The US Environmental Protection Agency (EPA) recently withdrew cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations.  The EPA announced in March that it would require states to report on cybersecurity threats in their public water system audits.  Soon after the new cybersecurity requirements were announced, the attorney generals of Missouri, Arkansas, and Iowa took legal action to challenge the EPA’s memo, arguing that meeting the new requirements would put a significant financial burden on small towns.

The European Telecommunications Standards Institute (ETSI) is considering open-sourcing the proprietary encryption algorithms used to secure emergency radio communications in response to the public backlash caused by the discovery of security vulnerabilities this summer. Claire Boyer, a spokesperson for the European standards body, announced that the ETSI Technical Committee responsible for the Terrestrial Trunked Radio (TETRA) algorithms is discussing whether or not to make them public.

According to a new study conducted by the National Institutes of Health Clinical Center (NIH CC), locally run Large Language Models (LLMs) may be a feasible option for extracting data from text-based radiology reports while protecting patient privacy. ChatGPT and GPT-4, two recently released LLM models, have garnered much attention but are incompatible with healthcare data due to privacy constraints. This article continues to discuss the research on locally run LLMs being a workable option for extracting data from text-based radiology reports while preserving patient privacy.

AT&T warns of a new trend of malicious QR codes being embedded in phishing attempts. Some users recently received an email from Microsoft with an attached PDF file containing a QR code and an urgent message instructing users to enable multi-factor authentication (MFA). After scanning the QR code, users were redirected to a fake Microsoft sign-in page where they entered their username and password. Once entered, their legitimate login credentials were then stored and made available to the threat actor.

A recent study by Princeton University, Virginia Tech, and IBM Research reveals that fine-tuning Large Language Models (LLMs) can weaken the safety measures designed to prevent the models from generating harmful content such as malware, illegal activity, and child abuse content. As LLMs continue to evolve, businesses are becoming increasingly interested in fine-tuning these models for custom applications. LLM providers offering features and easy-to-use tools for customizing models for specific applications fuel this trend.

The maximum severity vulnerability in unpatched WS_FTP servers from Progress Software has been exploited in ransomware attacks. According to Sophos X-Ops, not all servers have been patched despite Progress Software releasing a fix for the vulnerability last month. Researchers say that the ransomware actors, self-described as the Reichsadler Cybercrime Group, attempted unsuccessfully to deploy ransomware payloads created with a LockBit 3.0 builder reportedly stolen in September 2022. This article continues to discuss the targeting of WS_FTP servers in ransomware attacks.

Due to the threat posed by Harvest Now, Decrypt Later (HNDL), data transmission itself is inherently vulnerable. To protect data from risks of the future, organizations must take proactive steps to secure data against quantum risks. In the HNDL strategy, malicious actors collect and store encrypted data to decrypt it later, either by capitalizing on technological advances and new cryptographic attacks or by using future quantum computers that can break our current encryption standards. This article continues to discuss the HNDL strategy. 

A threat actor has been compromising Skype and Microsoft Teams accounts to distribute DarkGate, a loader associated with information theft, keylogging, cryptocurrency mining, and Black Basta ransomware. According to Trend Micro researchers, 41 percent of the campaign targets are organizations in the Americas. Trend Micro noted that its researchers had observed the developer of DarkGate advertising the malware on underground forums and renting it out to affiliated threat actors as Malware-as-a-Service.

Networking equipment manufacturer Juniper Networks recently announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws.  The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges.  Tracked as CVE-2023-44194 (CVSS score of 8.4), the company noted that the flaw exists because a specific system directory has improper permissions associated with it.

In order to infect developers with the SeroXen Remote Access Trojan (RAT), malicious NuGet packages with over 2 million downloads impersonate cryptocurrency wallets, cryptocurrency exchanges, and Discord libraries. NuGet is an open-source package manager and software distribution system operating package hosting servers so users can download and use them for development projects. Researchers at Phylum discovered the malicious packages uploaded to NuGet by a user named 'Disti' and published a report warning of the threat. This article continues to discuss the malicious NuGet packages.