A new variant of the RomCom backdoor was used against Women Political Leaders (WPL) Summit participants. The conference is focused on gender equality and women in politics. The campaign involved a fake website mimicking the official WPL portal. A Trend Micro report analyzing the new variant warns that its operators, tacked as Void Rabisu, have been using a stealthier backdoor and a new TLS-enforcement technique in the command-and-control (C2) communications to make discovery more difficult.

According to security researchers at Sophos X-Ops' unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  The researchers noted that despite Progress Software releasing a patch for the WS_FTP Server vulnerability (tracked CVE-2023-40044) just last month, not all servers have been updated, leaving them vulnerable to exploitation.  The researchers saw an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group.

SpyNote, an Android banking Trojan, has been examined to expose its diverse information-gathering capabilities. According to F-Secure, attack chains involving the spyware typically spread via SMS phishing campaigns and trick potential victims into installing the app by clicking on the embedded link. In addition to requesting invasive permissions to access call records, camera, SMS messages, and external storage, SpyNote hides its presence from the Android home screen and Recents screen in an effort to make detection difficult.

Using X's (formerly known as Twitter) newly implemented verification system, fraudsters are impersonating brands and stealing personal information. The blue checkmark was designated for verified companies and influencers. However, following the acquisition of the microblogging giant and a period of declining users and revenue, Elon Musk changed the rules, allowing anyone to obtain one for a monthly fee. The site's new, lenient approach to authentication has made it easier for scammers to operate.

In the wake of the Israel-Gaza conflict, researchers at Cloudflare have observed threat actors targeting Israeli rocket alerting applications to spread fear and mobile spyware.  The researchers noted that with thousands of rockets launched since Hamas attacked Israel on October 7, individuals in Israel rely on several mobile applications to receive timely alerts about incoming airstrikes and seek safety.  Pro-Palestinian hacktivist group AnonGhost claimed to have targeted various such applications, succeeding in compromising at least one.

Researchers from the University of South Australia have been successful in preventing Man-in-the-Middle (MitM) attacks on autonomous military robots by teaching the robot to detect MitM attacks using an algorithm. They prevented the MitM attack on an autonomous US Army robot. The intrusion detection algorithm trained the robot to identify and thwart such an attack. The algorithm was effective in 99 percent of cases and the false positive rate was less than 2 percent.

The US Environmental Protection Agency (EPA) recently withdrew cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations.  The EPA announced in March that it would require states to report on cybersecurity threats in their public water system audits.  Soon after the new cybersecurity requirements were announced, the attorney generals of Missouri, Arkansas, and Iowa took legal action to challenge the EPA’s memo, arguing that meeting the new requirements would put a significant financial burden on small towns.

The European Telecommunications Standards Institute (ETSI) is considering open-sourcing the proprietary encryption algorithms used to secure emergency radio communications in response to the public backlash caused by the discovery of security vulnerabilities this summer. Claire Boyer, a spokesperson for the European standards body, announced that the ETSI Technical Committee responsible for the Terrestrial Trunked Radio (TETRA) algorithms is discussing whether or not to make them public.

According to a new study conducted by the National Institutes of Health Clinical Center (NIH CC), locally run Large Language Models (LLMs) may be a feasible option for extracting data from text-based radiology reports while protecting patient privacy. ChatGPT and GPT-4, two recently released LLM models, have garnered much attention but are incompatible with healthcare data due to privacy constraints. This article continues to discuss the research on locally run LLMs being a workable option for extracting data from text-based radiology reports while preserving patient privacy.

AT&T warns of a new trend of malicious QR codes being embedded in phishing attempts. Some users recently received an email from Microsoft with an attached PDF file containing a QR code and an urgent message instructing users to enable multi-factor authentication (MFA). After scanning the QR code, users were redirected to a fake Microsoft sign-in page where they entered their username and password. Once entered, their legitimate login credentials were then stored and made available to the threat actor.