A cyberattack recently targeted an organization that manages wastewater for nine million people in and around Paris. Water authorities have long been a target for ransomware gangs looking to hit critical services that hold sensitive customer information. For example, in May, an Italian company that provides drinking water to almost half a million people experienced some technical disruptions as a result of a ransomware attack, and a water utility in Porto, Portugal's second-largest city, faced its own ransomware attack in February.

Cybersecurity experts with Lancaster University's Cyber Works program have created a dynamic and informative cybersecurity animation designed to provide farmers with free knowledge about securing their farms in a digital world. Farmers increasingly rely on digital equipment connected to the Internet, whether it is for milking livestock, automated crop irrigation systems, or the storage of commercially sensitive data about production yields.

According to the cybersecurity analyst Adlumin, the Russian-affiliated Play ransomware gang is now offering its services for sale. The group, which is believed to have launched multiple attacks on targets since last year, has joined the growing Ransomware-as-a-Service (RaaS) trend. Cybercriminals are increasingly finding it just as profitable to hire out their toolkits to other threat actors.

The Canadian government recently announced that information pertaining to its employees, military, and police personnel was exposed in a data breach at third-party service providers.  The incident involved Brookfield Global Relocation Services (BGRS) and Sirva Canada, two moving and relocation services firms contracted by the Canadian government to provide relocation support to employees.  The government learned of the data breach on October 19.

The chief operating officer (COO) of a US network security firm has recently pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company.  Securolytics executive Vikas Singla admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia.  The incidents, which took place in September 2018, began when Singla modified the configuration files of GMC Duluth hospital’s ASCOM phone system, rendering over 200 handsets inoperable.

A lure file with the ZPAQ compression format is being used to deliver a new Agent Tesla malware variant to gather data from several email clients and about 40 web browsers. Agent Tesla, which first appeared in 2014, is a keylogger and Remote Access Trojan (RAT) written in .NET that is offered to other threat actors via a Malware-as-a-Service (MaaS) model. According to G Data malware analyst Anna Lvova, ZPAQ is a file compression format with a better compression ratio and journaling function than popular formats such as ZIP and RAR.

Attackers are exploiting a recently patched vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on Linux systems. Apache ActiveMQ is a popular Java-based open-source message broker that facilitates communication between applications and services by translating messages sent via different protocols such as OpenWire, STOMP, MQTT, and more. The vulnerability in the Java OpenWire protocol marshaller could enable attackers to execute arbitrary code with the same privileges as the ActiveMQ server.

The ransomware hunter PCrisk discovered a new Phobos ransomware variant that attempts to frame the popular VX-Underground malware-sharing collective. Phobos emerged in 2018 as a Ransomware-as-a-Service (RaaS) derived from the Crysis ransomware family. A group of threat actors manages the development of the ransomware and holds the master decryption key, while other threat actors serve as affiliates to infiltrate networks and encrypt devices. This article continues to discuss the new Phobos ransomware variant trying to frame the VX-Underground community.

Business and public use of generative Artificial Intelligence (AI) calls for further understanding of generative AI risks and the specific defenses to mitigate those risks. Jailbreaking and prompt injection are two emerging threats to generative AI. Jailbreaking uses specific prompts to trick the AI into producing harmful or misleading results. Similar to SQL injection in databases, prompt injection hides malicious data or instructions within typical prompts, causing the model to produce unintended outputs and resulting in vulnerabilities or reputational risks.

Cloud monitoring, log management, and SIEM tools provider Sumo Logic has recently completed its investigation into a recent security incident and is saying that it has found no evidence of impact to customer data.  The company stated that third-party forensic experts verified these findings, and the investigation of this incident is now complete and closed.  The company has also shared indicators of compromise (IoCs) and instructions on how customers can check their own environments.