Earlier this year, security researcher Daniel Milisic discovered that an inexpensive Android TV streaming box called the T95 came infected with malware, and multiple other researchers confirmed his findings. The cybersecurity company Human Security has recently revealed new information regarding the scope of infected devices as well as the hidden, interconnected fraud schemes linked to streaming boxes. Researchers at Human Security discovered seven Android TV boxes and one tablet with the backdoors installed.

Business software maker Atlassian recently called immediate attention to a major security defect in its Confluence Data Center and Server products and warned that the issue has already been exploited as zero-day in the wild.  Atlassian confirmed that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in Confluence Data Center and Server instances.  The vulnerability tracked as CVE-2023-22515 is described as a remotely exploitable privilege escalation issue affecting on-prem instances of Confluence Server and Confluence Data Center.

According to Menlo Security researchers, threat actors have used an open redirection vulnerability contained by the Indeed job search platform to carry out phishing attacks. The phishing attacks targeted senior executives in banking, finance, insurance, real estate, manufacturing, and other industries. The campaign was observed between July and August, with threat actors using the phishing kit known as EvilProxy. EvilProxy actors use Reverse Proxy and Cookie Injection to circumvent two-factor authentication (2FA).

According to a new report by NCC Group that examines various Artificial Intelligence (AI) cybersecurity use cases, generative AI, particularly ChatGPT, should not be considered a reliable resource for detecting vulnerabilities in developed code without human expert oversight. However, Machine Learning (ML) models show significant promise for helping detect zero-day attacks.

US chip giant Qualcomm recently announced patches for over two dozen product vulnerabilities, including three zero-days reported by Google cybersecurity units.  Qualcomm learned from Google's Threat Analysis Group and Google Project Zero that flaws tracked as CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, and CVE-2022-22071 "may be under limited, targeted exploitation." No information has been shared on the attacks exploiting these vulnerabilities, but the fact that they were reported by Google suggests that they may have been exploited by commercial spyware vendors.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a Cybersecurity Technical Report (CTR) titled "Developer and Vendor Challenges to Identity and Access Management" to provide multi-factor authentication (MFA) and single sign-on (SSO) technology developers and vendors with actionable recommendations to address major challenges with their products.

The discovery of a new deceptive package hidden within the npm package registry that deploys the open-source rootkit r77 marks the first time a malicious package has provided rootkit functionality. The package is node-hide-console-windows, and it imitates the legitimate npm package node-hide-console-window as part of a typosquatting campaign. It was downloaded 704 times in the previous two months before being removed. According to ReversingLabs, which detected the activity in August 2023, the package downloaded a Discord bot that facilitated the planting of the open-source rootkit r77.

By exploiting a buffer overflow flaw in the GNU C Library's (glibc) ld.so dynamic loader, a newly discovered Linux vulnerability called Looney Tunables allows local attackers to gain root privileges. The glibc is present in most Linux kernel-based systems, providing essential functionality, including system calls such as open, malloc, printf, and exit, required for the execution of a program. The dynamic loader within glibc is responsible for program preparation and execution on Linux systems that use glibc.

Threat actors in a Business Email Compromise (BEC) campaign are using Dropbox messages to steal Microsoft user credentials. The campaign bypasses security scans based on Natural Language Processing (NLP) and shows how fast these types of attacks evolve. In the first two weeks of September alone, researchers at Check Point Harmony observed over 5,000 attacks where fake login pages directed victims to a credential-harvesting site.

According to Cloudflare, organizations are facing a growing need to connect everything in their business while trying to maintain control over their security, productivity, and competitive growth. Over the past several years, organizations worldwide have seen a significant increase in adopting more Software-as-a-Service (SaaS)-based applications to help teams operate in a hybrid work environment efficiently and collaboratively.