An Ohio banking company recently announced that it was impacted by a “security incident” in April. Middlefield Bank experienced a data security incident that impacted certain computer systems and caused a temporary disruption to certain corporate operations around April 12, 2023. The company said it promptly launched an investigation and only recently concluded its review around November 21, at which time it was able to determine the individuals included in the potentially impacted data set.

According to the Court Services Victoria (CSV), court cases and tribunals in Australia have recently been impacted by a cybersecurity incident, with attackers potentially accessing recordings of hearings.  The CSV revealed the incident in a statement on January 2, 2024.  This public notice came some 12 days after the CSV was first alerted to the cyber incident on December 21, 2023.  The CSV said it took time to establish which recordings and transcripts were affected.

The Knight Foundation School of Computing and Information Sciences (KFSCIS) Research Symposium featured innovations in cybersecurity, Artificial Intelligence (AI), data science, federated learning, and more. Maryna Veksler, Harun Oz, and Mahshad Shariatnasab are three KFSCIS Ph.D. students who received top honors at the symposium for their work in cybersecurity and AI. Oz presented research on a newly discovered attack vector that may increase the risk of ransomware attacks.

The National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project aims to deliver cybersecurity guidance that will help consumers and operators of 5G networks adopt, deploy, and use 5G technology in a more secure and privacy-enhancing way. The NCCoE 5G Cybersecurity project involves building a 5G network using commercial-grade telecommunication components found in 5G networks worldwide.

A new study conducted by researchers at the University of Waterloo reveals that Large Language Models (LLMs) repeat conspiracy theories, harmful stereotypes, and other types of misinformation. The researchers tested an early version of ChatGPT's understanding of facts, conspiracies, controversies, misconceptions, and more. This study is part of the researchers' efforts to explore human-technology interactions and determine how to mitigate risks. They found that GPT-3 often made errors, contradicted itself, and repeated harmful misinformation.

Daniel Balasubramanian, a senior research scientist at Vanderbilt's Institute for Software Integrated Systems, will lead a four-year Defense Advanced Research Projects Agency (DARPA) grant to create realistic network environments for training cyber agents to combat advanced and persistent cyber threats. According to Cybersecurity Ventures, the cost of cybercrime globally could reach $9.5 trillion in 2024, with a single data breach potentially costing millions of dollars.

According to CloudSEK researchers, a threat actor known as PRISMA boasted a powerful zero-day exploit and developed a sophisticated solution for generating persistent Google cookies by manipulating a token. This exploit allows for continued access to Google services, even after a user's password has been reset. Open Authorization 2.0 (OAuth 2.0) is a protocol for securing and authorizing access to resources on the Internet.

A zero-day vulnerability impacting Barracuda Networks' Email Security Gateway (ESG) enables hackers to install backdoors. The vulnerability exists in Spreadsheet::ParseExcel, an open-source library for processing Excel files. The library is used by the Amavis virus scanner on the ESG to scan Excel attachments sent via email. The vulnerability, tracked as CVE-2023-7102, allows malicious Excel attachments to run arbitrary code on a Barracuda ESG. According to Barracuda, there have already been several exploits of this vulnerability.

The Resecurity's HUNTER unit discovered a new version of the Meduza stealer that supports more software clients, including browser-based cryptocurrency wallets. Meduza 2.2 also has an improved credit card grabber. According to researchers, Meduza is a strong competitor to Azorult, Redline, Racoon, and Vidar Stealer for Account Takeover (ATO), online banking theft, and financial fraud. This article continues to discuss key findings regarding the new version of the Meduza stealer.

The complexity of Application Programming Interface (API) security continues to grow as technology advances. The rise of APIs in modern applications and services calls for organizations to better understand their API environments and the operational risks that APIs pose. Graylog CEO Andy Grolnick highlights several key trends and predictions that will shape the API security landscape in 2024. According to Grolnick, the number of targeted application-level attacks will increase.