Attackers have exploited a recently disclosed critical zero-day vulnerability to infect thousands of Cisco IOS XE devices with malicious implants. According to the threat intelligence company VulnCheck, the maximum severity vulnerability, tracked as CVE-2023-20198, has been widely exploited in attacks against Cisco IOS XE routers and switches with the Web User Interface (Web UI) and HTTP or HTTPS Server feature enabled. VulnCheck scanned Internet-facing Cisco IOS XE web interfaces and found that there are thousands of compromised and infected hosts.

Milesight's industrial cellular routers may have been actively exploited in real-world attacks, according to new research from VulnCheck. The exploited vulnerability, tracked as CVE-2023-43261, has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7. Remote and unauthenticated attackers could gain unauthorized access to the web interface, enabling them to configure Virtual Private Network (VPN) servers and disable firewall protections.

The National Security Agency (NSA) has recently published a repository of tools to help critical infrastructure entities hunt for malicious activity in ICS and other OT environments.  Named Elitewolf, the GitHub repository contains ICS/SCADA/OT-focused intrusion detection signatures and analytics that should enable defense industrial base (DIB), national security systems (NSS) and services, and other critical infrastructure owners and operators to implement continuous system monitoring.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, and international partners have released a Cybersecurity Information Sheet (CSI) to provide guidance for technology manufacturers to ensure that their products are secure by design. The joint CSI supplements the April 2023 report "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software" with additional guidance.

Microsoft announced that its Microsoft Defender for Endpoint solution helped thwart a large-scale hacking campaign conducted by Akira ransomware operators, which Microsoft tracks as Storm-1567. The attack occurred in early June 2023 and was aimed at an industrial engineering organization. According to the company, its cyber defense solution can automatically block human-operated attacks such as ransomware without the need for additional capabilities.

US cybersecurity agency CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have warned organizations of potential widespread exploitation of a recent zero-day vulnerability in the Atlassian Confluence Data Center and Server.  Tracked as CVE-2023-22515 (CVSS score of 9.8), the bug has been exploited by a nation-state threat actor since September 14, roughly two weeks before Atlassian released patches for it.

Researchers at the University of Twente looked at whether a simulation of a cyberattack in an escape room could contribute to a greater awareness of cybersecurity. Healthcare facility employees participated in the study. The escape room was found to increase cybersecurity awareness among healthcare employees. For example, participants reported being more alert regarding phishing, installing software updates, and using strong passwords. Acute Zorg Euregio (AZE), a regional network of organizations involved in acute care, arranged the escape room.

According to research by the Mozilla Foundation, cars with Internet-connected features are quickly turning into data-harvesting machines that threaten privacy. Researchers analyzed the privacy policies of 25 car brands and discovered that they collect various types of customer data, such as facial expressions, how people drive, and more. They also discovered terms that enabled the disclosure of this information to third parties. They concluded that cars were "the official worst category of products for privacy" they had ever evaluated.

Researchers discovered a backdoor being used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor, dubbed "BLOODALCHEMY" by Elastic Security Labs researchers, targets x86 systems and is part of the REF5961 intrusion set recently adopted by a China-linked group. The tooling of REF5961 has been observed in a different espionage-focused attack against the Mongolian government. BLOODALCHEMY is the new backdoor used by the operators of REF5961.