In one of Google's cloud services for data scientists, lax security controls could allow hackers to create applications, execute operations, and access data in Internet-facing environments. The problem stems from Google Cloud's "Dataproc," a managed service for running large-scale data processing and analytics workloads using Apache Hadoop, Spark, and over 30 other open source tools and frameworks. An "abuse risk" to Dataproc, as described by the Orca Research Pod on December 12, is based on the presence of two default open firewall ports used by Dataproc.

According to a study conducted by researchers at the Georgia Institute of Technology, many popular websites still allow users to choose weak or even single-character passwords. The researchers used an automated account creation method to evaluate more than 20,000 websites across the Tranco top 1M, and the password creation policies users must adhere to. They discovered that 75 percent of websites permit passwords shorter than the recommended eight characters (with 12 percent allowing single-character passwords).

Microsoft has warned that attackers are deploying Virtual Machines (VMs) for cryptocurrency mining and launching phishing attacks using Open Authorization (OAuth) applications as an automation tool. According to a Microsoft Threat Intelligence team analysis, threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can then use to hide malicious activity. Misuse of OAuth also allows threat actors to maintain access to applications even if they lose access to the compromised account.

Purdue University researchers have developed a method for interrogating Large Language Models (LLMs) in a way that almost always breaks their etiquette training. LLMs such as Bard, ChatGPT, and Llama are trained on large datasets that may contain questionable or harmful information. Artificial Intelligence (AI) giants like Google, OpenAI, and Meta try to "align" their models using "guardrails" to prevent chatbots based on these models from generating harmful content.

Debashis Chanda, a University of Central Florida (UCF) researcher, has developed a new method for detecting photons, which are elementary particles spanning from visible light to radio frequencies and are used in cellular communication. The development could lead to increasingly precise and efficient technologies in different fields, possibly strengthening security measures. Traditionally, photon detection has relied on changes/modulation of voltage or current amplitude.

The ransomware group named Rhysida has targeted Insomniac Games, the American game developer behind Spider-Man, Spyro the Dragon, and other popular video games. Rhysida says it stole "exclusive, unique, and impressive data" from Insomniac Games, but no details about the amount or contents have been provided. However, the gang's low-quality screenshots include some sensitive internal emails, copies of passports, images of game assets, and more. The gang is selling the allegedly stolen data for $2 million in digital currency.

Contractors present a significant Identity and Access Management (IAM) vulnerability. Although these third parties are necessary for business operations, they still pose a threat. As suggested by discussions with security leaders, contractors are often left unaccounted for in security strategies. Outsourcing to contractors has become a critical component of business growth, from offshore customer support to software development.

The National Science Foundation (NSF) has awarded the University of Texas at San Antonio (UTSA) a two-year grant to establish the National DigiFoundry (NDF). This consortium could redefine the management of digital assets such as cryptocurrencies. Current digital asset management systems present a number of cybersecurity challenges. They are vulnerable to decentralized notification attacks, multi-call transaction audits, and more. The NDF is building a robust framework capable of adapting to the fast-paced digital asset market.

Security researchers at Wordfence are warning users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked.  The researchers revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553).  The impacted plugin, Backup Migration, is said to have an estimated 90,000 installs.  The researchers noted that unauthenticated threat actors could exploit the bug to inject arbitrary PHP code, resulting in a full site compromise.

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Managing Risk from Software Defined Networking Controllers." The CSI makes recommendations to help National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators mitigate the risks related to software driven network management solutions such as Software Defined Networking Controllers (SDNCs). SDNCs enable organizations to configure networking and security policies, as well as control application access, from a centralized location.