Following news that Iran-linked attackers had taken control of a Programmable Logic Controller (PLC) at a water system facility in Pennsylvania, a public alert was published by the Cybersecurity and Infrastructure Security Agency (CISA) urging other water authorities to secure their PLCs immediately. The cyber threat actors most likely gained access to the affected device, a Unitronics Vision Series PLC with a Human Machine Interface (HMI), by exploiting cybersecurity vulnerabilities such as poor password security and Internet exposure, according to CISA.

Marco Liberale, a 13-year-old from Saudi Arabia, recently presented on navigating ransomware at the Black Hat Middle East and Africa conference. He taught himself lockpicking at the age of three, Python coding at the age of five, and malware writing shortly after. Liberale's presentation was praised, particularly by researcher and Boom Supersonic CISO Chris Roberts, who pointed out that Liberale demonstrated how to write, build, design, and launch ransomware. He also showed how to protect systems from being taken over by it.

American office supply retailer Staples took down some of its systems on November 27th after a cyberattack to contain the breach's impact and protect customer data.  Staples operates 994 US and Canada stores and 40 fulfillment centers for nationwide product storage and dispatch.  The company noted that the response measures disrupted its business operations, specifically the backend processing and product delivery.

The US Department of the Treasury recently announced sanctions against cryptocurrency mixer Sinbad for laundering stolen cryptocurrency for the North Korean state-sponsored hacking group Lazarus.  Sinbad, the Treasury says, is the preferred mixing service for Lazarus and is responsible for laundering millions of dollars in stolen cryptocurrency for the nation state threat actor.  Sinbad operates on the Bitcoin blockchain, and the mixer obfuscates illicit transactions' origin, destination, and counterparties.

According to researchers at Corvus Insurance, a prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022.  The researchers used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group.  The tool helped the researchers uncover patterns in the group’s online activities, which enabled them to trace a large number of Bitcoin ransoms with a high degree of certainty.  The researchers found that Black Basta has received at least $107m in ransom payments since early 2022 across more than 90 victims.

A major data breach at IT provider Zeroed-In Technologies has impacted nearly two million end users, including thousands of Dollar Tree and Family Dollar employees.  The data breach affected 1,977,486 users on August 7-8, 2023.  Zeroed-In Technologies stated that the investigation determined that an unauthorized actor gained access to certain systems between August 7, 2023, and August 8, 2023.  The company found that the threat actor stole names, dates of birth, and Social Security numbers.

Computer scientists led by Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis, created AntiFake, a tool to protect voice recordings from unauthorized speech synthesis. Recent advancements in generative Artificial Intelligence (AI) have accelerated progress in realistic speech synthesis.

A recent North Korean attack on a Taiwanese company spreads malware to the United States, Canada, Japan and Taiwan. Microsoft discovered that a hacker gang known as Diamond Sleet gained access to a Taiwan software company CyberLink Corporation producers of audio, video, and photo editing software. They added malware to the application installer and managed to get their modified version signed with a CyberLink certificate and hosted on a valid update system. The code checks to see if security software from CrowdStrike, FireEye, or Tanium is present before running the malicious code.

The latest variant of DJVU ransomware, codenamed Xaro, is distributed in the form of cracked software. The DJVU variant appends the .xaro extension to affected files and demands a ransom for a decryptor. It has been observed infecting systems along with other commodity loaders and infostealers. DJVU, which is a variant of the STOP ransomware, typically masquerades as legitimate services or applications. It is also delivered as a SmokeLoader payload. This article continues to discuss the new variant of the DJVU ransomware.

Tenable researchers have released proof-of-concepts (POCs) for now-patched critical security vulnerabilities in Arcserve's Unified Data Protection (UDP) solution. Arcserve UDP is a widely used enterprise data protection, backup, and disaster recovery solution that helps organizations improve resiliency against ransomware attacks. This article continues to discuss the potential exploitation and impact of the vulnerabilities affecting Arcserve UDP.