The US Cybersecurity and Infrastructure Security Agency (CISA) urges manufacturers to eliminate default passwords on Internet-connected systems, citing serious risks that malicious actors could exploit to gain initial access to and move laterally within organizations. In a recent alert, the agency said Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) have gained access to critical infrastructure systems in the US by exploiting Operational Technology (OT) devices with default passwords.

Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers who have, or previously had, mortgages with the company.  Mr. Cooper is a Dallas-based mortgage lending firm that employs approximately 9,000 people and has millions of customers.  The lender is one of the largest servicers in the United States, servicing loans of $937 billion.  In early November 2023, the company announced that it had been breached in a cyberattack on October 30, 2023, which it discovered the following day.

According to the Dutch public news organization NOS, together with security researcher Benjamin Broersma, some of the private data belonging to KLM and Air France passengers was easy to obtain. Hyperlinks to flight information were not long or varied enough, enabling large-scale data collection from other customers. NOS and Broersma tested whether private data could be obtained by modifying a hyperlink sent by KLM via text message. Anyone who wanted to receive flight information from KLM via text message was given a six-character link.

InfectedSlurs, a Mirai-based botnet, was discovered targeting QNAP VioStor Network Video Recorder (NVR) devices. Akamai released a warning in November about a new Mirai-based Distributed Denial-of-Service (DDoS) botnet called InfectedSlurs, which was actively exploiting two zero-day vulnerabilities to infect routers and NVR devices. The botnet was discovered in October 2023, but the researchers believe it has been active since at least 2022. The experts notified the vendors of the two vulnerabilities, but they plan to release fixes in December 2023.

VF Corporation, a company that owns and operates some of the biggest apparel and footwear brands, has recently been hit by a ransomware attack that included the theft of sensitive corporate and personal data.  VF Corp said the hackers disrupted business operations, including its ability to fulfill e-commerce orders, and hijacked data from the company, including personal data.  The company did not provide additional details on the stolen data or whether third-party customer data was exposed.

According to researchers at Check Point, the Rhadamanthys malware's developers recently released two major versions with multiple improvements, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ information stealer that appeared in August 2022. It targets email, FTP, and online banking account credentials. Since the stealer is sold to cybercriminals through a subscription model, it is distributed to targets via various channels, such as malvertising, infected torrent downloads, emails, YouTube videos, and more.

A new QakBot phishing campaign has emerged months after the takedown of the QakBot botnet in the international law enforcement operation dubbed "Operation Duck Hunt." QakBot, also known as QBot, QuackBot, and Pinkslipbot, was one of the most widely used malware loaders in 2023 until an FBI-led takedown in August brought the operation to a halt and freed 700,000 compromised machines from the botnet. Microsoft's Threat Intelligence team discovered a new QakBot phishing campaign that began on December 11, was low in volume, and targeted the hospitality industry.

MongoDB, the database management company, has been breached, with attackers gaining access to some of its corporate systems as well as customer data and metadata. On Wednesday, December 13, 2023, the company detected suspicious activity and immediately activated its incident response process. According to the company, this unauthorized access had been going on for some time before it was discovered. The attackers gained access to corporate systems that contained customer names, phone numbers, email addresses, and other customer account metadata, along with system logs for one customer.

The National Institute of Standards and Technology (NIST) recently released new draft guidance to clarify how organizations can use differential privacy as part of their security infrastructure. Differential privacy is a mathematical algorithm used to quantify how much privacy risk is posed to individuals from a given dataset. According to NIST's guidance, differential privacy can be applied to evaluate an organization's digital privacy posture using a framework that identifies existing factors to potential data security breaches.

On Monday, nearly 70% of Iran’s gas stations went out of service because of a possible cyberattack.  An Iranian news report claimed that a “software problem” caused the irregularity in the gas stations.  It urged people not to rush to the stations that were still operational.  Israeli media, including the Times of Israel, blamed the problem on a cyberattack by a hacker group dubbed “Gonjeshke Darande,” or predatory sparrow.  The Oil Ministry in Iran said more than 30% of gas stations remain in service.  The country has some 33,000 gas stations.