For individuals

CyberScoop reports that federal IT contractor CGI Federal revealed that the breach of its systems that resulted in the compromise of data from nearly 6,600 current and former employees at the Government and Accountability Office stemmed from the exploitation of a vulnerability affecting some Atlassian Confluence Data Center and Server versions.

The U.S. Department of Defense has begun informing current and former employees, partners, and job applicants regarding the potential exposure of their personally identifiable information stemming from a service provider's inadvertent leak of several emails between Feb. 3 and Feb. 20, 2023, reports DefenseScoop.

Ransomware operation ALPHV/BlackCat has admitted to compromising major Canadian oil and gas pipeline operator Trans-Northern Pipelines in an attack that it claims resulted in the exfiltration of 190GB of data, according to The Register.

Widespread attacks spreading the Glupteba malware in November involved the integration of a newly discovered EfiGuard Unified Extensible Firmware Interface bootkit that has provided the botnet with self-concealment and increased stealth through the deactivation of Driver Signature Enforcement and PatchGuard, The Hacker News reports.

BleepingComputer reports that attacks exploiting a new Windows Defender zero-day flaw, tracked as CVE-2024-21412, have been conducted by the Water Hydra threat operation, also known as DarkCasino, against foreign exchange traders on New Year's Eve to facilitate the distribution of the DarkMe remote access trojan.

Chinese state-backed threat operation Volt Typhoon, also known as Voltzite, has been moving to cause a significant disruption in the U.S. as evidenced by its extensive targeting of the country's critical infrastructure organizations, reports CyberScoop.

Thousands of organizations across the U.S. have been targeted by a new phishing campaign deploying the Bumblebee malware, which was last observed in the wild in September, according to BleepingComputer.

The finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort.

Nine new LLM-based tactics were used by Russia, Noth Korea, Iran and China-sponsored threat groups.

Threat actors first infected the Hipocrate Information System with a variant of the Phobos ransomware family — and then it spread across the nation's healthcare organizations.