The Glupteba botnet uses a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, increasing the sophistication of the malware. According to Palo Alto Networks' Unit 42 researchers, this bootkit can interfere with and control the operating system boot process, allowing Glupteba to hide and create a stealthy persistence that is difficult to detect and remove. Glupteba is an information stealer and backdoor that can facilitate illicit cryptocurrency mining and launch proxy components on infected hosts.

According to a MixMode report, while the use of Artificial Intelligence (AI) in cybersecurity has increased, large-scale adoption remains hindered by a lack of expertise, budget, and trust. The report surveyed 641 Information Technology (IT) and security practitioners in the US to better understand the state of AI in cybersecurity. It found that AI adoption is still in its early stages. Fifty-two percent of respondents believe AI adoption in cybersecurity is in its early stage, with only 18 percent saying their AI tools and practices are fully mature.

The Department of Justice (DoJ) recently announced that two cab drivers accused of being involved in a hacking scheme targeting the taxi dispatch system at John F. Kennedy International Airport have been sentenced to prison.  The individuals are Daniel Abayev, sentenced to four years in prison, and Peter Leyman, sentenced to two years in prison.  The DoJ noted that they were also sentenced to three years of supervised release and were each ordered to pay $160,000 in forfeiture and nearly $3.5 million in restitution.

Researchers at Cisco Talos discovered a stealthy espionage campaign aimed at an Islamic charitable nonprofit organization in Saudi Arabia. According to the researchers, the long-term campaign, which appears to have been active since March 2021, relies on a previously undocumented custom backdoor called Zardoor. The malware steals data from the unspecified victim organization about twice a month. The deployment of modified reverse-proxy tools, as well as the ability to dodge detection for over two years, suggest that an "advanced" threat actor carried out the attack.

TheTruthSpy, a consumer-grade spyware operation, poses a significant security and privacy risk to people whose Android devices have been unknowingly compromised by its mobile surveillance apps due to a security flaw that its operators have never fixed. Two hacking groups, SiegedSec and ByteMeCrew, have independently discovered the flaw that enables mass access to victims' stolen mobile device data from TheTruthSpy's servers. This article continues to discuss the vulnerability enabling mass access to stolen mobile data. 

Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has recently informed the US Securities and Exchange Commission that it fell victim to a cyberattack.  According to the company, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.  The company noted that an investigation into the nature and scope of the incident was launched with the assistance of leading third-party cybersecurity experts, and it took steps to contain, assess, and remediate the activity, including taking certain systems offline.

The US Cybersecurity and Infrastructure Security Agency established the Joint Cyber Defense Collaborative (JCDC) to propel unified efforts across public and private partners in order to accomplish important cybersecurity outcomes. The JCDC has released its 2024 priorities, which are not that of CISA alone but also reflect shared goals for government, industry, and international partners.

According to researchers at Picus Security, hackers are increasingly deploying "hunter-killer" malware, which is "ultra-evasive, highly aggressive" malware capable of finding and shutting down enterprise security tools in compromised systems. This type of malware enables threat actors to remain undetected for a longer periods of time. There was a 333 percent year-over-year increase in hunter-killer malware in 2023. The researchers observed the prevalence of such malware in the 667,401 files they analyzed.

In a new update, Southern Water recently confirmed that the personal data of both customers and employees had been accessed in a recent ransomware attack.  The UK water supplier revealed that it plans to notify 5-10% of its customer base to inform them that their personal information has been impacted.  With the firm serving around 4.6 million customers in Southern England, this could equate to between 230,000 and 460,000 people.  The company noted that all current employees and some former employees will be notified that their personal data may have been accessed as well.

Actors are exploiting a vulnerability, tracked as CVE-2024-21893, in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA to inject a backdoor called DSLog. According to researchers, the DSLog backdoor uses a unique hash per appliance that cannot be used to contact the same backdoor implemented in another device. This prevents defenders from detecting the presence of the backdoor by trying to contact it, so they should check for the presence of artifacts such as .txt files created by the attacker when triggering the Server-Side Request Forgery (SSRF) vulnerability.