Researchers at Trend Micro have discovered that threat actors are using the open source "EDRSilencer" tool to evade Endpoint Detection and Response (EDR) systems. According to the researchers, the software designed for red teaming is being used to "silence" EDR solutions. It involves using the Windows Filtering Platform (WFP), which enables the creation of custom rules for monitoring, blocking, and modifying network traffic. This article continues to discuss the use of the EDRSilencer tool by threat actors.

The Entrust Cybersecurity Institute found that many organizations have not begun post-quantum threat preparations despite the National Institute of Standards and Technology's (NIST) recent publication of post-quantum standards. NIST published its first three finalized post-quantum encryption standards in August, providing usage and implementation guidelines for organizations transitioning to quantum cryptography.

According to Fortinet's recent threat report, cybercriminals, hacktivists, and nation-state actors have threatened to disrupt or take advantage of the US election. The report discusses the threat landscape and adversarial activity that could impact this year's election. Fortinet recognizes that the usual threats come from financially motivated criminals, partisan hacktivists, and politically motivated elite nation-state actors. This article continues to discuss the cyber threats to November's Election Day.

Researchers from the University of Texas at Austin's SPARK Lab have identified "ConfusedPilot," a new cyberattack that targets Retrieval-Augmented Generation (RAG)-based Artificial Intelligence (AI) systems such as Microsoft 365 Copilot. Professor Mohit Tiwari, CEO of Symmetry Systems, led the team that discovered how attackers could manipulate AI-generated responses through the introduction of malicious content into documents referenced by the AI. This method could result in misinformation and flawed decision-making by organizations.

A new malware campaign delivers "Hijack Loader" artifacts signed with legitimate code-signing certificates. Researchers at HarfangLab detected the activity, noting that the attack chains aim to deploy the "Lumma" infostealer. Hijack Loader was discovered in September 2023, with attack chains that trick users into downloading a booby-trapped binary as pirated software or movies.

Intel and AMD have responded to security researchers' discoveries of new attack methods called "TDXDown" and "CounterSEVeillance" that target Trust Domain Extensions (TDX) and Secure Encrypted Virtualization (SEV) technology. The research focused on Intel and AMD Trusted Execution Environments (TEEs), which isolate the protected application or Virtual Machine (VM) from the operating system and other software on the same physical system in order to protect code and data.

North Korean hackers are infecting financial institutions' payment switch systems with a new Linux variant of "FASTCash" to withdraw cash. FASTCash previously targeted Windows and IBM AIX (Unix) systems, but security researcher "HaxRob" found a Linux variant that targets Ubuntu 22.04 LTS distributions.

Shawn Merdinger, a cybersecurity researcher, found that many organizations whose door access controllers he analyzed failed to protect them from hacker attacks. He showed how S2 Security door access controllers used by schools, hospitals, and other organizations could have been remotely hacked in 2010. Years later, he started a cybersecurity research project to show that physical access control vulnerabilities still affect many organizations.

The Volkswagen Group has recently made a public statement after a known ransomware group claimed to have stolen valuable information from the carmaker's systems.  The spokesperson says that this incident is known but added that the IT infrastructure of the Volkswagen Group is not affected.  The Volkswagen Group owns car brands such as Volkswagen, Skoda, Seat, Audi, Lamborghini, Porsche, Cupra, and Bentley. The company has not shared any other information on the cyberattack.

Code hosting platform GitHub has recently released patches for a critical severity vulnerability in the GitHub Enterprise Server that could lead to unauthorized access to affected instances.  The vulnerability is tracked as CVE-2024-9487 (CVSS score of 9.5), and was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.