According to researchers at Abnormal Security, email attacks involving QR codes, also known as quishing attacks, increased significantly in the fourth quarter of 2023. Quishing attacks can evade email security solutions or spam filters. Abnormal Security discovered that quishing attacks increased by a factor of 42. These attacks primarily targeted C-level executives. About 90 percent of detected quishing attacks aimed to steal login credentials. This article continues to discuss the rise in quishing attacks.

According to CybSafe, 97 percent of office employees in the UK and US trust that their cybersecurity team can prevent or mitigate the damage caused by cyberattacks. CybSafe examined attitudes toward cybersecurity teams within organizations and discovered that employees have high levels of trust and appreciation for such teams despite there being issues with communication and processes. Cybersecurity teams and professionals are increasingly regarded as a critical strategic function supporting individual and business success.

The NFL's digitization of almost every aspect of this year's Super Bowl has created new vulnerabilities and targets for cybercriminals. Threats to arena security include ransomware attacks on critical systems, phishing attacks, credential theft, and breaches of personal data belonging to fans, NFL employees, players, and coaches. This article continues to discuss the attack surface presented to cybercriminals by the Super Bowl.

The U.S. government revealed that Chinese sponsored hacking group has embedded into many infrastructure networks including communications, energy, water and wastewater systems, and transportation. Agencies believe that this is a pre-positions effort that might allow future disruptions to these systems at a later time. The Volt Typhoon actors use these embedded hooks to learn about the target organizations and to be able to develop specialized attacks. This article is also related to the Living-off-the-Land guidance issued by CISA.

It was recently announced that a data breach at Connecticut College early last year resulted in the unauthorized release of personal information, including social security numbers, for an unspecified number of people affiliated with the private liberal arts college in New London.  The college said that the breach was detected in March 2023 and prompted college officials to contact law enforcement and take steps to "remediate" the issue and launch a third-party investigation.

A new study by William & Mary (W&M), Google, and IBM researchers examined 2,060 House, Senate, and presidential campaigns from the 2020 US election cycle, marking the first large-scale analysis of political campaign websites' privacy practices. According to the study, those campaigns often retained private data for an unspecified time, provided incomplete or no privacy disclosures, and were likely to share or sell data.

Car maker Hyundai Motor Europe has recently suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.  Hyundai Motor Europe is Hyundai Motor Company's European division, headquartered in Germany.  Hyundai Motor Europe says it is investigating a case in which an unauthorized third party has accessed a limited part of its network.  The investigation is ongoing, and local law enforcement has been notified.

The US Secretary of Commerce, Gina Raimondo, has announced the launch of the US Artificial Intelligence (AI) Safety Institute Consortium (AISIC), which will bring AI creators, academics, government researchers, civil society organizations, and more together to support the development and implementation of safe and trustworthy AI. The consortium will contribute to President Biden's Executive Order priority actions, such as developing guidelines for red-teaming operations, capability evaluations, risk management, security, and watermarking synthetic content.