Security researchers at Patchstack have discovered a new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below).  With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet.  The researchers noted that the vulnerability has been assigned CVE-2023-45603.  According to the researchers, this plugin suffers from an unauthenticated arbitrary file upload vulnerability.

Through the exploitation of Internet-accessible and vulnerable Operational Technology (OT) assets, cyber actors have demonstrated their continued determination to conduct malicious cyber activity against critical infrastructure. Therefore, the National Security Agency (NSA) has released a repository for OT Intrusion Detection Signatures and Analytics on the NSA Cyber GitHub to counter this threat.

Many ransomware incidents are perpetrated by threat actors exploiting known Common Vulnerabilities and Exposures (CVEs). However, many organizations may not know that a vulnerability used by ransomware threat actors is on their network. As required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, the Cybersecurity and Infrastructure Security Agency (CISA) established the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 to help organizations overcome this blind spot. CISA has announced the addition of new resources to the RVWP.

Shadow PC, a provider of high-end cloud computing services, is alerting its customers of a data breach that exposed private information for over 500,000 customers. A threat actor claims to be selling the stolen data. Shadow PC is a cloud gaming service that provides users with high-end Windows PCs streamed to their local devices, enabling them to play demanding games on a virtual computer. As a result of a successful social engineering attack on its employees, the company has begun sending data breach notifications.

In what researchers believe is a significant transition, the Everest ransomware group is intensifying its efforts to purchase access to corporate networks from employees. Everest noted on its dark web victim blog that those who help in its initial intrusion will receive a "good percentage" of the profits from successful attacks. In addition, the group pledged to provide collaborators with "full transparency" regarding each operation's nature and confidentiality regarding their role in the attack.

The threat actors behind ShellBot, also known as PerlBot, are using IP addresses transformed into its hexadecimal notation in order to compromise inadequately managed Linux SSH servers and launch the Distributed Denial-of-Service (DDoS) malware. According to the AhnLab Security Emergency Response Center (ASEC), the download URL used by the threat actor to install ShellBot has changed from a standard IP address to a hexadecimal value.

According to the Identity Theft Resource Center (ITRC), there were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst year on record with a whole quarter left to go.  The non-profit, which tracks publicly reported breaches in the US, said there were 733 “data compromises” in Q3 2023, a 22% decline from the previous quarter.  However, despite the relative slump, this was enough to drag the total for the year past the previous all-time high of 1862 set in 2021.

Chinese Advanced Persistent Threats (APTs) have been known to be sophisticated, but the ToddyCat group is defying this trend by compromising telecommunications organizations in Central and Southeast Asia with a constantly evolving arsenal of custom but basic backdoors and loaders. ToddyCat was discovered in 2022, but has been active since at least 2020. According to Check Point, it has been involved in Chinese espionage operations. Check Point's researchers say the group stays active by quickly deploying and discarding inexpensive malware used to deliver its payloads.

According to Entelgy, there is potential for human bodies to be hacked because anyone can implant a chip under their skin, and these devices do not typically use secure technologies. Even though biohacking has been discussed for more than a decade, implantable technologies are still considered primitive. Therefore, a potential cyberattack against them should not have significant effects. However, this is not the case with implantable medical devices, where a breach can cause severe harm to a patient's health.

The U.S. Space Force has recently paused using web-based generative artificial intelligence tools like ChatGPT for its workforce over data security concerns.  A recent memo dated September 29 said that the Space Force prohibits personnel from using such AI tools, including large-language models, on government computers until they receive formal approval from the force's Chief Technology and Innovation Office.