Security researchers at Sekoia have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. Since last September, the sinkhole server received over 90,000 requests every day from infected hosts in more than 170 countries. Since September 2023, when the security researchers captured the unique IP address associated with the particular C2, it has logged over 2,495,297 unique IPs from 170 countries interacting with the sinkhole.

In a recent data breach, the BlackCat/ALPHV ransomware gang allegedly stole 6TB of sensitive patient data from UnitedHealth. In early March, BlackCat performed an exit scam after allegedly getting $22 million in ransom from UnitedHealth. At that time, one of the gang's affiliates, known as "Notchy," claimed that they had UnitedHealth data because they conducted the attack and that BlackCat cheated them of the ransom payment. The transaction was visible on the Bitcoin blockchain and confirmed by researchers to have reached a wallet used by BlackCat hackers.

Russia, Ukraine, China, and the US topped the list of countries with the most cybercriminal activity in an academic study on cybercrime, but Nigeria, Romania, and Brazil being among the top-ranked is considered surprising. A high World Cybercrime Index (WCI) score is typical for countries with high technology levels and state-sponsored threat actors that overlap with cybercriminal groups. Nigeria led the scams category, and Romania led data and identity theft.

In a paper, researchers from the Multimedia and Information Security Lab at Drexel University's College of Engineering explained that while existing synthetic image detection technology has failed to detect Artificial Intelligence (AI)-generated video thus far, they have had success with a Machine Learning (ML) algorithm. This algorithm can be trained to extract and recognize digital "fingerprints" of various video generators, such as Stable Video Diffusion, Video-Crafter, and Cog-Video.

Manimaran Govindarasu of Iowa State University emphasized that bringing renewable energy to the power grid raises Internet of Things (IoT) issues because everything is connected. Wind farm controllers and solar inverters are Internet-connected. With each Internet connection, energy resources are vulnerable to cyberattacks that could disrupt power transmission or cause blackouts. A project led by Iowa State University engineers has received a $2.5 million US Department of Energy (DOE) grant to help defend the power industry.

Netcraft warns that compromised email accounts are being used by threat actors to send phishing emails with links to PDF files hosted on Autodesk Drive. Attackers have used compromised email accounts to send phishing emails to existing contacts, even including the victim's signature footer. To add legitimacy, the attackers have included a shortened link to a malicious PDF hosted on Autodesk Drive in the message body, along with the sender's and company's names.

Coalition reports that 56 percent of 2023 claims were for Funds Transfer Fraud (FTF) or Business Email Compromise (BEC), emphasizing the importance of email security in cyber risk management. The 2024 Cyber Claims Report highlights claims data from January 1 to December 31, 2023. The report also identified an increased risk for organizations that use boundary devices such as firewalls and Virtual Private Networks (VPNs). Although these tools can help to reduce cyber risk, using certain boundary devices may increase the likelihood of a cyber claim if they are vulnerable.

Cloud-based pinyin keyboard apps' security vulnerabilities could expose users' keystrokes to malicious actors. Citizen Lab found vulnerabilities in eight of nine apps from Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. Huawei's keyboard app was the only one without security issues. Researchers said the vulnerabilities could expose the contents of users' keystrokes in transit.

ThreatFabric researchers have discovered "Brokewell," an Android banking Trojan capable of capturing every event on the compromised device, including touches, information displayed, text input, and applications launched. The malware is delivered via a fake Google Chrome update that is displayed while browsing. Brokewell malware, which is said to be under active development, provides device takeover and remote control capabilities. This article continues to discuss observations and findings regarding the new Brokewell malware. 

"DragonForce," a new ransomware strain, uses a leaked LockBit builder. The cybercriminal group used a ransomware binary based on a leaked LockBit Black builder, according to Cyble. Cyble reported its findings after examining DragonForce's activity for months. LockBit Black is the third LockBit ransomware version. A disgruntled developer leaked it six months after its March 2022 release. After that, LockBit admins launched LockBit Green, which was later revealed to be a rebranded version of a Conti encryptor.