According to security researchers at GreyNoise, in-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.  The vulnerability tracked as CVE-2023-42793 impacts the on-premises version of TeamCity, and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution and gain administrative control of the system.

The National Security Agency (NSA) recently launched the NSA Codebreaker Challenge 2023, igniting the minds of aspiring codebreakers across the nation. Commencing on Thursday, September 28th, and running until December 21st, 2023, this annual competition presents students from U.S.-based academic institutions with the opportunity to showcase their reverse engineering prowess while tackling nine thrilling mission-oriented scenarios. This year's challenge revolves around a problem set rooted in a fictional unknown signals origin, as identified by the U.S. Coast Guard.

Prospect Medical Holdings operates over 150 clinics and dozens of hospitals in Southern California, Connecticut, Pennsylvania, and Rhode Island. In a notice sent to impacted clients on September 29, the organization disclosed that an "unauthorized party gained access to its IT network." The attack allegedly occurred between July 31 and August 3 of this year. The company's internal investigation revealed that threat actors accessed files containing employee and dependent information.

Researchers have found BunnyLoader, another Malware-as-a-Service (MaaS) threat, being sold on the cybercrime underground. According to Zscaler ThreatLabz researchers, BunnyLoader provides different functionalities such as downloading and executing a second-stage payload, stealing browser credentials, and more. Its other capabilities include running remote commands on the infected machine, a keylogger to collect keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses.

The LostTrust ransomware campaign is believed to be a rebranding of MetaEncryptor, using nearly identical data leak sites and encryptors. LostTrust started attacking organizations in March 2023, but it did not become widely known until September when a data leak site went live. Currently, the site lists 53 victims worldwide, some of whom have already had their data leaked for not paying the demanded ransom. It is unknown whether the ransomware group only targets Windows devices or also uses a Linux encryptor.

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International.  The cybercrime group claims to have exfiltrated 27TB of sensitive data from Johnson Controls.  The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the US.

An Israeli surveillanceware company used the three recently revealed Apple zero-day vulnerabilities to create an exploit chain for iPhones, and a Chrome zero-day to exploit Androids in a novel attack against Egyptian organizations. According to a recent report by Google's Threat Analysis Group (TAG), "Intellexa" used the special access it gained through the exploit chain to install its "Predator" spyware on unidentified targets in Egypt. Predator was initially developed by Cytrox, one of several spyware developers that Intellexa has absorbed in recent years.

According to NETSCOUT, cybercriminals launched about 7.9 million Distributed Denial-of-Service (DDoS) attacks in the first half of 2023, a 31 percent increase year-over-year. Recent DDoS attack growth has been fueled by global events such as the Russia-Ukraine war and NATO bids. NETSCOUT observed a global increase of 79 percent in DDoS attacks against wireless telecommunications providers during the second half of 2022.

The official website of the UK’s royal family on Sunday was taken offline by a distributed denial of service (DDoS) attack.  According to reports, the Royal.uk site was unavailable for around 90 minutes, starting at 10 am local time.  It was fully functional again soon after.  Notorious Russian hacktivist group Killnet has reportedly boasted on its Telegram channel of being responsible for the attack, although that has yet to be confirmed.

Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND) is a new cyberpsychology research program from the US Defense Department's Intelligence Advanced Research Projects Activity (IARPA) that focuses on how cybercriminals act and think. According to IARPA program manager Kimberly Ferguson-Walter, the ReSCIND program aims to research the cyberpsychology of cybercriminals to identify their cognitive flaws and improve cybersecurity.