In response to a rise in supply chain cyberattacks over the past five years, the National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Recommendations for Software Bill of Materials (SBOM) Management." This CSI offers guidance to network owners and operators on integrating SBOM use to help protect the cybersecurity supply chain, with some additional guidance for National Security Systems (NSS).

In collaboration with researchers from three other organizations, MITRE has released a draft of a new threat-modeling framework for those who make embedded devices used in critical infrastructure environments. The new EMB3D Threat Model aims to provide device makers with a common understanding of the vulnerabilities in their technologies that are being targeted by attacks, as well as the security mechanisms for addressing those vulnerabilities.

Group-IB warns that a hacking group dubbed GambleForce has been targeting businesses and government agencies in attacks involving exploiting SQL injection flaws. In September, the company discovered and gained access to a command-and-control (C2) server used by the group, which regularly targets gambling companies and other types of organizations.

Microsoft has disrupted Storm-1152, an alleged threat actor group that built Cybercrime-as-a-Service (CaaS) businesses. CaaS is a business model in which adversaries with superior skills create attack tools, such as automated bots, to sell to other fraudsters who may not be technically savvy, thus increasing cybercrime and fraud opportunities. The CaaS model encourages and enables more people to commit fraud at a rate and volume that can overwhelm even the most experienced internal Security Operation Center (SOC) teams.

Volt Typhoon, also known as Bronze Silhouette, a Chinese state-sponsored Advanced Persistent Threat (APT) hacking group, has been linked to a botnet called KV-botnet, which it has been using since at least 2022 to attack Small Office Home Office (SOHO) routers in high-value targets. The APT mainly targets routers, firewalls, and Virtual Private Network (VPN) devices to proxy malicious traffic so that it blends in with legitimate traffic and thus goes undetected.

According to security researchers at Chainalysis, approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021.  The researchers estimate that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023.  The researchers noted that approval phishing is a type of crypto scam in which attackers attempt to trick targets into signing a malicious blockchain transaction that gives their address approval to spend specific tokens inside the victim’s wallet.

A database owned and operated by DonorView exposed nearly a million records containing Personally Identifiable Information (PII) of donors who sent money to non-profits. DonorView provides a cloud-based fundraising platform used by schools, charities, religious institutions, and other charitable or philanthropic organizations. Jeremiah Fowler, an information security researcher, discovered 948,029 records exposed online, including donor names, addresses, phone numbers, emails, payment methods, and more.

According to a recent study by researchers from ZeroFox, the share of ransomware attacks by the infamous LockBit 3.0 hackers is slowly declining. In Europe, there is also a slow decline, but it is almost negligible. The number of ransomware attacks claimed by the notorious hacker gang LockBit 3.0 has decreased over the past year. This hacker gang accounted for about 15 percent of all ransomware attacks in the third quarter of 2023. This percentage was still around 29 percent of the total in the first quarter of this year.

The LockBit ransomware operation is now starting to recruit affiliates and developers from the BlackCat/ALPHV and NoEscape ransomware gangs after recent disruptions and exit scams.  Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.  According to affiliates associated with NoEscape, the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites.