A new version of the multi-platform malware called SysJoker has been discovered, complete with a code rewrite in the Rust programming language. SysJoker is a stealthy Windows, Linux, and macOS malware that was first documented and analyzed by Intezer in early 2022. The company found and examined C++ versions at the time. The backdoor had in-memory payload loading, many persistence mechanisms, Living off the land (LOTL) commands, and a complete lack of detection on VirusTotal for all of its OS variants. This article continues to discuss the new version of the SysJoker malware.  

Title insurance giant Fidelity National Financial (FNF) is experiencing service disruptions after it has taken down multiple systems to contain a cyberattack.  The incident was first detected right before Thanksgiving and has impacted “title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries.”  According to the company, its F&G Annuities & Life subsidiary, which provides insurance solutions, was unaffected.

Researchers have discovered a way to compromise three of the most commonly used fingerprint readers in today's PCs. With Microsoft's support, Blackwing Intelligence analysts attempted to circumvent the biometric security provided by a Dell Inspiron 15, a Lenovo ThinkPad T14, and the Microsoft Surface Pro 8/X.

A prolific threat actor was recently spotted on the dark web selling what they claim to be sensitive information stolen from General Electric.  A threat actor, IntelBroker, is selling data stolen from the company on a popular dark web marketplace.  IntelBroker claimed that the data includes a lot of DARPA-related military information, files, SQL files, and documents.  The malicious actor also shared screenshots of some of the data to prove the information was authentic.  IntelBroker has a history of successful high-profile breaches to their name.

The UK National Cyber Security Centre (NCSC) has published Artificial Intelligence (AI) cybersecurity guidelines developed with the help of the US Cybersecurity and Infrastructure Security Agency (CISA), similar agencies, CERTs from around the world, and industry experts. They hope to help developers and providers of AI-powered systems in building AI systems that work as intended, are available when needed, and do not reveal sensitive data to unauthorized parties.

Decentralized exchange KyberSwap has recently become the latest crypto firm to lose millions to digital thieves.  The company revealed that a cyberattack took place on November 22, resulting in a loss of nearly $55m in users’ funds.  On November 22 at 10:54 PM UTC, attackers exploited KyberSwap Elastic smart contracts using a series of complex actions to conduct exploitative swaps, enabling the withdrawal of users’ funds into the attackers’ wallets.  Around $54.7m of users’ funds were exploited by the attackers.

Car parts giant AutoZone, which has over 7,000 stores across the Americas, has recently informed nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign.  AutoZone revealed that cybercriminals have stolen information, including social security numbers after exploiting a vulnerability in the MOVEit Transfer managed file transfer application.  However, the company is unaware of instances where the exposed information has been used for fraud.

Microsoft has recently launched another bug bounty program, this time with the goal of making its Microsoft Defender-branded products and services more resilient to attack.  The Microsoft Defender Bounty Program will offer ethical hackers between $500 and $20,000 for significant vulnerabilities that have a direct and demonstrable impact on the security of their customers.  Microsoft noted that the largest sum for a novel vulnerability will go to researchers able to find critical remote code execution bugs and deliver a high-quality report.

According to security researchers at Kaspersky, a substantial 26% of cyber incidents in businesses over the last two years are the result of intentional security protocol violations by employees.  This figure closely rivals the 20% attributed to external hacking attempts.  The researchers discovered that intentional policy violations by employees, spanning both IT and non-IT staff, played a significant role in cyber incidents.

Cybersecurity is data-rich, making it an ideal setting for Machine Learning (ML), but many challenges impede ML deployment in cybersecurity systems and organizations. According to researchers from Carnegie Mellon University's Software Engineering Institute (SEI), one significant challenge is that the human-machine relationship is rooted in a lack of explainability. Cybersecurity data science has two directions of explainability: model-to-human and human-to-model.