Researchers at Palo Alto Networks' Unit 42 developed a Machine Learning (ML) model that feeds on "crumbs of information" left by malicious actors and detects tens of thousands of malicious domains each week before they are used for illegal activities. Malicious actors often register many domain names in bulk to ensure redundancy and uptime for phishing campaigns, malware distribution, adversarial Search Engine Optimization (SEO), or other illegal content. Domains are held in reserve until they are needed for specific campaigns.

A novel way to exploit a decades-old protocol that has been used to send emails allows attackers to bypass Domain-based Message Authentication, Reporting, and Conformance (DMARC) and other email security mechanisms, putting organizations and individuals at risk for targeted phishing attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) will launch a strategic effort to modernize its approach to enterprise cyber threat information-sharing in 2024. This effort will propel three key areas of progress: simplification, partner-centered design, and experience-based learning. CISA, for example, will refocus and consolidate its customer-facing cyber threat intelligence offerings under a new initiative called Threat Intelligence Enterprise Services (TIES) to simplify things.

The US Cybersecurity and Infrastructure Security Agency (CISA) urges manufacturers to eliminate default passwords on Internet-connected systems, citing serious risks that malicious actors could exploit to gain initial access to and move laterally within organizations. In a recent alert, the agency said Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) have gained access to critical infrastructure systems in the US by exploiting Operational Technology (OT) devices with default passwords.

Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers who have, or previously had, mortgages with the company.  Mr. Cooper is a Dallas-based mortgage lending firm that employs approximately 9,000 people and has millions of customers.  The lender is one of the largest servicers in the United States, servicing loans of $937 billion.  In early November 2023, the company announced that it had been breached in a cyberattack on October 30, 2023, which it discovered the following day.

According to the Dutch public news organization NOS, together with security researcher Benjamin Broersma, some of the private data belonging to KLM and Air France passengers was easy to obtain. Hyperlinks to flight information were not long or varied enough, enabling large-scale data collection from other customers. NOS and Broersma tested whether private data could be obtained by modifying a hyperlink sent by KLM via text message. Anyone who wanted to receive flight information from KLM via text message was given a six-character link.

InfectedSlurs, a Mirai-based botnet, was discovered targeting QNAP VioStor Network Video Recorder (NVR) devices. Akamai released a warning in November about a new Mirai-based Distributed Denial-of-Service (DDoS) botnet called InfectedSlurs, which was actively exploiting two zero-day vulnerabilities to infect routers and NVR devices. The botnet was discovered in October 2023, but the researchers believe it has been active since at least 2022. The experts notified the vendors of the two vulnerabilities, but they plan to release fixes in December 2023.

VF Corporation, a company that owns and operates some of the biggest apparel and footwear brands, has recently been hit by a ransomware attack that included the theft of sensitive corporate and personal data.  VF Corp said the hackers disrupted business operations, including its ability to fulfill e-commerce orders, and hijacked data from the company, including personal data.  The company did not provide additional details on the stolen data or whether third-party customer data was exposed.

According to researchers at Check Point, the Rhadamanthys malware's developers recently released two major versions with multiple improvements, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ information stealer that appeared in August 2022. It targets email, FTP, and online banking account credentials. Since the stealer is sold to cybercriminals through a subscription model, it is distributed to targets via various channels, such as malvertising, infected torrent downloads, emails, YouTube videos, and more.

A new QakBot phishing campaign has emerged months after the takedown of the QakBot botnet in the international law enforcement operation dubbed "Operation Duck Hunt." QakBot, also known as QBot, QuackBot, and Pinkslipbot, was one of the most widely used malware loaders in 2023 until an FBI-led takedown in August brought the operation to a halt and freed 700,000 compromised machines from the botnet. Microsoft's Threat Intelligence team discovered a new QakBot phishing campaign that began on December 11, was low in volume, and targeted the hospitality industry.