The US cybersecurity agency CISA recently added four bugs impacting multiple Qualcomm chipsets to its Known Exploited Vulnerabilities (KEV) Catalog.  All four issues were identified by Google’s Threat Analysis Group and Google Project Zero, which often report security defects exploited by commercial spyware vendors.  CISA noted that three of the flaws tracked as CVE-2023-33106, CVE-2023-33107, and CVE-2023-33063 were patched in October 2023 as zero days after Qualcomm learned from Google’s researchers that they were likely exploited in the wild.

North Carolina State University researchers discovered that Artificial Intelligence (AI) tools are more vulnerable than previously thought to attacks aimed at forcing AI systems to make bad decisions. According to the researchers, the issue is what are known as "adversarial attacks," in which someone manipulates the data fed into an AI system in order to confuse it. For example, a hacker could install code on an X-ray machine to modify image data in order to cause an AI system to make incorrect diagnoses.

In recent years, there has been more access to cost-effective and efficient means and services for executing Denial-of-Service (DoS) attacks. Ongoing global conflicts have sparked many DoS attacks. The "ENISA Threat Landscape for DoS Attacks" report delves into the motivations and consequences of DoS attacks, with the goal of helping organizations strengthen their defenses against such attacks. The findings come from a thorough mapping and analysis of DoS incidents from January 2022 to August 2023.

According to the Cybersecurity and Infrastructure Security Agency (CISA), hackers compromised public-facing servers at a US federal agency in June and July by exploiting a vulnerability in a popular Adobe product. The hackers exploited a bug impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), as well as earlier installations of the software no longer supported by Adobe. CISA says there is no evidence of data exfiltration or lateral movement by the hackers.

The AlphV/BlackCat ransomware group claims to have infiltrated the systems of the accounting software vendor Tipalti and plans to "go direct" to the company's clients to extort them. BlackCat says it has exfiltrated over 265GB of "confidential" data belonging to the company, its employees, and its clients. Based on their apparent understanding that Tipalti's cyber insurance policy does not cover extortion and an evaluation of its internal discussions, the criminals believe their chances of receiving an extortion payment directly from Tipalti are low.

The popular GST Invoice Billing Inventory (previously known as Book Keeper) app with more than 1 million downloads has left a database open, exposing sensitive personal and corporate data. The app for small and midsize businesses (SMBs) is one of thousands of apps on Google Play that have sensitive data hard-coded into the client side. This means that threat actors can access Application Programming Interface (API) keys, Google Storage buckets, and unprotected databases. They can exploit that information by analyzing publicly available information about apps.

According to security researchers at Abnormal Security, brand impersonation in cyberattacks has reached new levels of sophistication.  Traditionally observed in financial institutions and social media sites, threat actors are now employing multi-stage attacks with a high degree of personalization.  The researchers published a study that revealed a case where attackers impersonated the popular streaming service Disney+ in an intricate scheme.

The Cybersecurity and Infrastructure Security Agency (CISA) released the Cybersecurity Performance Goals (CPGs) in October 2022 to help organizations of all sizes and levels of cyber maturity gain confidence in their cybersecurity posture and reduce business risk. CISA outlined four CPGs that organizations could implement earlier this summer as the first steps toward improved cybersecurity.

The Polish Cyber Command has warned that the Russian state-backed hacking group Forest Blizzard, also known as Fancy Bear and APT28, has been targeting public and private entities in Poland by exploiting a known Microsoft Outlook vulnerability, tracked as CVE-2023-23397. APT28 has a history of targeting government, non-governmental, energy, and transportation organizations in the US, Europe, and the Middle East. The Computer Security Incident Response Team of the Polish National Research Institute (CSIRT NASK) detected and reported new attacks linked to the group.

Malicious actors can use a new "post-exploitation tampering technique" to trick a target into thinking their Apple iPhone is in Lockdown Mode when it is not, allowing them to perform covert attacks. According to Jamf Threat Labs, if a hacker has already infiltrated a user's device, they can cause Lockdown Mode to be bypassed when the user activates it. The goal is to enable Fake Lockdown Mode on a device that an attacker has compromised through other means, such as unpatched security flaws.