The National Security Agency (NSA) has partnered with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the UK National Cyber Security Center (NSC-UK) on a Cybersecurity Technical Report (CTR) titled "Identifying and Mitigating Living Off the Land Techniques," which provides guidance on how to defend against common Living Off the Land (LOTL) methods. Instead of placing malicious code into a system, LOTL threats exploit existing system tools to bypass security measures, making cyberattacks more difficult to detect and mitigate.

"The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."

Google has recently launched a pilot program aimed at enhancing financial fraud protection for Android users in Singapore.  To address security concerns associated with standalone app distribution sources like web browsers and messaging apps, Google introduced enhanced real-time scanning through Google Play Protect in October 2023.  Google noted that this feature aims to detect and block malicious apps, particularly those downloaded from the internet, thereby enhancing user safety.

According to a new SecurityScorecard report, in 2023, 90 percent of the world's top energy companies experienced data breaches caused by third parties. Their growing reliance on digital systems causes an increase in attacks on infrastructure networks. The breaches have resulted in financial losses, damaged reputations, and eroded trust. There were 264 reported breaches in the energy sector stemming from third-party issues. Confirmed third-party breaches affected the top ten energy companies in the US.

The China-backed hacking group Volt Typhoon failed to revive a botnet recently shut down by the FBI. The botnet had previously been used in attacks against US critical infrastructure. Before the KV-botnet was taken down, it enabled the Volt Typhoon threat group to evade detection by proxying malicious activity through hundreds of compromised Small Office/Home Office (SOHO) routers. On December 6, the FBI obtained a court order authorizing it to dismantle the botnet.

Mitsubishi Electric recently announced that two potentially serious vulnerabilities have been found in their factory automation products.  Mitsubishi Electric said several factory automation (FA) products are impacted by a high-severity authentication bypass and a critical remote code execution vulnerability.  Impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX.

An international initiative involving over 35 nations aims to combat hack-for-hire operations. At a recent conference, countries led by the US, UK, and France, together with companies including Google, Apple, BAE Systems, and Microsoft, signed a declaration called the "Pall Mall Process." The goal is to establish guiding principles and policy options for states, industry, and civil society regarding developing and implementing commercially available cyber intrusion capabilities.

JetBrains has addressed a critical authentication bypass vulnerability, tracked as CVE-2024-23917, that affects TeamCity On-Premises continuous integration and deployment servers. The vulnerability could enable an unauthenticated threat actor with HTTP(S) access to a TeamCity server to evade authentication controls and gain administrative access on the server. JetBrains TeamCity servers were a popular target for state-sponsored hackers in 2023, exploiting another authentication bypass vulnerability, tracked as CVE-2023-42793.

The Shim maintainers have released version 15.8 to fix six security flaws, including a critical bug that could enable Remote Code Execution (RCE) under certain conditions. Shim is described as a "trivial" software package designed to serve as a first-stage boot loader on Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, tracked as CVE-2023-40547 with a CVSS score of 9.8, could be exploited to bypass Secure Boot.

According to security researchers at Chainalysis, ransomware actors collected over $1bn in extortion money from their victims in 2023, a record high.  The researchers noted that this is a conservative estimate of the financial impact of ransomware last year, as new cryptocurrency addresses are likely to be discovered over time.  The researchers said the figure for 2022 has already been revised up 24% to $567m, for example.