French authorities recently arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments.  The suspect was apprehended after the French Anti-Cybercrime Office (OFAC) linked him to digital wallets that received millions of U.S. dollars from suspicious sources based on his activity on social networks.  French authorities also seized €570,000 worth of cryptocurrency assets when they detained the 40-year-old suspect and Cyprus resident on December 5.  

Researchers at the University of Wisconsin-Milwaukee's Lubar College of Business have been exploring phishing website attacks and how to reduce them. According to the research team, while most browsers include phishing detection tools to warn users about phishing website attacks, many people are unaware of such tools. Many people do not trust a warning and become victims of their own security behaviors. However, the researchers say users cannot be blamed for such actions as they rarely interact and form a relationship with detection tools quietly running in the background.

The K-12 education sector has become increasingly vulnerable to cyberattacks. These attacks have resulted in the compromise of students' personal information, the exposure of school security information, class disruptions, school closures, and the loss of financial resources. The Cybersecurity and Infrastructure Security Agency (CISA) has reported that 11 education technology vendors have committed to Secure by Design, which involves designing products with more security built-in.

Software maker Adobe recently rolled out fixes for code execution flaws in the enterprise-facing Illustrator, Substance 3D Sampler, and After Effects products.  Adobe documented at least 207 security vulnerabilities and warned users on both Windows and macOS systems of risk of code execution, memory leaks, and denial-of-service attacks.  The Adobe Substance 3D Sampler update addresses at least six vulnerabilities that could lead to arbitrary code execution in the context of the current user.

The National Security Agency (NSA), the FBI, and co-authoring agencies are warning that Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known JetBrains TeamCity vulnerability to compromise victims.

According to Tenable researchers, Application Programming Interface (API) bugs in the Edulog Parent Portal platform enabled malicious actors to access the names and geolocation data of six million K-12 riders. The vulnerability has since been fixed by Edulog Parent Portal, a service that provides real-time school bus tracking for parents of grade-school students. The flaw allowed anyone who created a free Edulog account to evade school registration safeguards and gain access to information available through the service's Parent Portal API.

According to Ukraine, they have effectively crippled Russia's tax system.  The country's Ministry of Defense said its Defence Intelligence unit (GUR) conducted a "special operation" leading to the compromise of central servers of Russia's Federal Taxation Service (FTS) and over 2300 regional servers.  These extended across Russia and annexed territories in Ukraine, including Crimea.  The GUR noted that both these servers and those belonging to FTS contractor Office.ed-it.ru were reportedly infected with malware that wiped essential configuration files.

Apple recently announced that it’s testing a new security feature that should prevent iPhone thieves from gaining complete control over the victim’s device and online accounts, even if the phone’s passcode has been compromised.  According to the Wall Street Journal, earlier this year, many owners around the United States complained about having significant amounts of money transferred out of their accounts after their phones had been stolen.