A new variant of the Mispadu banking Trojan is exploiting a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. Mispadu is a Delphi-based information stealer that targets victims in the Latin American (LATAM) region and spreads via phishing emails. In March 2023, Metabase Q found that Mispadu spam campaigns had harvested at least 90,000 bank account credentials since August 2022. It is part of a larger family of LATAM banking malware, including the recently dismantled Grandoreiro.

The rise in teens committing cybercrimes on a large scale and causing real harm in the process should not be ignored. For example, a 17-year-old from California is accused of carrying out hundreds of swattings and bomb threats against a variety of targets, including mosques, FBI offices, and historically Black colleges.

Fuzzing can be an effective tool for identifying zero-day vulnerabilities in software. Therefore, Google has announced that its fuzzing framework, OSS-Fuzz, will now be available for free in order to encourage developers and researchers to use it. Google says that using the framework to automate the manual aspects of fuzz testing with the help of Large Language Models (LLMs) can result in significant security improvements.

The Pennsylvania Courts system has recently been hit by a cyberattack, taking down parts of its website.  The Administrative Office of Pennsylvania Courts revealed via social media that the service had suffered a denial of service (DoS) attack.  The statement noted that court web systems such as PACFile, the use of online docket sheets, and the Guardianship Tracking System were impacted by the incident.  The Administrative Office of Pennsylvania Courts noted that there is currently no indication that any data has been compromised.

Multiple attackers are currently exploiting a Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, tracked as CVE-2024-21893. On January 31, 2024, Ivanti first warned about the flaw in the gateway's Security Assertion Markup Language (SAML) components, assigning it a zero-day status for limited active exploitation and affecting a small number of customers. Exploiting the flaw enabled attackers to bypass authentication and gain access to restricted resources on vulnerable devices.

Three faculty members from UC San Diego's Department of Computer Science and Engineering (CSE) are some of the first academic researchers worldwide to receive Google's Trust and Safety Research Award. Google selected CSE professors Taylor Berg-Kirkpatrick and Stefan Savage for a collaborative proposal that combines their expertise in Natural Language Processing (NLP) and cybersecurity. The researchers plan to use Large Language Models (LLMs) to gain insight into digital fraudster behavior by experimenting with chatbots as honeypots.

Mastodon, the free and open-source decentralized social networking platform, has recently fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.  The platform became popular after Elon Musk acquired Twitter and now boasts nearly 12 million users spread across 11,000 servers.  Servers on Mastodon are autonomous but interconnected (through a system known as "federation") communities that have their own guidelines and policies, controlled by owners who provide the infrastructure and act as administrators of their servers.

Law enforcement in 50 countries recently arrested 31 individuals in a global operation targeting ransomware, banking malware, and phishing.  Named Synergia and running from September to November 2023, the operation resulted in the identification of more than 1,300 suspicious command-and-control (C&C) servers, 70% of which have been taken down.  The Interpol-led operation extended to the APAC, EMEA, and other regions, involving 60 law enforcement agencies across 50 participating countries.

Two new regulatory filings have revealed the surging costs associated with ransomware and other cyber-related incidents.  Clorox had a major operational disruption in an attack discovered on August 14 last year, forcing it to revert to manual ordering and processing.  A new SEC filing late last week revealed expenses associated with the incident of $49m in the six months to December 31, 2023.

Escape's security research team conducted a scan of 189.5 million URLs and discovered the exposure of over 18,000 Application Programming Interface (API) secrets. Forty-one percent of the exposed secrets were highly critical, which could pose financial risks to organizations. Hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks have all been exposed.