According to a new report from the mobile security platform provider Zimperium, mobile banking heists increased in 2023, with researchers discovering 29 malware families that targeted 1,800 banking apps across 61 countries. The "2023 Mobile Banking Heists Report" explains how banking trojans have continued to grow and succeed due to their ability to persist, circumvent security, and evade detection on mobile devices. US banking institutions remain a favorite target of financially motivated threat actors, with 109 US banks targeted by banking malware in 2023.

According to researchers, MuddyWater, a cyber espionage group linked to Iran's intelligence service has been targeting telecommunications companies in Egypt, Sudan, and Tanzania. Marc Elias, a threat intelligence analyst at Symantec, says this is likely the first time the MuddyWater group has targeted organizations in Africa. In previously reported attacks, the hackers were mainly interested in entities in the Middle East.

Security researchers at Resecurity have recently observed a new fraudulent campaign orchestrated by the Smishing Triad gang and, impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.  The researchers noted that the group is operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreign Affairs.  The campaign specifically targets UAE residents and foreigners in the country.

The National Security Agency (NSA) has released its 2023 Cybersecurity Year in Review, covering its recent cybersecurity successes as well as how it is collaborating with partners to deliver on cybersecurity advances aimed at improving national security. This year's report delves into NSA's collaboration with US government partners, foreign partners, and the Defense Industrial Base (DIB).

Security researchers at Ruhr-Universität Bochum discovered a flaw in the SSH cryptographic network protocol that could enable an attacker to reduce the security of the SSH connection by truncating the extension negotiation message. According to the researchers, Terrapin is a prefix truncation attack that targets the SSH protocol. An attacker can remove an arbitrary number of messages sent by the client or server at the start of the secure channel by carefully adjusting the sequence numbers during the handshake, without the client or server noticing.

Researchers have discovered a GitHub account abusing two different features of the website to host stage-two malware. Hackers are increasingly repurposing public services for their activities, housing malware in public code repositories or file-sharing services, and conducting command-and-control (C2) from messaging apps. They sometimes use Software-as-a-Service (SaaS) platforms in unexpected ways. A user by the name of "yeremyvalidslov2342" is continuing this tactic. The individual has been linked to multiple malicious packages identified by ReversingLabs on December 19.

According to a new joint cybersecurity advisory from the US and Australia, the threat actors behind the Play ransomware are estimated to have hit about 300 entities as of October 2023. Authorities said that Play ransomware actors use a double-extortion model, encrypting systems after stealing data. The group has impacted various businesses and critical infrastructure organizations in North America, South America, Europe, and Australia.

According to security researchers at Qualys Threat Research Unit (TRU), a total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs.  Notably, less than 1% of these vulnerabilities posed the highest risk, being actively exploited in the wild by ransomware, threat actors, and malware.  The researchers also found that 97 high-risk vulnerabilities, likely to be exploited, were not part of the CISA Known Exploited Vulnerabilities catalog, and 25% of high-risk vulnerabilities were exploited the same day they were published.

According to the US Department of Justice (DOJ), the FBI successfully breached the BlackCat/ALPHV ransomware operation's servers to monitor activities and obtain decryption keys. On December 7, it was first reported that the group's websites, including the ransomware gang's Tor negotiation and data leak websites, had suddenly stopped working. The BlackCat/ALPHV administrator claimed it was a hosting problem, but researchers discovered it was connected to a law enforcement operation.

Comcast’s Xfinity recently announced that customer information had been compromised in a cyberattack that involved exploitation of the vulnerability known as CitrixBleed.  CitrixBleed, officially tracked as CVE-2023-4966, is a critical vulnerability affecting Citrix’s Netscaler ADC and Gateway appliances. Malicious actors can exploit the flaw to hijack existing sessions, which can give them access to the targeted organization’s systems. Patches were announced by Citrix on October 10, but the vulnerability had been exploited as a zero-day since August.