France and Britain are calling for greater global regulation of commercial surveillance software due to the recent Pegasus and Predator spyware scandals.  In a joint initiative announced at the Peace Forum in the French capital, Paris and London warned against the unregulated development and use of surveillance technology.  It was noted that while the use of such spyware might be legitimate, it only takes “a few lines of code” to allow it to be used with malicious intent.

In October 2023, an Iran-linked group targeted transportation, logistics, and technology sectors in the Middle East, including Israel, as part of an increase in Iranian cyber activity since the start of the Israel-Hamas war. CrowdStrike has attributed the attacks to a threat actor called Imperial Kitten, also known as Crimson Sandstorm, TA456, Tortoiseshell, and Yellow Liderc.

A threat actor has been using Google Ads to distribute a trojanized version of the CPU-Z tool in order to deliver the Redline information-stealing malware. Malwarebytes analysts discovered the new campaign and believe it is part of the same operation that used Notepad++ malvertising to deliver malicious payloads. According to researchers, the malicious Google advertisement for the trojanized CPU-Z is hosted on a cloned copy of the legitimate Windows news site WindowsReport.

Quantum computing is important to the cybersecurity community because a future quantum computer of adequate size and efficiency could crack today's encryption schemes, putting currently protected information and communications at risk. Public-key encryption enables over 4.5 billion Internet users to access 200 million websites and engage in retail e-commerce securely. On the other hand, certain quantum technologies have the potential to improve existing encryption. Therefore, quantum technologies serve as both a sword and a shield in cybersecurity.

The State of Maine is the latest entity to disclose a significant impact from the cyberattack targeting a zero-day in Progress Software’s MOVEit file transfer tool earlier this year.  According to security researchers at Emsisoft, more than 2,500 organizations and over 69 million individuals have been affected by the MOVEit hack.  The state of Main has found that the breach affected 1.3 million Main residents.

Two giants of the banking and legal sectors have recently been breached by suspected ransomware actors.  Allen & Overy is one of the UK's "Magic Circle" law firms.  It is believed that LockBit was behind the ransomware attack on Allen & Overy since they are listed on the gang's leak site.  The company stated that investigations to date have confirmed that data in its core systems, including its email and document management system, has not been affected.

Audio deepfakes have raised concerns among cybersecurity experts as scammers increasingly use voice-related Artificial Intelligence (AI) schemes for various malicious activities. With AI-driven audio generation making it challenging to distinguish between real and fake audio, You "Neil" Zhang of the University of Rochester's Audio Information Research (AIR) Lab is developing new audio deepfake detection systems. Zhang is also working on watermarking techniques for the audio generation process that will help identify the source of deepfakes.

According to researchers at Microsoft Threat Intelligence, the Russia-linked Cl0p ransomware group behind the wave of MOVEit Transfer-related attacks has been exploiting a previously unknown bug in the SysAid Information Technology (IT) support software. SysAid is an international software company based in Israel whose products are used by many organizations worldwide. Its software offers help desk, asset management, remote control, patch management, and other services to support IT operations.

The FBI is warning of ransomware threat actors targeting casino servers and using legitimate system management tools to gain network access. To breach casinos, ransomware gangs continue to rely on third-party gaming vendors. According to the agency, new trends include ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers and companies being victimized through legitimate system management tools to elevate network permissions.

According to Aqua Security researchers, attackers could exploit flaws in the vulnerability disclosure process of open-source projects to gather the information they need to launch attacks before patches are made available. The maintainer is aware of "half-day" vulnerabilities, and information about them is publicly available on GitHub or the National Vulnerability Database, but there is still no official fix.