The International Criminal Court (ICC) has recently revealed that a September cyberattack on its IT systems was a highly targeted espionage attempt, although attribution thus far remains elusive.  The ICC noted that based on the forensic analysis carried out, the court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organizations, and states.  Should evidence be found that specific data entrusted to the court has been compromised, those affected would be contacted immediately and directly by the court.

Polytechnique Montréal has announced a cybersecurity project to prevent insider threats. Through the Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2), experts from Polytechnique Montréal, HEC Montréal, and Université de Montréal will develop a solution for this issue. Every employee, consultant, and third party with access to a company's computer systems represents a potential entry point for a cyberattack or intrusion. Whether malicious, careless, or simply unaware, these users increasingly serve as the entry point for cybercriminals.

Kevin McSheehan, an ethical hacker, took over a Central Intelligence Agency (CIA) Telegram channel used to receive intelligence by exploiting a flaw in how X, formerly Twitter, truncates URLs. He discovered the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile. Shortly after September 27, when the CIA updated its profile, the Telegram link shortened, cutting off part of the full username, which allowed McSheehan to register the new, unregistered handle.

According to FIDO Alliance, consumers want stronger, more user-friendly alternatives to passwords despite their continued widespread use. Manually entering a password without any form of additional authentication was the most commonly used authentication method among the use cases followed, including accessing work computers and accounts (37 percent), streaming services (25 percent), social media (26 percent), and smart home devices (17 percent). Consumers enter a password manually about four times every day or around 1,280 times yearly.

According to researchers, Iran-backed hackers spent eight months inside the systems of a Middle East government, stealing emails and files. Symantec attributed the campaign to a group it calls Crambus, but is also known as APT34, OilRig, or MuddyWater. The intrusion lasted from February to September, and although the researchers did not name the targeted country, Crambus had previously been observed in Saudi Arabia, Israel, the United Arab Emirates, Iraq, Jordan, Lebanon, Kuwait, Qatar, Albania, the US, and Turkey.

ExelaStealer, a new information stealer, has joined the field of off-the-shelf malware designed to steal sensitive data from compromised Windows systems. James Slaughter, a researcher at Fortinet FortiGuard Labs, noted that ExelaStealer is a primarily open-source infostealer that offers paid customizations. It is written in Python and supports JavaScript. The infostealer is equipped to steal passwords, Discord tokens, credit cards, cookies, keystrokes, clipboard content, and more. This article continues to discuss findings regarding the ExelaStealer infostealer.

The analysis of over 1.8 million pages identified as admin portals found that 40,000 of them used "admin" as its password, making it the most common credential used by Information Technology (IT) administrators. Between January and September of 2023, a team of researchers with Outpost24 analyzed passwords and discovered an increased dependence on default passwords. This article continues to discuss the top passwords discovered by the analysis. 

The BlackCat/ALPHV ransomware operation is now applying a new tool named Munchkin, which uses Virtual Machines (VMs) to stealthily launch encryptors on network devices. Munchkin allows BlackCat to execute on remote systems or encrypt Server Message Block (SMB) or Common Internet File (CIFS) network shares. Adding Munchkin to BlackCat's extensive and sophisticated arsenal makes the Ransomware-as-a-Service (RaaS) more appealing to cybercriminals seeking to work with the ransomware.

A new study called the "Hoxhunt Challenge" has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk.  The study was conducted in 38 organizations across nine industries and 125 countries and revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to deliver malicious payloads.  The challenge categorized employee responses into three groups: success, miss, and click/scan.

Security researchers at WithSecure believe that Vietnam-based cybercriminals are behind attacks using DarkGate malware, which have targeted organizations in the UK, US, and India since 2018.  The researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts.  The researchers noted that the DarkGate and Ducktail campaigns have been linked based on observed non-technical indicators.  These include lure files, themes, targeting, and delivery methods.