ransomware attack disclosed earlier this month.  In a Form 8-K filing with the Securities and Exchange Commission (SEC) on January 4th, the company said it “has determined that the unauthorized third party activity included access to certain company systems and the encryption of data.”  Affected individuals will be notified soon and offered free credit monitoring and identity protection services.  

A team of researchers in China has introduced a novel approach to improving privacy for cross-border e-commerce users. The presented encryption algorithm is based on social network analysis, which could help users maintain security when transferring sensitive information during international transactions. The team has implemented a multifaceted strategy, initially using a logical inference mapping method for blockchain to encode public and private keys with asymmetric encryption.

The US Justice Department recently announced separate charges against two Russian nationals accused of being involved in cybercriminal activities, including a man allegedly involved in the 2013 hacking of retailers Michaels and Neiman Marcus.  According to the DoJ, one indicted individual is Aleksey Timofeyevich Stroganov, also known as Aleksei Stroganov, Flint, Flint24, Gursky Oleg, and Oleg Gurskiy.  He and his accomplices allegedly hacked into the computers of companies and individuals in an effort to steal personal information, including credit and debit card data.

The "Science of Security (SoS) Program Review: 2011-2023" report is now available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 24-01 in response to the widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances. Ivanti recently released information about two vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, which enable an attacker to move laterally across a target network, exfiltrate data, and gain persistent system access.

The Russia-backed Advanced Persistent Threat (APT) group ColdRiver, also known as Blue Charlie, Callisto, Star Blizzard, or UNC4057, has unleashed custom malware called Spica. According to Google's Threat Analysis Group (TAG), Spica is the first custom malware developed and used by ColdRiver. ColdRiver typically targets Non-Governmental Organizations (NGOs), former intelligence and military officers, and NATO governments for cyber espionage.

VMware has confirmed the active exploitation of a critical vCenter Server Remote Code Execution (RCE) that was patched in October 2023. The vCenter Server management platform is for VMware vSphere environments and helps administrators manage ESX and ESXi servers, as well as Virtual Machines (VMs). The vulnerability, discovered by Trend Micro, stems from an out-of-bounds write flaw in vCenter's DCE/RPC protocol implementation.

The US government recently published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.  Released in response to an increased interest by financially and politically motivated threat actors in the United States WWS sector, the guide outlines how water utility owners and operators can interact with federal partners to prepare for, mitigate, and respond to incidents.