Resecurity identified malicious actors selling a large number of AnyDesk customer credentials on the dark web. This credential leak is suspected to be the result of infostealer infections. The leaked information could be of significant value to both Initial Access Brokers (IABs) and ransomware groups familiar with AnyDesk, which is one of the tools often used after successful network intrusions.

There has been little research on how to run a password update campaign efficiently and with minimal Information Technology (IT) costs. Therefore, a team of computer scientists at the University of California, San Diego, collaborated with the campus' IT Services to analyze the messaging for a campuswide mandatory password change that affected nearly 10,000 faculty and staff members. Email notifications to update passwords yielded diminishing returns after three messages.

Gartner analysts predict that deepfakes, which are Artificial Intelligence (AI)-generated replicas of a person's likeness, will lower confidence in face biometric authentication solutions for 30 percent of companies by 2026. According to Akif Khan, VP analyst at Gartner, face-based identity verification and authentication systems will struggle to catch up with AI imitations as they become more realistic and easy to generate. Currently, most face biometric solutions rely on Presentation Attack Detection (PAD) to determine the "liveness" of a person trying to authenticate using their face.

Hydropower, one of the oldest forms of energy generation in the US, makes up 6 percent of the country's electricity supply. However, as the country continues to modernize the electric grid, hydropower, like other technologies, is increasingly relying on digital control systems, thus calling for training and recruitment of the next generation of cybersecurity experts. Pacific Northwest National Laboratory (PNNL) has launched the Training Outreach and Recruitment for Cybersecurity in Hydropower (TORCH) program at the University of Texas at El Paso (UTEP).

The U.S. Treasury Department recently announced sanctions against a half dozen Iranian government officials for their role in targeting devices at a Pennsylvania water utility in November 2023.

According to Gcore, Distributed Denial-of-Service (DDoS) attack trends for the second half of 2023 reveal alarming increases in scale and sophistication. The maximum attack power increased from 800 Gbps to 1.6 Tbps. User Datagram Protocol (UDP) floods dominate, making up 62 percent of DDoS attacks. Transmission Control Protocol (TCP) floods and Internet Control Message Protocol (ICMP) attacks continue to be popular, comprising 16 percent and 12 percent of total activity, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, made up for only 10 percent.

From April 2022 to November 2023, the Russian state-sponsored hacking group APT28 conducted NT LAN Manager (NTLM) v2 hash relay attacks using various methods, focusing on high-value targets worldwide. The attacks targeted organizations involved in foreign affairs, energy, defense, transportation, and more. This article continues to discuss APT28's targeting of high-value organizations with NTLM v2 hash relay attacks.

According to security researchers at Trustpair, 96% of US companies were targeted with at least one fraud attempt in the past year.  In the past year, many US companies (83%) saw an increase in cyber fraud attempts on their organization.  The researchers noted that Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations.  CEO and CFO impersonations (44%) were the third most common type of fraud.

Lurie Children's Hospital in Chicago was recently forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.  Lurie Children's is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees.  The hospital is providing care for over 200,000 children annually.

Cloudflare has revealed that a suspected nation-state actor breached its internal Atlassian server. They gained access to its Confluence wiki, Jira bug database, and Bitbucket source code management system. On November 14, the threat actor accessed Cloudflare's self-hosted Atlassian server before moving on to the company's Confluence and Jira systems. To access its systems, the attackers used one access token and three service account credentials stolen from a previous compromise related to Okta's breach in October 2023. This article continues to discuss the Cloudflare hacking incident.