The ChatGPT maker OpenAI has about a month to respond to the Italian data regulator following the agency's investigation that revealed the company's alleged violation of European privacy laws. In 2023, Garante, the Italian data protection authority temporarily banned OpenAI's Large Language Model (LLM) chatbot, citing a violation of the European General Data Protection Regulation (GDPR). It restored in-country access to the chatbot in April after OpenAI agreed to implement age verification and an opt-out form for removing personal data from the LLM.

According to security researchers at Corvus, ransomware incidents surged by 68% in 2023 to reach a record high.  However, law enforcement takedowns are having an impact on the prolific nature of ransomware gangs.  In total, 4496 ransomware leak site victims were observed in 2023.  This compares to 2670 in 2022 and 3048 in 2021.  The researchers also found that the number of active ransomware groups grew by 34% between Q1 and Q4 2023.

Resecurity found the credentials of over 1,572 RIPE, APNIC, AFRINIC, and LACNIC customers on the dark web. These individuals had been compromised because of malware activity involving password stealers such as Redline, Vidar, Lumma, Azorult, and Taurus. The stolen credentials were found to be available for purchase on underground marketplaces.

Security researchers at Shadowserver found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.  Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.

Brazil's Federal Police, with support from cybersecurity researchers, have disrupted the Grandoreiro banking malware operation, which has targeted Spanish-speaking countries since 2017. ESET, Interpol, the National Police of Spain, and Caixa Bank provided critical data that led to the identification and arrest of individuals behind the malware's infrastructure. The police made five arrests and conducted thirteen search and seizure actions in Sao Paulo, Santa Catarina, Para, Goias, and Mato Grosso.

CloudSEK reports that a massive database containing the information of roughly 750 million individuals in India was offered for sale on the dark web earlier this month.  The company noted that the database, 1.8 terabytes in size, contains personal information such as names, mobile phone numbers, addresses, and Aadhaar details (the Aadhaar number is unique to an individual and serves for identification purposes).

Insurance consulting and brokerage firm Keenan & Associates has recently started informing more than 1.5 million individuals that their personal information was stolen in an August 2023 cyberattack.  The company noted that the cyberattack was discovered on August 27, when disruptions occurred on some of its servers, and was contained within hours.  Keenan’s investigation into the cyberattack revealed that an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023.

With support from Lockheed Martin, a team of student researchers at Embry-Riddle Aeronautical University's Prescott Campus are developing a Cellular Intrusion Detection (CID) system aimed at detecting unwanted cellular devices in secure areas. Zachary Traynor, an Electrical Engineering senior, recently interned at Lockheed Martin, learning about multi-level security checks and clearances that protect confidential information and products.

According to researchers from the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT), ambient light sensors are vulnerable to privacy threats when embedded in a smart device's screen. The team has presented a computational imaging algorithm to recover an image of the environment from the perspective of the display screen using these sensors' subtle single-point light intensity changes in order to show how hackers could use them in conjunction with monitors.

The Farm and Food Cybersecurity Act would require the agriculture secretary to conduct a survey every two years on the state of cyber vulnerabilities and threats to the food and agriculture sectors, as well as collaborate with major intelligence community officials to perform exercises simulating industry-disrupting cyberattacks. According to the US Agency for International Development (USAID), cyberattacks on agriculture supply chains pose a significant threat to global food security because the sector's digitization enables hackers to disrupt farming equipment.