Ukraine's defense intelligence directorate claims to have conducted a successful cyber operation against the Russian government's civil aviation agency, Rosaviatsia. Rosaviatsia is in charge of overseeing and ensuring the safety of Russia's civil aviation industry. As a result of the hack, the agency obtained "a large volume of confidential documents," including a list of daily reports from Rosaviatsia. This appears to be the first time the Ukrainian government has accepted responsibility for a cyber operation against a Russian target.

The Municipal Water Authority of Aliquippa (MWAA) was targeted by the Iranian hacker group called Cyber Av3ngers, who took control of one of its booster stations. The attack did not affect the facility's operations, water supply, or drinking water. It is a public utility that provides water service to Aliquippa, Pennsylvania residents and businesses. In order to make sure that its customers have access to clean, safe, and reliable water, the MWAA runs and maintains a network of water mains, pipes, and treatment facilities.

Threat actors are building a Mirai-based Distributed Denial-of-Service (DDoS) botnet called InfectedSlurs by exploiting previously unknown vulnerabilities in certain routers and Network Video Recorder (NVR) devices. If the device manufacturers' default admin credentials have not been changed, the zero-day Remote Code Execution (RCE) vulnerabilities can be exploited. Akamai's Security Intelligence Response Team (SIRT) researchers said they discovered the botnet through their global honeypots. It was found targeting NVR devices from a specific manufacturer.

More discoveries have been made about Telekopye, a malicious Telegram bot used by threat actors to carry out large-scale phishing scams. According to ESET security researcher Radek Jizba, Telekopye can create phishing websites, emails, SMS messages, and more. The threat actors, codenamed "Neanderthals," run the criminal enterprise as a legitimate company. Its hierarchical structure includes members who take on different roles.

A new version of the multi-platform malware called SysJoker has been discovered, complete with a code rewrite in the Rust programming language. SysJoker is a stealthy Windows, Linux, and macOS malware that was first documented and analyzed by Intezer in early 2022. The company found and examined C++ versions at the time. The backdoor had in-memory payload loading, many persistence mechanisms, Living off the land (LOTL) commands, and a complete lack of detection on VirusTotal for all of its OS variants. This article continues to discuss the new version of the SysJoker malware.  

Title insurance giant Fidelity National Financial (FNF) is experiencing service disruptions after it has taken down multiple systems to contain a cyberattack.  The incident was first detected right before Thanksgiving and has impacted “title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries.”  According to the company, its F&G Annuities & Life subsidiary, which provides insurance solutions, was unaffected.

Researchers have discovered a way to compromise three of the most commonly used fingerprint readers in today's PCs. With Microsoft's support, Blackwing Intelligence analysts attempted to circumvent the biometric security provided by a Dell Inspiron 15, a Lenovo ThinkPad T14, and the Microsoft Surface Pro 8/X.

A prolific threat actor was recently spotted on the dark web selling what they claim to be sensitive information stolen from General Electric.  A threat actor, IntelBroker, is selling data stolen from the company on a popular dark web marketplace.  IntelBroker claimed that the data includes a lot of DARPA-related military information, files, SQL files, and documents.  The malicious actor also shared screenshots of some of the data to prove the information was authentic.  IntelBroker has a history of successful high-profile breaches to their name.

The UK National Cyber Security Centre (NCSC) has published Artificial Intelligence (AI) cybersecurity guidelines developed with the help of the US Cybersecurity and Infrastructure Security Agency (CISA), similar agencies, CERTs from around the world, and industry experts. They hope to help developers and providers of AI-powered systems in building AI systems that work as intended, are available when needed, and do not reveal sensitive data to unauthorized parties.

Decentralized exchange KyberSwap has recently become the latest crypto firm to lose millions to digital thieves.  The company revealed that a cyberattack took place on November 22, resulting in a loss of nearly $55m in users’ funds.  On November 22 at 10:54 PM UTC, attackers exploited KyberSwap Elastic smart contracts using a series of complex actions to conduct exploitative swaps, enabling the withdrawal of users’ funds into the attackers’ wallets.  Around $54.7m of users’ funds were exploited by the attackers.