The United States recently announced that it is offering big rewards for information on cybercriminals linked to the recently disrupted LockBit ransomware operation. The UK’s National Crime Agency (NCA) and other law enforcement agencies have seized LockBit domains and servers, causing significant disruption to the cybercrime operation. The NCA has mocked cybercriminals, posting a message in the hijacked LockBit panel informing affiliates that law enforcement may be in touch with them very soon.

Those who use the ConnectWise ScreenConnect remote desktop management tool are being attacked following the release of a Proof-of-Concept (PoC) exploit for a critical security vulnerability in the platform. Researchers warn that the situation could escalate into a massive compromise event. ScreenConnect enables tech support and others to authenticate to a machine as if they were the user. Therefore, it is attractive to threat actors seeking to infiltrate high-value endpoints and other areas of corporate networks.

The US Department of Energy's (DOE) CyberForce Program aims to help build a workforce of skilled cyber defenders for the energy sector by offering engaging competitions, webinars, career fairs, and skill-building resources. The DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and Argonne National Laboratory (ANL) have announced the winners of the recent inaugural CyberForce Conquer the Hill - Command Edition competition.

Threat actors have repurposed SSH-Snake, a recently open-sourced network mapping tool, to perform malicious activities. SSH-Snake is a self-modifying worm that uses SSH credentials found on a compromised system to spread itself across the network. The worm searches known credential locations and shell history files to determine its next step. It was first released on GitHub in early January 2024, and its developer describes it as a "powerful tool" for automatically traversing networks using SSH private keys discovered on systems.

On January 11, 2024, the Science of Security (SoS) initiative held the kickoff meeting for its newest iteration of collaborative academic research, the SoS Virtual Institutes (VIs).

According to Cisco Talos researchers, hackers are abusing the Google Cloud Run service to spread massive amounts of banking Trojans such as Astaroth, Mekotio, and Ousaban. Google Cloud Run allows users to deploy frontend and backend services, websites, and applications, as well as manage workloads, without the need for infrastructure management or scaling.

According to security researchers at Trend Micro, LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev, likely to become LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.  Trend Micro analyzed a sample of the latest LockBit development that can work on multiple operating systems.

US healthcare technology giant Change Healthcare recently fell victim to a cyberattack that resulted in widespread network disruptions.  The incident was initially disclosed on February 21 at 02:15 EST, when the company announced that some of its applications are unavailable.  In an update at 08:38 EST, Change Healthcare said that it was experiencing enterprise-wide connectivity issues as a result of the incident.  Over 100 applications across dental, pharmacy, medical record, clinical, enrollment, patient engagement, revenue, and payment services were listed as affected.

Sylvester Kaczmarek, Chief Technology Officer at OrbiSky Systems, emphasizes the need for robust cybersecurity measures to protect space assets from attacks threatening global stability and security. A cyberattack could disrupt a satellite's service or disable a spacecraft. Expanding the digital realm into space has created new opportunities for cyber threats and presented significant challenges. This article continues to discuss Kaczmarek's insights on the need to improve cybersecurity for satellites as threats to space-based infrastructure rise.