Researchers suspect the mass exploitation of vulnerabilities in Progress Software's WS_FTP Server. Researchers at Rapid7 first observed evidence of exploitation across multiple instances of WS_FTP on September 30. Progress recently released fixes for eight vulnerabilities in WS_FTP, including one with a CVSS severity rating of 10. The company said that there was no evidence of exploitation at the time. Researchers did not specify which vulnerabilities were being exploited, but it appeared that "one or more" of the eight vulnerabilities detailed in Progress' advisory were being targeted.

A nonprofit organization that develops communications standards reported that hackers stole a database containing user information. The European Telecommunications Standards Institute (ETSI) disclosed the incident last week. It is currently unclear whether the attack was motivated by financial gain or whether the hackers intended to acquire the user list for espionage purposes. Following the incident, ETSI called on France's cybersecurity agency ANSSI to investigate and restore the affected information systems.

The potential for cybercriminals to use AI chatbots to create phishing campaigns has been cause for concern, and now security researchers at Egress have found that it is almost impossible to detect AI-generated phishing emails.  The researchers noted that AI detectors cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four (71.4%).  The researchers stated that the reason for this is due to how AI detectors work.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that its security advisories for Industrial Control Systems (ICS), Operational Technology (OT), and medical devices now include the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard to transform the vulnerability management landscape. In the current risk environment, it is difficult for organizations to manage the increasing number and complexity of new vulnerabilities.

According to security researchers at GreyNoise, in-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.  The vulnerability tracked as CVE-2023-42793 impacts the on-premises version of TeamCity, and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution and gain administrative control of the system.

The National Security Agency (NSA) recently launched the NSA Codebreaker Challenge 2023, igniting the minds of aspiring codebreakers across the nation. Commencing on Thursday, September 28th, and running until December 21st, 2023, this annual competition presents students from U.S.-based academic institutions with the opportunity to showcase their reverse engineering prowess while tackling nine thrilling mission-oriented scenarios. This year's challenge revolves around a problem set rooted in a fictional unknown signals origin, as identified by the U.S. Coast Guard.

Prospect Medical Holdings operates over 150 clinics and dozens of hospitals in Southern California, Connecticut, Pennsylvania, and Rhode Island. In a notice sent to impacted clients on September 29, the organization disclosed that an "unauthorized party gained access to its IT network." The attack allegedly occurred between July 31 and August 3 of this year. The company's internal investigation revealed that threat actors accessed files containing employee and dependent information.

Researchers have found BunnyLoader, another Malware-as-a-Service (MaaS) threat, being sold on the cybercrime underground. According to Zscaler ThreatLabz researchers, BunnyLoader provides different functionalities such as downloading and executing a second-stage payload, stealing browser credentials, and more. Its other capabilities include running remote commands on the infected machine, a keylogger to collect keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses.

The LostTrust ransomware campaign is believed to be a rebranding of MetaEncryptor, using nearly identical data leak sites and encryptors. LostTrust started attacking organizations in March 2023, but it did not become widely known until September when a data leak site went live. Currently, the site lists 53 victims worldwide, some of whom have already had their data leaked for not paying the demanded ransom. It is unknown whether the ransomware group only targets Windows devices or also uses a Linux encryptor.

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International.  The cybercrime group claims to have exfiltrated 27TB of sensitive data from Johnson Controls.  The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the US.