According to researchers at Picus Security, hackers are increasingly deploying "hunter-killer" malware, which is "ultra-evasive, highly aggressive" malware capable of finding and shutting down enterprise security tools in compromised systems. This type of malware enables threat actors to remain undetected for a longer periods of time. There was a 333 percent year-over-year increase in hunter-killer malware in 2023. The researchers observed the prevalence of such malware in the 667,401 files they analyzed.

In a new update, Southern Water recently confirmed that the personal data of both customers and employees had been accessed in a recent ransomware attack.  The UK water supplier revealed that it plans to notify 5-10% of its customer base to inform them that their personal information has been impacted.  With the firm serving around 4.6 million customers in Southern England, this could equate to between 230,000 and 460,000 people.  The company noted that all current employees and some former employees will be notified that their personal data may have been accessed as well.

Actors are exploiting a vulnerability, tracked as CVE-2024-21893, in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA to inject a backdoor called DSLog. According to researchers, the DSLog backdoor uses a unique hash per appliance that cannot be used to contact the same backdoor implemented in another device. This prevents defenders from detecting the presence of the backdoor by trying to contact it, so they should check for the presence of artifacts such as .txt files created by the attacker when triggering the Server-Side Request Forgery (SSRF) vulnerability.

Bank of America is warning customers about a data breach after one of its service providers, Infosys McCamish Systems (IMS), was hacked in 2023. According to details shared with the Attorney General of Texas, the exposed Personally Identifiable Information (PII) included names, addresses, Social Security numbers, dates of birth, and financial information, such as account and credit card numbers.

According to security researchers at Proofpoint, Bumblebee malware has recently re-emerged following a four-month absence from the cyber threat landscape.  The new campaign, observed in February 2024, used a "significantly different" attack chain compared to previous Bumblebee infiltrations.  The researchers noted that the return of Bumblebee coincides with the reappearance of several notorious threat actors at the start of 2024 following a temporary "Winter lull." Bumblebee was frequently observed being used by multiple threat actors from March 2022 through to October 2023.

The Intelligence Advanced Research Projects Activity (IARPA) has launched a program that, for the first time, directly focuses on the psychology of cyberattackers. Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND) aims to use attackers' innate decision-making biases, cognitive vulnerabilities, and other human limitations to combat their attacks. Although attackers often exploit human errors, most cyber defenses do not exploit attackers' cognitive weaknesses. ReSCIND seeks to flip this pattern.

The Intelligence Advanced Research Projects Activity (IARPA) launched the Trojans in Artificial Intelligence (TrojAI) program, which aims to defend AI systems by researching and developing technology capable of detecting and mitigating Trojan attacks. Although AI improves the Intelligence Community's (IC) capabilities, it also raises serious security concerns. The IC faces the challenge of protecting AI systems from malicious Trojan attacks, also known as backdoor or data poisoning attacks. These attacks rely on training AI to react to a certain trigger in its inputs.

According to the Cybersecurity and Infrastructure Security Agency (CISA), a Roundcube email server vulnerability patched in September 2023 is being actively exploited in Cross-Site Scripting (XSS) attacks. The security vulnerability, tracked CVE-2023-43770, is a persistent XSS flaw that enables attackers to gain access to restricted information. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that these security flaws pose significant risks to the federal enterprise.

The US Department of Justice (DOJ) has announced the seizure of online infrastructure used to sell a Remote Access Trojan (RAT) called Warzone RAT. According to the DOJ, the domains were used to sell the computer malware capable of accessing and stealing data from victims' computers. The international law enforcement effort has also arrested and indicted two people in Malta and Nigeria for their roles in selling and supporting the malware, as well as helping other cybercriminals use the RAT. They have been charged with unauthorized damage to protected computers.

Fortinet has recently patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762 and CVE-2024-23313), one of which is “potentially” being exploited in the wild.  CISA noted that CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.