Security News > 2024 > February

Drawing parallels from the stealthy and offensive nature of hunter-killer submarines, these malware strains evade security measures with precision and proactively seek out and impair security tools, firewalls, logging services, audit systems, and other protective measures within an infected system. These sophisticated malware execute comprehensive attack campaigns by blending covert operations with aggressive assaults on security controls - posing a high-level challenge to organizational cyber defense efforts.

North Korea's latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea's National Intelligence Service. For an extra $3,000 per month North Korea throws in tech support.

Shipments of AI PCs - personal computers with specific system-on-a-chip capabilities designed to run generative AI tasks locally - are expected to grow from nearly 50 million units in 2024 to more than 167 million in 2027, according to IDC. Shipments of AI PCs. By the end of the forecast, IDC expects AI PCs will represent nearly 60% of all PC shipments worldwide. "As we enter a new year, the hype around generative AI has reached a fever pitch, and the PC industry is running fast to capitalize on the expected benefits of bringing AI capabilities down from the cloud to the client," said Tom Mainelli, group VP, Devices and Consumer Research.

OpenAI has shut down five accounts it asserts were used by government agents to generate phishing emails and malicious software scripts as well as research ways to evade malware detection. "We disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard," the OpenAI team wrote.

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "Confidential" documents if a ransom is not paid. Fulton County has a population of a little over one million and it is the largest county in Georgia and the home of the state capital, Atlanta.

The Chinese government's Volt Typhoon spy team has apparently already compromised a large US city's emergency services network and has been spotted snooping around America's telecommunications' providers as well. On the other hand, you may expect China by now to be all over US infrastructure just as much as Uncle Sam's NSA and CIA is probably all over Chinese networks.

The International Information System Security Certification Consortium and IBM teamed up on February 12 to launch the IBM and ISC2 Cybersecurity Specialist Professional Certificate, which can be earned through a free, four-month, beginner-level training course. IBM chose ISC2 to develop the certification program, which prepares potential cybersecurity professionals for a career in a cybersecurity specialist role.

The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.Zoom is a popular cloud-based video conferencing service for corporate meetings, educational lessons, social interactions/gatherings, and more.

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.