A nonprofit organization that develops communications standards reported that hackers stole a database containing user information. The European Telecommunications Standards Institute (ETSI) disclosed the incident last week. It is currently unclear whether the attack was motivated by financial gain or whether the hackers intended to acquire the user list for espionage purposes. Following the incident, ETSI called on France's cybersecurity agency ANSSI to investigate and restore the affected information systems.

The potential for cybercriminals to use AI chatbots to create phishing campaigns has been cause for concern, and now security researchers at Egress have found that it is almost impossible to detect AI-generated phishing emails.  The researchers noted that AI detectors cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four (71.4%).  The researchers stated that the reason for this is due to how AI detectors work.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that its security advisories for Industrial Control Systems (ICS), Operational Technology (OT), and medical devices now include the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard to transform the vulnerability management landscape. In the current risk environment, it is difficult for organizations to manage the increasing number and complexity of new vulnerabilities.

According to security researchers at GreyNoise, in-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced.  The vulnerability tracked as CVE-2023-42793 impacts the on-premises version of TeamCity, and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution and gain administrative control of the system.

The National Security Agency (NSA) recently launched the NSA Codebreaker Challenge 2023, igniting the minds of aspiring codebreakers across the nation. Commencing on Thursday, September 28th, and running until December 21st, 2023, this annual competition presents students from U.S.-based academic institutions with the opportunity to showcase their reverse engineering prowess while tackling nine thrilling mission-oriented scenarios. This year's challenge revolves around a problem set rooted in a fictional unknown signals origin, as identified by the U.S. Coast Guard.

Prospect Medical Holdings operates over 150 clinics and dozens of hospitals in Southern California, Connecticut, Pennsylvania, and Rhode Island. In a notice sent to impacted clients on September 29, the organization disclosed that an "unauthorized party gained access to its IT network." The attack allegedly occurred between July 31 and August 3 of this year. The company's internal investigation revealed that threat actors accessed files containing employee and dependent information.

Researchers have found BunnyLoader, another Malware-as-a-Service (MaaS) threat, being sold on the cybercrime underground. According to Zscaler ThreatLabz researchers, BunnyLoader provides different functionalities such as downloading and executing a second-stage payload, stealing browser credentials, and more. Its other capabilities include running remote commands on the infected machine, a keylogger to collect keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses.

The LostTrust ransomware campaign is believed to be a rebranding of MetaEncryptor, using nearly identical data leak sites and encryptors. LostTrust started attacking organizations in March 2023, but it did not become widely known until September when a data leak site went live. Currently, the site lists 53 victims worldwide, some of whom have already had their data leaked for not paying the demanded ransom. It is unknown whether the ransomware group only targets Windows devices or also uses a Linux encryptor.

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International.  The cybercrime group claims to have exfiltrated 27TB of sensitive data from Johnson Controls.  The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the US.

An Israeli surveillanceware company used the three recently revealed Apple zero-day vulnerabilities to create an exploit chain for iPhones, and a Chrome zero-day to exploit Androids in a novel attack against Egyptian organizations. According to a recent report by Google's Threat Analysis Group (TAG), "Intellexa" used the special access it gained through the exploit chain to install its "Predator" spyware on unidentified targets in Egypt. Predator was initially developed by Cytrox, one of several spyware developers that Intellexa has absorbed in recent years.