The National Security Agency (NSA), the FBI, and co-authoring agencies are warning that Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known JetBrains TeamCity vulnerability to compromise victims.

According to Tenable researchers, Application Programming Interface (API) bugs in the Edulog Parent Portal platform enabled malicious actors to access the names and geolocation data of six million K-12 riders. The vulnerability has since been fixed by Edulog Parent Portal, a service that provides real-time school bus tracking for parents of grade-school students. The flaw allowed anyone who created a free Edulog account to evade school registration safeguards and gain access to information available through the service's Parent Portal API.

According to Ukraine, they have effectively crippled Russia's tax system.  The country's Ministry of Defense said its Defence Intelligence unit (GUR) conducted a "special operation" leading to the compromise of central servers of Russia's Federal Taxation Service (FTS) and over 2300 regional servers.  These extended across Russia and annexed territories in Ukraine, including Crimea.  The GUR noted that both these servers and those belonging to FTS contractor Office.ed-it.ru were reportedly infected with malware that wiped essential configuration files.

Apple recently announced that it’s testing a new security feature that should prevent iPhone thieves from gaining complete control over the victim’s device and online accounts, even if the phone’s passcode has been compromised.  According to the Wall Street Journal, earlier this year, many owners around the United States complained about having significant amounts of money transferred out of their accounts after their phones had been stolen.

Google recently announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers.  Of the externally reported flaws, five have a severity rating of high, four of which are use-after-free issues.  Google said it handed out $50,000 in rewards to the reporting researchers.  Based on the bug bounty reward that was paid out, the most severe of the resolved vulnerabilities is a type confusion bug in the V8 JavaScript engine.

OLVX, a new cybercrime marketplace, has emerged and is quickly growing, with new customers looking to buy tools for online fraud and cyberattacks. OLVX is part of a recent trend in which cybercrime marketplaces are increasingly hosted on the clearnet rather than the dark web, making them more accessible to a wider range of users and more easily promoted through Search Engine Optimization (SEO). Researchers at ZeroFox, who discovered OLVX in early July 2023, have reported a significant increase in activity on the new marketplace in the fall, noting growth in both sellers and buyers.

In one of Google's cloud services for data scientists, lax security controls could allow hackers to create applications, execute operations, and access data in Internet-facing environments. The problem stems from Google Cloud's "Dataproc," a managed service for running large-scale data processing and analytics workloads using Apache Hadoop, Spark, and over 30 other open source tools and frameworks. An "abuse risk" to Dataproc, as described by the Orca Research Pod on December 12, is based on the presence of two default open firewall ports used by Dataproc.

According to a study conducted by researchers at the Georgia Institute of Technology, many popular websites still allow users to choose weak or even single-character passwords. The researchers used an automated account creation method to evaluate more than 20,000 websites across the Tranco top 1M, and the password creation policies users must adhere to. They discovered that 75 percent of websites permit passwords shorter than the recommended eight characters (with 12 percent allowing single-character passwords).

Microsoft has warned that attackers are deploying Virtual Machines (VMs) for cryptocurrency mining and launching phishing attacks using Open Authorization (OAuth) applications as an automation tool. According to a Microsoft Threat Intelligence team analysis, threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can then use to hide malicious activity. Misuse of OAuth also allows threat actors to maintain access to applications even if they lose access to the compromised account.

Purdue University researchers have developed a method for interrogating Large Language Models (LLMs) in a way that almost always breaks their etiquette training. LLMs such as Bard, ChatGPT, and Llama are trained on large datasets that may contain questionable or harmful information. Artificial Intelligence (AI) giants like Google, OpenAI, and Meta try to "align" their models using "guardrails" to prevent chatbots based on these models from generating harmful content.