A new cyberattack campaign has been distributing a novel malware loader called GHOSTPULSE via fake MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. According to Joe Desimone, researcher at Elastic Security Labs, MSIX is a Windows app package format that developers can use to package, distribute, and install their applications for Windows users.

Multiple malicious Google Play Android apps downloaded over two million times push intrusive advertisements to users while hiding their presence on infected devices. Dr. Web's analysts identified trojans associated with the 'FakeApp,' 'Joker,' and 'HiddenAds' malware families on Google Play. According to Dr. Web, once these apps are installed on a victim's device, they hide by replacing their icons with those of Google Chrome or by using a transparent icon image to create empty space in the app drawer.

President Biden has issued an Executive Order to ensure that the US maximizes the potential of Artificial Intelligence (AI) and mitigates its risks. As AI's capabilities continue to increase, so do its implications for the safety and security of Americans. Through this Executive Order, the President directs calls for sweeping actions to be taken to protect Americans from the potential threats posed by AI systems. This article continues to discuss the new standards for AI safety and security.

The emergence of generative Artificial Intelligence (AI) has created new challenges for security teams. For CISOs, generative AI tools have brought on new potential issues, from enabling deepfakes that are nearly indistinguishable from reality to creating sophisticated phishing emails to take over accounts. The challenge posed by generative AI extends beyond Identity and Access Management (IAM), with attack vectors ranging from more innovative methods to infiltrate code to the exposure of sensitive proprietary data.

Modern processors have a fundamental flaw in their hardware architecture that allows adversaries to steal sensitive data. This insight arose from the Spectre attack reported in 2018, which affected many devices and operating systems. Apple was one of the manufacturers that developed countermeasures in response to this. However, according to researchers, even in 2023, Mac and iOS systems are inadequately protected against this type of attack.

Users of NextGen HealthCare's open-source data integration platform Mirth Connect are urged to update to the latest version because of an unauthenticated Remote Code Execution (RCE) flaw. Mirth Connect, also known as the "Swiss Army knife of healthcare integration," is a cross-platform interface engine that the healthcare industry uses to communicate and exchange data between disparate systems in a standardized way. The vulnerability, tracked as CVE-2023-43208, has been fixed in version 4.4.1, released on October 6, 2023.

According to Microsoft, the sophistication of 0ktapus, one of the most dangerous financial criminal groups, is increasing. The 0ktapus group recently made headlines for its disruptive ransomware attacks against MGM and Caesars Entertainment. The English-speaking group, also known as Scatter Swine, UNC3944, or Octo Tempest, typically uses Adversary-in-the-Middle (AitM) methods, social engineering involving calling targets, and SIM swapping. It has been known to conduct cryptocurrency theft, data leak extortion, and ransomware attacks.

Several high-ranking members of congress were apparent targets of Vietnamese agents recently. The hackers tried to infect members' phones with spyware. Congressman Michael McCaul Chair of the House Foreign Affairs Committee, and Senator Gary Peters chair of the Senate Homeland Security and Government Affairs Committee were specified. There was no evidence that the spyware actually was implanted on the phones and staff contacted said they hadn’t clicked on any suspicious links.

A team of researchers, led by IMDEA Networks and Northeastern University together with NYU Tandon School of Engineering, Universidad Carlos III de Madrid, IMDEA Software, the University of Calgary, and the International Computer Science Institute, has shared findings regarding the security and privacy challenges posed by Internet of Things (IoT) devices in smart homes.

Researchers at San Diego State University (SDSU) are developing methods to protect power grids from the effects of cyberattacks and natural disasters. They will explore "energy space" to better understand power grid dynamics. In researching energy space, the team is developing a sensing and control system to monitor power distribution grids that host energy storage structures, renewables, and electric vehicles. Power grid blackouts have occurred because of cyberattacks and natural disasters.