According to security researchers at Sophos, cybercriminals have been observed disabling or wiping out logs in 82% of incidents.  The researchers stated that time is critical when responding to an active threat.  The time between spotting the initial access event and full threat mitigation should be as short as possible.  The researchers noted that the farther along in the attack chain an attacker makes it, the bigger the headache for responders.  The researchers added that missing telemetry only adds time to remediations that most organizations can’t afford.

AMD developed Secure Encrypted Virtualization (SEV) to make its cloud services more secure, but even the latest versions of the security feature, SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging), were vulnerable to a software-based attack. This discovery was made by CISPA researcher Ruiyi Zhang, who devised a type of attack called CacheWarp, which, in the worst-case scenario, allows attackers to gain in-depth access to data and even manipulate it. This was not possible with previous attack techniques. According to AMD, the vulnerability has been addressed with an update.

Non-profit cybersecurity center for critical sectors SektorCERT recently revealed that hackers compromised 22 energy organizations in a coordinated attack against Denmark’s critical infrastructure.  SektorCERT noted that as part of the attack in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date.  SektorCERT stated that Denmark is constantly under attack,  but it is unusual that one sees so many concurrent, successful attacks against the critical infrastructure.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first Roadmap for Artificial Intelligence (AI), adding to the Department of Homeland Security (DHS) and broader whole-of-government initiative to ensure the secure development and implementation of AI capabilities. CISA's Roadmap for AI outlines different lines of effort, which include responsibly using AI to support the agency's mission, assessing AI systems, protecting critical infrastructure from malicious AI use, and more.

TA402, also known as Molerats and Frankenstein, a pro-Palestinian cyber espionage group focused on compromising government targets in the Middle East, is using a sophisticated initial access downloader. According to Proofpoint researchers, TA402, which has been active for over a decade, is now using a new tool called IronWind. The group used it in three campaigns targeting systems within government agencies throughout the Middle East and Northern Africa.

The US Cybersecurity and Infrastructure Security Agency (CISA) requires US federal agencies to patch five vulnerabilities exploited by attackers to compromise Juniper networking devices. Most of these vulnerabilities are not particularly dangerous on their own, but they can and have been chained together by attackers to enable Remote Code Execution (RCE) on Internet-facing devices. Juniper Networks patched four flaws impacting the J-Web Graphical User Interface (GUI) of Junos OS-powered devices in late August 2023, and advised customers to update their SRX firewalls and EX switches.