According to cybersecurity expert Daniel Miessler, a potential data exposure issue within a built-in capability of the digital business platform ServiceNow has been identified, which could enable unauthenticated users to extract data from records. The types of data exposed include names, email addresses, and internal documents. The exposure likely impacts thousands of companies. Miessler suspects the vulnerability stems from a misconfiguration of a widget or component in ServiceNow's system called Simple List, which organizes records into easily readable tables.

A threat actor has been using blockchain technology to hide malicious code in a campaign involving fake browser updates that distribute malware, including RedLine, Amadey, and Lumma. Although the abuse of blockchain technology is typically seen in attacks targeting cryptocurrency, the EtherHiding technique shows how attackers can use it for other types of malicious activity. Over the past two months, Guardio researchers have been observing the campaign dubbed ClearFake, in which users are tricked into downloading malicious fake browser updates from at least 30 compromised WordPress sites.

A Proofpoint and Ponemon Institute survey found that 66 percent of healthcare organizations affected by the most common types of cyberattacks reported disruptions to patient care. Fifty-seven percent reported poor patient outcomes as a result of delays in procedures and tests, 50 percent reported an increase in medical procedure complications, and 23 percent revealed an increase in patient mortality rates. These numbers suggest that healthcare organizations have made little progress in mitigating the threat of cyberattacks to patient safety and well-being.

According to a new report from the threat detection and response company Vade Secure SASU, phishing and malware attacks increased significantly in the third quarter, to the point where the number of attacks is among the highest ever recorded for a quarter. The Vade Q3 Phishing and Malware Report found that phishing attacks increased by 173 percent over the previous quarter, from 180.4 million to 493.2 million. The report also reveals a 110 percent increase in malware attacks, with 125.7 million emails infected as opposed to 60 million in the second quarter.

Cybersecurity researchers at Proofpoint have identified a rising trend in threat activity that employs fake browser updates to disseminate malware.  Fake browser updates are compromised websites that display fake notifications mimicking popular browsers like Chrome, Firefox, or Edge, luring users into downloading malicious software instead of legitimate updates.  The researchers stated that TA569, a threat actor, has been using fake browser updates for over five years to deliver SocGholish malware.  Recently, other threat actors have adopted this strategy.

Attackers have exploited a recently disclosed critical zero-day vulnerability to infect thousands of Cisco IOS XE devices with malicious implants. According to the threat intelligence company VulnCheck, the maximum severity vulnerability, tracked as CVE-2023-20198, has been widely exploited in attacks against Cisco IOS XE routers and switches with the Web User Interface (Web UI) and HTTP or HTTPS Server feature enabled. VulnCheck scanned Internet-facing Cisco IOS XE web interfaces and found that there are thousands of compromised and infected hosts.

Milesight's industrial cellular routers may have been actively exploited in real-world attacks, according to new research from VulnCheck. The exploited vulnerability, tracked as CVE-2023-43261, has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7. Remote and unauthenticated attackers could gain unauthorized access to the web interface, enabling them to configure Virtual Private Network (VPN) servers and disable firewall protections.

The National Security Agency (NSA) has recently published a repository of tools to help critical infrastructure entities hunt for malicious activity in ICS and other OT environments.  Named Elitewolf, the GitHub repository contains ICS/SCADA/OT-focused intrusion detection signatures and analytics that should enable defense industrial base (DIB), national security systems (NSS) and services, and other critical infrastructure owners and operators to implement continuous system monitoring.