According to the Identity Theft Resource Center (ITRC), the number of reported data compromises in the US in 2023 increased by 78% compared to 2022, reaching 3205.  The number of victims of these data breaches reached 353,027,892.  The ITRC noted that while this is still a staggering number, it represents a 16% decrease compared with 2022.  The ITRC believes that the general trend of the number of victims dropping is because organized identity criminals now focus on specific information and identity-related fraud and scams rather than mass attacks.

Researchers, staff, and licensees from the Department of Energy's Oak Ridge National Laboratory (ORNL) were honored in the Federal Laboratory Consortium's (FLC) annual awards competition. There are 32 award winners, including ORNL, for contributions to technology transfer, turning advanced research into impactful products and services. ORNL's Heartbeat and Situ technologies provide new methods for advanced cybersecurity monitoring in real time.

According to security researchers at Bugcrowd, the government sector has witnessed the most significant growth in crowdsourced security in 2023, marking a 151% increase in vulnerability submissions and a substantial 58% rise in Priority 1 (P1) rewards for critical vulnerabilities.  The researchers noted that there was a noteworthy increase in vulnerability submissions also observed in the retail (+34%), corporate services (+20%), and computer software (+12%) sectors.

ESET researchers have uncovered NSPX30, an implant used by the China-aligned Advanced Persistent Threat (APT) group called Blackwood. Blackwood has conducted cyber espionage operations against individuals and organizations in China, Japan, and the UK. It uses Adversary-in-the-Middle (AitM) techniques to take over update requests from legitimate software in order to deliver the NSPX30 implant. According to ESET, based on the NSPX30's evolution mapping, the sophisticated implant's earlier ancestor is Project Wood, a simple backdoor. The oldest sample was compiled in 2005.

Millions of names, usernames, and emails associated with public Trello boards have been made available for sale on the dark web, potentially leading to Account Takeover (ATO) and spear-phishing attacks. Atlassian, Trello's parent company, now says it has made changes to a critical Application Programming Interface (API) to prevent scraping attacks. Trello, a project management and collaboration platform, allows users to make their "boards" or workspaces publicly findable, facilitating collaboration between different companies and stakeholders.

In a recent SEC filing, Hewlett Packard Enterprise (HPE) revealed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government.  The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment.   HPE says that it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023.

Mozilla recently announced security updates for both Firefox and Thunderbird to patch 15 vulnerabilities, including five rated "high severity." The first high-severity flaw is an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the open-source graphics engine used as the default WebGL backend in both Firefox and Chrome.  Tracked as CVE-2024-0741, Mozilla noted that the issue could be exploited to corrupt memory and cause a crash that could potentially lead to denial of service or arbitrary code execution.

A team of researchers from Concordia and Hydro-Quebec conducted a study on the risks of cyberattacks faced by offshore wind farms. The researchers focused on wind farms that use Voltage-Source Converter High-Voltage Direct-Current (VSC-HVDC) connections, which are quickly becoming the most cost-effective solution for harvesting offshore wind energy. Offshore wind farms rely on complex, hybrid communication architecture, thus providing multiple entry points for cyberattacks.

Some Virtual Reality (VR) technologies pose significant privacy risks by improperly collecting and sharing users' data. Yan Shvartzshnaider, an assistant professor in the Electrical Engineering and Computer Science Department at York University's Lassonde School of Engineering, is working to address virtual privacy concerns and develop cybersecurity solutions.

Researchers at the University of Alabama in Huntsville (UAH) are leading a NATO collaboration to address emerging security challenges posed by quantum technologies. Quantum computers use quantum phenomena to solve mathematical problems that conventional computers find difficult or intractable. Researchers have stressed that quantum computers will eventually be able to break many of today's public-key cryptosystems, thus putting digital communications at risk.