The Chameleon Android banking trojan has resurfaced with a new version that disables fingerprint and face unlock in order to steal device PINs and take over devices. The technique involves using an HTML page trick to gain access to the Accessibility service and a method to disrupt biometric operations. Earlier Chameleon versions discovered in April this year impersonated Australian government agencies, banks, and the CoinSpot cryptocurrency exchange. They conducted keylogging, overlay injection, cookie theft, and SMS theft on compromised devices.

Bugcrowd, the crowdsourced security platform, has updated its Vulnerability Rating Taxonomy (VRT) to include vulnerabilities in Large Language Models (LLMs). According to Casey Ellis, CSO of Bugrowd, the long-term goal is to "demystify" the technology and foster a more transparent vulnerability reporting environment. He adds that this will help alleviate security and privacy concerns about using generative Artificial Intelligence (AI) models. Bugcrowd's VRT is an open-source platform designed to facilitate the sharing of information regarding known software vulnerabilities.

ESET has recently released patches for several of its endpoint and server security products to address a high-severity vulnerability that could have been exploited to cause web browsers to trust sites that should not be trusted.  ESET noted that the flaw tracked as CVE-2023-5594 affected their products' SSL/TLS protocol scanning feature.  It could have caused browsers to trust websites with certificates signed with outdated and insecure algorithms.

Google recently announced emergency patches for a Chrome vulnerability that is under active exploitation.  This is the eighth zero-day documented this year.  Google noted that the issue is tracked as CVE-2023-7024 and is a high-severity heap buffer overflow bug in Chrome’s WebRTC component.  WebRTC (Web Real-Time Communication) is an open-source project that provides real-time communication via APIs.  Google is aware that an exploit for CVE-2023-7024 exists in the wild.

Researchers at OTORIO have highlighted cybersecurity risks associated with modern Physical Access Control Systems (PACS). The researchers showed that PACS, especially those using the Open Supervised Device Protocol (OSDP), inadvertently created a potential entry point into an organization's internal IP network. The study demonstrates how cybercriminals could exploit doors equipped with cutting-edge building access control measures.

A bipartisan proposal in the recently passed defense policy bill will form a working group to address previously identified cybersecurity gaps in the nation's nuclear weapons systems. The provision, which was first introduced in June, was included in the fiscal year 2024 National Defense Authorization Act (NDAA).

As part of its global Secure by Design campaign, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) on the whitepaper titled "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software." CISA and its partners seek information on topics, including incorporating security early in the Software Development Life Cycle (SDLC), recurring vulnerabilities, Operational Technology (OT), the economics of Secure by Design, and more, to better inform the agency's Secure by Design campaign.

The ransomware gang ALPHV/BlackCat has announced that its network of affiliates can now target nuclear power plants, hospitals, and critical infrastructure. The move is a response to recent FBI enforcement activity. ALPHV/BlackCat made the announcement on its leak website, which had been offline since December 7, when it was believed to have been shut down by law enforcement. The previously closed ALPHV/BlackCat website briefly displayed an FBI seizure notice.

A ransomware attack on ESO, a provider of Emergency Medical Services (EMS) software, involves the sensitive details of millions of people, including their healthcare data. One impacted system contained information about patients associated with ESO's customers. SSNs were only exposed in a few cases. Healthcare data can be sold on dark web forums to malicious actors who want to commit medical identity theft. This type of identity theft involves using stolen information to submit forged claims to Medicare and other health insurers.

AT&T Alien Labs researchers discovered JaskaGO, a previously undetected Go-based information stealer that targets Windows and macOS systems. JaskaGO supports a wide range of commands and maintains persistence in various ways. The malware's macOS variant was discovered in July 2023, spreading in the form of installers for pirated legitimate software such as CapCut or AnyConnect. According to the researchers, the recent malware sample still has a low detection rate.