Researchers at Ben-Gurion University's Offensive AI Research Lab have presented an attack that can decipher AI assistant responses. The technique involves a side-channel found in all major Artificial Intelligence (AI) assistants except Google Gemini. It refines the fairly raw results through Large Language Models (LLMs) trained specifically for the task.

Continued advancements in quantum computer development and performance will make it possible to crack current encryption processes. In an effort to address this challenge, researchers at the Technical University of Munich (TUM) are working to develop encryption methods that use physical laws to prevent message interception. Satellites will be launched as part of the QUICK³ space mission to protect communications over long distances. This article continues to discuss the effort to address the challenge regarding the transmission of data over long distances in quantum cryptography.

A threat actor called "Blind Eagle," also known as APT-C-36, has been observed using a loader malware named "Ande Loader" to deliver Remote Access Trojans (RATs) such as Remcos RAT and NjRAT. According to eSentire, the attacks, launched through phishing emails, targeted Spanish-speaking users in the North American manufacturing industry. Blind Eagle is a financially motivated threat actor who has previously executed cyberattacks against entities in Colombia and Ecuador to deliver AsyncRAT, BitRAT, Lime RAT, NjRAT, Remcos RAT, and more.

According to a new public opinion poll conducted by MITRE and The Harris Poll, the US public believes cyberattacks to be of the greatest risk to critical infrastructure. Seventy-eight percent are concerned about cyberattacks, and 51 percent are not confident that the US is prepared to recover from an attack.

According to security researchers at Palo Alto's Unit 42 threat intelligence group, advanced attackers are increasingly seeking speed. The researchers analyzed hackers' preferred strategies for infiltrating organizations, exfiltrating data, crypto-locking systems with ransomware, and more in 2023. Wendi Whitmore, senior vice president at Unit 42, cautioned that the time between initial compromise and data exfiltration is shrinking. She goes on to say that attackers are sometimes beginning to exfiltrate data in hours rather than days, calling on defenders speed up their operations.

According to the US Department of Justice (DOJ), a Moldovan national has been sentenced to 42 months in US federal prison for running a set of websites selling access to compromised computers worldwide. He was the administrator for the E-Root Marketplace, which listed over 350,000 compromised credentials for sale. E-Root operated on a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers.

A Red Canary report tracked the MITRE ATT&CK techniques adversaries used the most throughout 2023, finding that two new and notable entries jumped to the top ten: email forwarding rules and cloud accounts. Cloud account compromises are becoming more common as organizations adopt Software-as-a-Service (SaaS) for critical productivity applications such as email, file storage, and messaging, resulting in a large volume of data being stored in the cloud. Adversaries see just as much value in compromising cloud identities as they do in traditional endpoints.

The Federal Communications Commission (FCC) voted to establish a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and other consumer-facing products that require an Internet connection. The vote is a component of the Biden administration's effort to place labels on smart devices to help consumers shop for products less vulnerable to cyberattacks. Smart products covered by the rule that meet specific cybersecurity standards will have a label similar to the ENERGY STAR label.