Google recently released patches for 58 vulnerabilities in the Android platform and fixes for three security bugs in Pixel devices.  The first part of Android’s January 2024 update, which arrives on devices as the 2024-01-01 security patch level, addresses ten security holes in the Framework and System components, all rated high severity.  Google noted that the most severe of these issues is a security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.

According to Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), hackers and propagandists are using generative Artificial Intelligence (AI) chatbots such as ChatGPT to make their operations appear more legitimate to native English speakers. Cybercriminals and hackers working for foreign intelligence agencies have been observed using chatbots to appear as native English speakers. Generative AI chatbots have become skilled at mimicking believable and grammatically correct writing.

Threat actors had public access to the private data of hundreds of millions of Brazilians, putting individuals at risk of identity theft, fraud, and targeted cybercrimes. According to Cybernews, a publicly accessible Elasticsearch instance contained a massive amount of private data belonging to Brazilian citizens. Elasticsearch is a popular tool for searching, analyzing, and visualizing large amounts of data. Since the leaked data was not linked to a specific organization, Cybernews was unable to determine the source of the leak.

Researchers have discovered a sophisticated attack campaign dubbed "RE#TURGENCE" that is targeting Microsoft SQL (MSSQL) database servers in the US, EU, and Latin America, to deploy Mimic ransomware payloads. According to a Securonix report, RE#TURGENCE leads to another possible outcome, which is the unlawful sale of access to compromised servers. The malicious actors, who are based in Turkey, appear to be financially motivated. Securonix gained insights into the current attacks after the threat group made a significant Operational Security (OPSEC) lapse.

When an organization faces a ransomware attack and pays the malicious actors behind it to decrypt the encrypted data and delete the stolen data, there is no guarantee that the criminals will do what they promised. Even if an organization's data is decrypted, there is no guarantee that the stolen data has been wiped and will not be used or sold in the future.

Security researchers at FortiGuard have observed that attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary malicious servers to distribute the malware.

Toronto Zoo, the largest zoo in Canada, recently confirmed that a ransomware attack that hit its systems on early Friday, 1/5, had no impact on the animals, its website, or its day-to-day operations.  The zoo said it doesn't store any credit card information and is also investigating whether the incident affected its guests', members', or donors' records.  The zoo said that this incident has not impacted their animal well-being, care, and support systems, and they are continuing with normal zoo operations, including being open to guests.

Cisco Talos researchers collaborated with Dutch police to obtain a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that resulted in the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant that appeared in the wild shortly after the original malware's source code was leaked on a hacker forum. The threat actor used ProxyShell exploits on Microsoft Exchange servers to deploy the data-encrypting malware.

In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September.

According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year.  The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022.  This is an average of nearly 80 new CVEs per day.  The number of published CVEs has been steadily increasing since 2017.