Researchers have provided further details regarding the Command-and-Control (C2) server operations of SystemBC, a malware family. SystemBC can be purchased on underground markets and comes in an archive that includes the implant, a C2 server, and a PHP-based web administration portal. Kroll, a risk and financial advisory solutions provider, reported an increase in the use of the malware in the second and third quarters of 2023.

According to a new Specops Software report, 88 percent of organizations continue to rely on passwords as their primary authentication method. The report highlighted that 31.1 million breached passwords had more than 16 characters, suggesting longer passwords are still vulnerable to cracking. Researchers found that 40,000 admin portal accounts were using 'admin' as a password, and only half of organizations scan for compromised passwords more than once a month.

A Russian national has recently been sentenced in the US to five years and four months in prison for his role in the development and distribution of the TrickBot malware.  On November 30, 2023, the man, Vladimir Dunaev, 40, of Amur Oblast, Russia, admitted in court to his role in the TrickBot scheme, which caused tens of millions of dollars in losses to organizations worldwide, including schools and hospitals.

According to Dragos' latest industrial ransomware analysis, threat actors continue to develop new tactics while exploiting zero-day vulnerabilities in order to cause more damage to Industrial Control Systems (ICS) with fewer attacks. Dragos' analysis for the fourth quarter of 2023 reveals that the threat landscape is more sophisticated than ever before despite recent high-profile busts of ransomware operators such as Ragnar Locker and ALPHV. There were fewer ransomware attacks on industrial systems during the analysis period.

Jenkins maintainers have addressed nine security vulnerabilities, including a critical Remote Code Execution (RCE) flaw reported by researcher Yaniv Nizry. Jenkins is a popular open-source automation server with hundreds of thousands of active installations worldwide and over a million users. The automation server helps developers build, test, and deploy their applications. This article continues to discuss the potential exploitation and impact of the critical flaw in Jenkins.

Security researchers at Wordfence have discovered malicious activity targeting a critical severity flaw in the "Better Search Replace" WordPress plugin in the past 24 hours.  Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.  The plugin vendor, WP Engine, released version 1.4.5 last week to address a critical-severity PHP object injection vulnerability tracked as CVE-2023-6933.

Genetic testing provider 23andMe recently confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.  23andMe noted that the credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

Researchers have discovered billions of exposed records on an open instance whose owner is unlikely to be identified. The data leak called the Mother of all Breaches (MOAB) includes records from thousands of compiled and reindexed leaks, breaches, and privately sold databases. The massive leak involves data from multiple previous breaches, totaling about 12 terabytes of information and 26 billion records. It contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data. This article continues to discuss findings regarding the MOAB.