Attackers can gain root access on multiple major Linux distributions in their default configurations by exploiting a Local Privilege Escalation (LPE) vulnerability in the GNU C Library (glibc). This security flaw, tracked as CVE-2023-6246, was discovered in a glibc function called by the syslog and vsyslog functions to write messages to the system message logger. The flaw stems from a heap-based buffer overflow vulnerability that was accidentally introduced in glibc 2.37 and later backported to glibc 2.36.

CyberArk has released an online version of its open-source White Phoenix ransomware decryptor to help ransomware victims recover their files. Users can upload encrypted files using this new online version and then the tool ensures that as many files as possible are recoverable. The effectiveness of CyberArk's White Phoenix ransomware decryptor is heavily dependent on the encryption type and ransomware variant used. PDF, Word, Excel, ZIP, and PowerPoint files are all supported. This article continues to discuss CyberArk's White Phoenix ransomware decryptor.

Attackers exploited a pair of now-patched critical zero-day vulnerabilities in Ivanti VPNs. They have used the flaws to launch a Rust-based set of backdoors, which then download a backdoor malware called "KrustyLoader." The two flaws enable unauthenticated Remote Code Execution (RCE) and authentication bypass, impacting Ivanti's Connect Secure VPN gear. This article continues to discuss the Ivanti vulnerabilities and their exploitation by attackers.

According to security researchers at RedHunt, a GitHub token leaked by a Mercedes-Benz employee provided access to all the source code stored on the carmaker’s GitHub Enterprise server.  The token, discovered during an internet scan, was leaked in the employee’s GitHub repository, providing unrestricted and unmonitored access to the source code.  The researchers stated that the breach occurred on September 29, 2023, but was not discovered until January 11, 2024.  Mercedes revoked the leaked token on January 24, two days after being alerted of the incident.

The US Treasury Department recently announced sanctions against two "cybersecurity experts" accused of running a platform affiliated with the Islamic State group.  The sanctioned individuals are both Egyptian nationals.  One of them is Mu'min Al-Mawji Mahmud Salim, the creator of a platform named Electronic Horizons Foundation (EHF), which provides cybersecurity training and guidance to ISIS supporters.  The platform offers information on conducting cyber operations, including for evading law enforcement and working with cryptocurrencies.

Four researchers from Cornell Tech won the Outstanding Paper Award at the 2023 Empirical Methods in Natural Language Processing (EMNLP) Conference for their paper titled "Text Embeddings Reveal (Almost) As Much As Text." Their paper delves into privacy concerns regarding text embeddings, a Natural Language Processing (NLP) technique that addresses the challenges posed by the nuanced and ambiguity of words and phrases. Machines can quickly and efficiently understand numbers, but human language is more complicated.

The IBM Institute for Business Value discovered that 84 percent of CEOs are concerned about widespread or destructive cyberattacks that generative Artificial Intelligence (AI) adoption could cause. As organizations consider how to incorporate generative AI into their business models and assess the security risks the technology may introduce, it is essential to look at the top attacks that threat actors could use against AI models.

Associate Research Professor Charles Harry at the University of Maryland shares his insights on the creativity of today's cyberattacks, as well as the five most unlikely places people could be vulnerable. Cyberattacks have grown in sophistication and complexity, with malicious hackers becoming more skilled at developing malware or gaining access to networks. Harry emphasizes that anyone who visits a commercial, government, or institutional website is a potential entry point.

Ukraine's National Cyber Security Coordination Center (NCSCC) has warned its military members about a new phishing campaign launched by the Russian-backed cybercriminal group APT28. According to the NCSCC, APT28 is targeting military personnel and units of the Ukrainian Defense Forces through phishing emails in an attempt to gain access to military email accounts. APT28, also known as Fancy Bear or Sandworm Team, was formed in 2004 and has been linked to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.

In response to the Chinese state-sponsored hacking group Volt Typhoon targeting critical infrastructure in the US, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) dismantled the group's infrastructure. It has been reported that the DOJ and the FBI sought and received a court order to disable the Volt Typhoon hacking campaign remotely.