Microsoft has recently fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively exploited in the wild.  October’s Patch Tuesday fixed 104 vulnerabilities, only 12 of which were labeled “Critical.” The first zero-day bug, CVE-2023-41763, is an elevation of privilege vulnerability in Skype, which allows an attacker to send a specially crafted network call to a target Skype for Business server.  The second zero-day is CVE-2023-36563, an information disclosure vulnerability in WordPad that allows disclosure of NTLM hashes.

Threat actors continue to exploit a critical vulnerability in unpatched NetScaler Gateways, inserting malicious scripts into the HTML content of the authentication web page in order to steal user credentials. The vulnerability, tracked as CVE-2023-3519, was reported in July when the Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its catalog of Known Exploited Vulnerabilities (KEV).

Researchers at Cybernews have further revealed the intrusive nature of Android apps. According to Statista, Android dominates the global mobile operating system (OS) market with a 70.5 percent share. However, while this popular OS provides app developers with a great deal of flexibility, it also poses a threat to user data protection and privacy. In the most recent Cybernews study, 50 apps dedicated to personal finance, such as payment providers, investment platforms, cryptocurrency, and more, were examined.

Google recently announced the release of Chrome 118 to the stable channel with fixes for 20 vulnerabilities, including 14 reported by external researchers.  Google noted that the most severe of the externally reported flaws is CVE-2023-5218, a critical bug described as a use-after-free issue in Site Isolation, Chrome’s component responsible for preventing sites from stealing other sites’ data.

According to the 2023 Financial Services Sector Threat Landscape report by Trustwave SpiderLabs, the most commonly spoofed companies in phishing emails aimed at the financial services industry are Microsoft and American Express. The report cited phishing and email-borne malware as the most used methods for gaining a foothold within organizations. These developments have contributed to these attacks' continued relevance and effectiveness.

In an attempt to steal Microsoft account credentials, hackers are using LinkedIn Smart Links in phishing attacks to circumvent security measures and avoid detection. Smart Links are a component of LinkedIn's Sales Navigator service, which is used for marketing and tracking, enabling business accounts to email content with trackable links to look at engagement. Smart Links use LinkedIn's domain followed by an eight-character code parameter, so they appear to come from a trustworthy source and are able to evade email security.

Microsoft has attributed the exploitation of a critical vulnerability in Atlassian Confluence Data Center and Server to the nation-state actor Storm-0062, also known as DarkShadow or Oro0lxy. Since September 14, 2023, the company's threat intelligence team has observed the vulnerability being exploited in the wild. According to Microsoft, any device with a network connection to a vulnerable application can exploit the vulnerability, tracked as CVE-2023-22515, to create a Confluence administrator account within the application.

According to a recent survey conducted by Integrity360, IT security decision makers are concerned about the use of AI by cybercriminals, particularly surrounding deepfakes, and many believe AI is increasing the number of cybersecurity attacks.  The results found that 68% of respondents expressed concerns about cybercriminals using deepfakes to target their organizations.  The company noted that a significant majority (58%) of participants agreed that AI is increasing the number of cyberattacks.

According to WatchGuard, endpoint malware detections decreased by 8 percent in the second quarter of 2023 compared to the previous quarter. However, the volume of endpoint malware detections caught by 10 to 50 systems or 100 or more systems increased by 22 percent and 21 percent, respectively. The rise in detections among more machines suggests widespread malware campaigns grew from the first quarter of 2023 to the second quarter. Double-extortion attacks launched by ransomware groups increased by 72 percent quarter over quarter, with 13 new extortion groups.

In a new report, security researchers at Critical Start claimed that the education sector is a prime target for threat actors, with 29% of attacks originating from vulnerability exploitation and 30% from phishing campaigns on K-12 schools in 2023.  Another key finding by the researchers is the increasing use of Quick Response (QR) codes in phishing attacks.  The researchers noted that in these attacks, cybercriminals disguise themselves as Microsoft security notifications and embed QR codes within PNG images or PDF attachments to deceive victims.