According to Check Point researchers, the Russia-linked cyber espionage group Gamaredon has been spreading a worm called LitterDrifter through USB attacks against Ukraine. Gamaredon, also known as Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa, has been active since 2014, with most of its activity focused on Ukraine. The Gamaredon Advanced Persistent Threat (APT) group continues targeting entities in Ukraine, including security services, military, and government organizations.

The LummaC2 stealer malware, also known as Lumma Stealer, now includes a new anti-sandbox technique that uses the mathematical principle of trigonometry to avoid detection and exfiltrate valuable data from infected hosts. The method is supposed to "delay detonation of the sample until human mouse activity is detected," according to Outpost24 security researcher Alberto Marn. LummaC2, which is written in the C programming language, has been sold in underground forums since December 2022.

Cybersecurity researchers at Abnormal Security have uncovered a charity attack exploiting the ongoing events in Gaza and Israel.  The researchers noted that cybercriminals targeted 212 individuals across 88 organizations, attempting to manipulate sympathy for children in Palestine to solicit fraudulent donations.  The attackers, posing as a group from “help-palestine.com,” urged recipients to contribute to a campaign supposedly providing vital support to families in Palestine.

A months-long review of non-public data gathered by investigative journalists at Reuters has confirmed previous reports linking an Indian hack-for-hire group to numerous and sometimes disruptive cyber espionage and surveillance incidents against individuals and entities around the world. The New Delhi-based group known as Appin does not exist anymore, at least in its original form or branding. The group's operatives hacked into computers belonging to business executives, politicians, military officials, and other high-value individuals for several years, starting around 2009.

According to Zscaler, despite significant security concerns, organizations feel pressured to use generative Artificial Intelligence (AI) tools. Based on a survey of over 900 global Information Technology (IT) decision makers, while 89 percent of organizations view generative AI tools such as ChatGPT as a potential security risk, 95 percent already use them in some form within their businesses.

Employees' personal information was recently stolen in a ransomware attack targeting a Philippines subsidiary of Yamaha Motor.  The incident, the Japanese mobility and industrial giant says, occurred on October 25 and only impacted one server managed by Yamaha Motor Philippines, the company's motorcycle manufacturing and sales subsidiary in the country.  The company noted that the server was accessed without authorization by a third party and hit by a ransomware attack.

A team of researchers demonstrated that under certain conditions, passive network attackers can recover secret RSA keys from naturally occurring errors resulting in failed SSH connection attempts. SSH is a cryptographic network protocol for secure communication used in remote system access, file transfers, and system administration tasks. RSA is a public-key cryptosystem used in SSH for user authentication, and it involves a private, secret key to decrypt communication encrypted with a public, shareable key.

Mingfang Jiang of the School of Computer Science at the Hunan First Normal University in Changsha, China, has introduced a new algorithm that can improve covert communication without compromising data integrity. The innovative algorithm called RDHEIAC (Reversible Data Hiding for Encrypted Images Algorithm with Adaptive Total Variation and Cross-Cyclic Shift) represents a significant advancement in information security and covert communication.

NASA is leading a project through the University of Miami's Frost Institute for Data Science and Computing (IDSC) that seeks to improve the security of satellite communication in space. The project aims to integrate nanosatellites with traditional large satellites as well as address the cybersecurity challenges associated with their communication networks. NASA approached Dr. Yelena Yesha, the Knight Foundation Endowed Chair and Director of IDSC AI and Machine Learning at the University of Miami, to address the critical issue of cybersecurity in satellite communication.

For nearly six months, an unknown threat actor has been publishing typosquat packages to the Python Package Index (PyPI) repository to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets. According to Checkmarx, the 27 packages, which posed as popular legitimate Python libraries, were downloaded thousands of times. Most downloads came from the US, China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the UK, and Japan.