The Allied Pilots Association (APA) says it has made progress in restoring its systems after falling victim to a file-encrypting ransomware attack last week.  The American Airlines pilot union says the incident occurred on October 30 and resulted in certain systems being encrypted.  The restoration efforts, APA said, would focus on pilot-facing products and tools, with full operations expected to be restored later.  Over the weekend, the organization announced that it had restored most functionality, including access to the alliedpilots.org website.

The Gootloader Group is using GootBot, a new destructive post-compromise tool that spreads bots throughout enterprise environments following infiltration. According to researchers with the IBM X-Force threat intelligence group, Gootloader has been active since 2014 and uses Search Engine Optimization (SEO) poisoning to trick victims into downloading infected business document templates for initial compromise.

Five Canadian hospitals have recently confirmed that patient and employee data that was stolen in a ransomware attack has been leaked online.  The data breach impacts Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, along with service provider TransForm Shared Service Organization.  A shared drive was compromised as part of the incident.

Google recently announced patches for 37 vulnerabilities as part of the November 2023 Android security updates, with additional fixes released for Pixel devices.  The first part of the security update addresses 15 vulnerabilities in Android's Framework and System components.  Google noted that the most severe of these issues is a critical security vulnerability in the System component that could lead to local information disclosure with no additional execution privileges needed.

Three researchers have discovered a long-sought way for secretly retrieving information from large databases, bringing us closer to fully private Internet searches. How to retrieve information from a public database without revealing anything about what was accessed is a critical question in cryptography. Developing a strategy to solve this problem, known as private information retrieval, is a valuable building block in many privacy-preserving applications, according to David Wu, a cryptographer at the University of Texas, Austin.

New research by David Choffnes, an associate professor of computer science at Northeastern University, and a team of others explores the privacy and security flaws of smart home devices, also known as the Internet of Things (IoT). The team tested 93 IoT devices to see how they interacted within a local network for the study. They discovered security flaws in the way these devices' mobile apps work.

Google warns of a public Proof-of-Concept (PoC) exploit called Google Calendar RAT (GCR) that uses the Calendar service to host Command-and-Control (C2) infrastructure. Google has yet to observe the use of GCR in the wild, but Mandiant has observed that multiple actors have shared the public PoC on underground forums. The misuse of the Google service makes it difficult for defenders to detect malicious activity. This article continues to discuss threat actors using GCR to abuse Google's Calendar service as C2 infrastructure.

Palo Alto Networks' Unit 42 has revealed an active attack campaign in which a threat actor searches GitHub repositories in real-time for Amazon Identity and Access Management (IAM) credentials and begins using them less than five minutes later. On virtual machines deployed on Amazon instances, the final payload runs customized Monero cryptocurrency mining software. GitHub provides many features for managing code on the platform.

A new Akamai Technologies report titled "The State of Segmentation 2023" highlights the growing number of ransomware attacks and the need for microsegmentation to recover from them. The report is based on a survey of 1,200 computer professionals working for large companies. Although microsegmentation is one of the best ways to protect their digital assets, less than a third of respondents used more than two network segments.

According to a new study on cloud-native security, many cloud adopters do not understand the security risks of moving legacy applications to the cloud, leaving them vulnerable to various cloud-based attacks. Venafi surveyed 800 security and Information Technology (IT) leaders from organizations in the US, UK, Germany, and France. The study explored the top threats and challenges facing cloud-native security.