Vladimir Dunaev, 40 and a Russian national, recently pleaded guilty to his involvement in developing and deploying the TrickBot malware, which was used in cyberattacks against organizations worldwide, including hospitals and schools, causing tens of millions of dollars in losses. TrickBot came to life in 2016 and was used to steal money and information. It acted as an initial access vector for other malware families, including ransomware such as Ryuk and Conti. The operation was taken down by law enforcement in 2022.

The Intelligence Advanced Research Projects Activity (IARPA) wants to provide novel technologies that will help law enforcement and the Intelligence Community (IC) better attribute the sources of malicious cyberattacks. Securing Our Underlying Resources in Cyber Environments (SoURCE CODE) is a program aimed at providing technologies to help forensic experts identify the most likely attackers based on coding styles in both source code and binary executables.

The International Committee of the Red Cross (ICRC) wants to protect its digital infrastructure and that of humanitarian organizations with a digital emblem in response to warfare increasingly spreading into cyberspace. Cyberattacks on critical digital infrastructure cause more than just financial and logistical harm. They can also have disastrous humanitarian consequences in hospitals. ETH Zurich computer scientists collaborated with ICRC to develop a protective emblem that can be easily and affordably integrated into existing digital systems around the world.

The sensitive legal court filings discovered by security researcher Jason Parker to be exposed to the open Internet for anyone to access, include witness lists, mental health evaluations, detailed allegations of abuse, corporate trade secrets, and more. The court records system, which is the technology stack used to submit and store legal filings for criminal trials and civil legal cases, is at the heart of any judiciary.

A team of researchers developed a new system called Speranza to reassure software consumers that the product they are receiving has not been tampered with and is coming directly from a trusted source. Speranza expands on Sigstore, a system introduced last year to improve software supply chain security. According to the researchers, Speranza ensures that software comes from the correct source without needing developers to reveal personal information such as email addresses. This article continues to discuss the purpose and goals of the Speranza system.

New research reveals that a cyber espionage group called XDSpy recently targeted Russian military-industrial organizations. Researchers believe XDSpy is a state-controlled threat actor that has been active since 2011, mainly targeting countries in Eastern Europe and the Balkans. According to the Russian cybersecurity company F.A.C.C.T., in the latest XDSpy campaign, hackers attempted to gain access to the systems of a Russian metallurgical enterprise and a research institute involved in developing and producing guided missile weapons.

AppOms researchers discovered a vulnerability in Zoom Room while participating in the HackerOne live hacking event H1-4420. Zoom Room, a Zoom video conferencing platform feature, aims to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms. The researchers warned that the vulnerability, discovered in June 2023, could allow an attacker to hijack a Zoom Room's service account and access the tenant of the victim's organization. Invisible access to confidential information in Team Chat, Whiteboards, and other Zoom applications is also possible.

The UK's National Cyber Security Centre (NCSC) has warned about the active exploitation of Unitronics Programmable Logic Controllers (PLCs) widely used in the water sector. Following a similar alert from the US Cybersecurity and Infrastructure Security Agency (CISA), the NCSC recommends that organizations follow its advice.

The US government, together with foreign partners, sanctioned alleged members of Kimsuky, the North Korean state-sponsored hacking group suspected of conducting numerous campaigns against entities in the US, South Korea, Russia, Japan, and many European countries. According to the US Department of the Treasury, Kimsuky is a cyber espionage and Advanced Persistent Threat (APT) group associated with the North Korean government, with the goal of stealing intellectual property, cryptocurrency, and other valuable assets to support the government's weapons programs.