Malware, believed to just be a cryptocurrency miner was, in fact, a sophisticated spy platform for Windows and Linux systems. It has already infected more than one million people. When it was first detected in 2017, StripedFly was regarded as a mainly ineffective malware for cryptocurrency mining. However, since then, it has been functioning as a complex piece of modular malware that enables attackers to gain persistence on networks, visibility over their activity, and the ability to exfiltrate credentials and other data, according to researchers.

According to GuidePoint Security, ransomware activity continued to increase in the third quarter of 2023. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15 percent rise in ransomware activity due to an increase in the number of ransomware groups, including the discovery of 10 new groups. GRIT tracked 1,353 publicly posted ransomware victims claimed by 46 different threat groups during the third quarter.

The Pwn2Own Toronto 2023 hacking contest started yesterday, and participants successfully hacked NAS devices, printers, mobile phones, and other devices, earning more than $400,000 on the first day.  The highest reward of the day went to team Orca of Sea Security, which executed a two-vulnerability exploit chain (out-of-bounds read and use-after-free) against the Sonos Era 100 speaker, earning $60,000.  The Pentest Limited team earned the second highest reward of the day, at $50,000, for an improper input validation exploit targeting the Samsung Galaxy S23 mobile phone.

By grigby1 

By aekwall 

By krahal

Seiko Group Corporation (SGC) has recently revealed the extent of a data breach that it disclosed initially in August.  The company's latest notice focuses on the security of 60,000 records.  The data breach notification, originally published on its website on August 10, resulted from unauthorized access detected on July 28, 2023, after the ransomware gang BlackCat listed Seiko on its data leak site.

According to the Identity Theft Resource Center (ITRC), nearly three-quarters (73%) of US small business owners reported a cyberattack last year, with employee and customer data most likely to be targeted in data breaches.  The ITRC compiled its data from interviews with 551 small business owners and employees.  The ITRC found that, despite experiencing a record number of attacks, most (85%) of the respondents said they were ready to respond to a cyber incident, up from 70% last year.

According to security researchers at Comparitech, ransomware breaches have cost the US economy tens of billions of dollars in downtime alone over the past seven years.  The researchers analyzed data on all known ransomware attacks affecting medical organizations between 2016 and mid-October 2023, looking at specialist IT news, data breach reports, and state reporting tools.  During the time period, there were 539 reported attacks on healthcare organizations, impacting an estimated 9780 separate hospitals, clinics, and other organizations.

Scientists at the University of Sheffield have found that Natural Language Processing (NLP) tools, such as ChatGPT, can be tricked into generating malicious code, which could lead to cyberattacks. The study is said to be the first to demonstrate that NLP models can be used to attack real-world computer systems in various industries. The results show that Artificial Intelligence (AI) language models are vulnerable to simple backdoor attacks, such as planting a Trojan Horse, which could be activated anytime to steal data or disrupt services.