Mint Mobile has recently disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.  Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans.  On December 22nd, the company began notifying customers via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.

Security researchers at Scam Sniffer have discovered a new series of "crypto drainer" malware attacks that have stolen $59m from victims so far after luring them to phishing pages via Google and X ads.  The researchers defined a crypto drainer as a type of malware that tricks the user into approving a transaction, which then automatically drains their cryptocurrency wallets.  The researchers revealed that one particular version, MS Drainer, was behind the new spate of attacks.

Security researchers at ReasonLabs have discovered that three malicious Chrome extensions posing as VPNs were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.  The researchers noted that the malicious extensions are spread via an installer hidden in pirated copies of popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4, which are distributed from torrent sites.  The researchers notified Google of its findings, and the tech giant removed the offending extensions from the Chrome Web Store.

According to security researchers at Corvus Insurance, ransomware groups seemed to return with a vengeance in November after a quieter month in October, with the highest number of listed victims ever recorded.  The researchers observed 484 new ransomware victims posted to leak sites in November.  This represents a 39.08% increase from October and a 110.43% increase compared with November 2022.  The researchers noted that this is the eleventh month in a row with a year-on-year increase in ransomware victims and the ninth in a row with victim counts above 300.

The National Cybersecurity Center of Excellence (NCCoE) has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data," which delves into current genomic data security practices, challenges, and proposed solutions identified by genomic data stakeholders from industry, government, and academia. The growth of the US bioeconomy has been fueled by genomic data, including DNA sequences, variants, and gene activity. The value of this information has sparked cybersecurity and privacy concerns.

Sauvik Das, assistant professor at Carnegie Mellon's Human-Computer Interaction Institute, and fellow researchers have explored how to disable smart speakers' microphones and provide users with perceptible assurance that they are not being recorded. Many users know that their smart speakers have built-in microphones, but they are unsure when the speakers are recording data and what data is eventually transmitted and processed. Smart speaker manufacturers are commonly companies that gain significant benefits from collecting users' personal data, but there are privacy risks.

Critical vulnerabilities in the Secure Shell (SSH) protocol have been discovered by a team of researchers at Ruhr University Bochum. They discovered that certain security-related parts of the standard are broken, allowing attackers to delete data from the secure connection. SSH is mainly used where servers are managed remotely. This protocol is supported by more than 15 million servers on the Internet. SSH is also implemented in network devices such as routers. SSH attacks can be dangerous because, in the worst-case scenario, attackers can gain complete control of the server.

Internet of Things (IoT) devices process highly sensitive data, thus making it essential to keep them up-to-date to eliminate vulnerabilities and improve cybersecurity, especially as hacker attacks, data misuse, and industrial espionage grow. A new study conducted by researchers at the Fraunhofer Institute for Systems and Innovation Research ISI analyzed data from 52 billion devices, their geographical location, and whether or not their installed firmware is updated. The researchers also looked at the impact of the European General Data Protection Regulation (GDPR).

Smishing is a phishing scheme that uses SMS to your phone. Like traditional phishing scams, hackers are trying to trick you into giving up your personal information via a text—that looks very much like a regular communication from your bank or a business you’ve ordered from before. The SMS text might alert you to with a problem with your account or offer you a free gift. In 2022, Americans were scammed for over $330 millions via smishing. With so many validations coming to our phones, we are used to responding to them. But it’s important to really look to what is being asked for.

According to the threat intelligence platform FalconFeedsio, a newly emerged Iranian cyber gang called "Cyber Toufan" has allegedly leaked data from 49 Israeli companies. Researchers believe many incidents were caused by a breach faced by one hosting company. Since its appearance on November 16, 2023, Cyber Toufan says it compromised high-profile organizations, including the Israel Innovation Authority, Toyota Israel, the Ministry of Welfare and Social Security, Ikea Israel, the cybersecurity and geo-intelligence company Max Security, and more.