The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI), the US Cybersecurity and Infrastructure Security Agency (CISA), and others, has released a Cybersecurity Advisory (CSA) titled "Iranian Cyber Actors' Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations." The new CSA warns network defenders about malicious activity that can allow persistent access to sensitive systems.

The US Department of Justice (DoJ) has announced charges against two Sudanese nationals for their participation in Distributed Denial-of-Service (DDoS) attacks conducted by the hacker group named "Anonymous Sudan." Anonymous Sudan has targeted critical infrastructure, government organizations, and more with highly disruptive DDoS attacks. The cybercriminals also offered DDoS attack services to take down websites and online services. This article continues to discuss the DoJ's announcement of charges against Anonymous Sudan members and the disruption of their DDoS attack services.

The North Korean threat actor "ScarCruft" exploited a Windows security flaw to infect devices with the "RokRAT" malware. The flaw is a memory corruption bug in the Scripting Engine that enables Remote Code Execution (RCE) when using the Edge browser in Internet Explorer Mode. To exploit it, an attacker must convince a user to click on a specially crafted URL to execute the malicious code. This article continues to discuss findings regarding ScarCruft's delivery of RokRAT malware.

According to security researchers at Symantec, RansomHub is now the number one ransomware operation in terms of claimed successful attacks.  Overall, threat actors claimed 1255 attacks in the third quarter, down slightly from 1325 in Q2.    The researchers noted that RansomHub only became active in February this year but claimed top spot in Q3 with 191 victims posted to leak sites, up 155% on Q2's haul.

New variants of the Android banking trojan "TrickMo" have features for stealing a device's unlock pattern or PIN. According to Aazim Yaswant, a security researcher at Zimperium, these previously undocumented features allow the threat actor to operate on the device even when it is locked. TrickMo, first discovered in the wild in 2019, can grant remote control over infected devices, steal SMS-based One-Time Passwords (OTPs), and display overlay screens to capture credentials. This article continues to discuss findings regarding new TrickMo variants.

A critical vulnerability in Kubernetes could enable unauthorized SSH access to a Virtual Machine (VM) that is running an image created with Kubernetes Image Builder. The Kubernetes Image Builder project lets users create VM images for Cluster API (CAPI) providers running the Kubernetes environment, such as Proxmox or Nutanix. These VMs are used to set up nodes that will become part of a Kubernetes cluster. The vulnerability stems from default credentials being enabled during image-building and not being disabled after the process.

Etay Maor, Chief Security Strategist and founding member of the Cyber Threats Research Lab (CTRL) at Cato Networks, has highlighted how both defenders and attackers could use Artificial Intelligence (AI) in their operations. For example, Maor points out that AI models can be applied to augment human researchers and security products by generating a human-readable report of all security events and alerts with one button. Cybercriminals can conduct prompt injection attacks against AI models used in the analysis of malware code.

Google recently announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.  Google noted that the most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which it handed out a $36,000 bug bounty reward.  The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.

Apparel giant Varsity Brands recently disclosed a data breach impacting a significant number of individuals. Varsity provides uniforms, apparel, and services for sports teams, schools, and student-athletes.  The company said it detected "unusual activity" on its systems in May 2024 and, upon detection, took certain systems offline and launched an investigation with the assistance of external cybersecurity experts.  The company noted that it also notified law enforcement.

A research team led by Wang Chao from Shanghai University has presented a method involving the use of D-Wave's quantum annealing systems to crack classic encryption. The study titled "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage" describes how D-Wave's machines were used to break RSA encryption and attack symmetric encryption systems. Their method raises significant concerns about the future of cybersecurity.