Xamalicious is a new Android backdoor that can perform various malicious actions on infected devices. The malware discovered by the McAfee Mobile Research Team was created using an open-source mobile app framework called Xamarin. It exploits the operating system's accessibility permissions to achieve its goals. It can also gather metadata about the compromised device and contact a command-and-control (C2) server to retrieve a second-stage payload, but only after determining whether it meets the criteria.

Distributed Denial-of-Service (DDoS) attacks have far-reaching consequences beyond inconvenience, as they can cause financial losses, result in compromised data, and erode customer trust. It is important for organizations and individuals to gain further insight into the nature and consequences of DDoS activity to protect their online presence and ensure that critical services continue to flow. To help organizations improve their cybersecurity strategies, Help Net Security has highlighted some excerpts from DDoS attack surveys covered in 2023.

Foreign cyber actors, mainly based in Russia, Iran, and China, are increasing their efforts to influence US audiences ahead of the 2024 national elections. Doppelganger, a Russia-based influence operation, is one example that has established several fake news sites and social media accounts to share stories aimed at inciting political and social divisions in the US in the run-up to the elections. A December 2023 report from Recorded Future identified the Doppelganger group, operating through three sites, each posing as a legitimate news outlet.

Integris Health, Oklahoma's largest non-profit healthcare system, has recently started informing patients of a data breach impacting their personal information.  The data breach occurred at the end of November, but the attack did not impact the healthcare provider's operations.  The company announced that the compromised personal information includes names, contact information, dates of birth, demographic data, and Social Security numbers.  Integris Health says that the personal information potentially affected varies by individual.

Since 2019, Operation Triangulation spyware attacks on iPhone devices have used undocumented features in Apple chips to evade hardware-based security protections. Over the past year, analysts have been reverse-engineering the sophisticated attack chain to get further details on the campaign discovered in June 2023. The use of obscure hardware features, most likely reserved for debugging and factory testing, to execute spyware attacks against iPhone users suggests that an advanced threat actor carried out the campaign.

The systems and operations of First American Financial Corporation and several of its subsidiaries appear to have been significantly disrupted by a cyberattack. First American provides title insurance and settlement services to the real estate and mortgage industries. It’s one of the largest title insurance companies in the United States.

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS has recently confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people.  The company announced that the hackers stole personal information from 82,128 people during a December 2022 data breach.  Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.

Mint Mobile has recently disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.  Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans.  On December 22nd, the company began notifying customers via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.

Security researchers at Scam Sniffer have discovered a new series of "crypto drainer" malware attacks that have stolen $59m from victims so far after luring them to phishing pages via Google and X ads.  The researchers defined a crypto drainer as a type of malware that tricks the user into approving a transaction, which then automatically drains their cryptocurrency wallets.  The researchers revealed that one particular version, MS Drainer, was behind the new spate of attacks.

Security researchers at ReasonLabs have discovered that three malicious Chrome extensions posing as VPNs were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.  The researchers noted that the malicious extensions are spread via an installer hidden in pirated copies of popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4, which are distributed from torrent sites.  The researchers notified Google of its findings, and the tech giant removed the offending extensions from the Chrome Web Store.