Microsoft has recently introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage.  Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.  The Authenticator app sends a push notification to the user’s device to grant or deny access.

A hacking group backed by the North Korean government is targeting financial institutions with malware that affects macOS. According to Jamf researchers, an Advanced Persistent Threat (APT) group known as BlueNoroff is launching financially motivated attacks against cryptocurrency exchanges, venture capital firms, and banks. BlueNoroff APT hackers are considered a subgroup of Lazarus, the North Korea-based government hackers. The latest campaign, which Jamf Threat Labs researchers linked to a previous campaign dubbed Rustbucket, involves malware capable of exploiting Mac devices.

Since January 2023, the Iran-linked Agonizing Serpens group, also known as Agrius, BlackShadow, Pink Sandstorm, and DEV-0022, has been launching destructive cyberattacks against Israeli organizations in the higher education and technology sectors. According to Palo Alto Networks' Unit 42 researchers, the threat actors first try to steal sensitive data such as Personally Identifiable Information (PII) and Intellectual Property (IP) and then use various wipers to cover their tracks.

According to security researchers at Juniper Research, the volume of global roaming fraud traffic is set to increase by a staggering 700% over the coming five years as scammers look to tap a growing market.  In the new study, the researchers assessed the size of the global roaming market across data, IoT, SMS, and voice and estimated operator losses due to fraud.  The researchers also evaluated the readiness of 60 countries to combat these emerging fraud techniques and their adoption of roaming fraud mitigation solutions and assessed 14 solutions currently on the market.

Viktor Markopoulos, a CloudDefense.ai security researcher, discovered millions of Chinese citizen identity numbers leaking online after an e-commerce store left its database exposed on the Internet. According to Markopoulos, the database belongs to Zhefengle, a China-based e-commerce store used to import goods from other countries. Markopoulos found that the database contained over 3.3 million orders from 2015 to 2020 but was not password protected. The order database included customer shipping addresses, phone numbers, and the customers' government-issued resident identity card numbers.

Attackers are exploiting the recently patched critical Atlassian Confluence authentication bypass flaw to encrypt victims' files in Cerber ransomware attacks. According to Atlassian, the bug, which is tracked as CVE-2023-22518, is an improper authorization vulnerability. It impacts all versions of the Confluence Data Center and Confluence Server software.

SideCopy, a Pakistan-linked threat actor, has been using the recent WinRAR security vulnerability in its attacks against Indian government entities to deliver various Remote Access Trojans (RATs) such as AllaKore RAT, Ares RAT, and DRat. The enterprise security company SEQRITE describes the campaign as multi-platform. The attacks are also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy has been active since at least 2019, and is known for its attacks on Indian and Afghan entities.

According to Quantum Xchange, cryptography is often taken for granted because it is rarely evaluated or checked, which could have disastrous consequences for businesses as attack surfaces expand, the cost of a data breach rises, and the age of quantum computing approaches. After examining over 200 terabytes of network traffic, or the total sum of all packets, for all connections, between all pairs, it was discovered that up to 80 percent had some defeatable flaw in its encryption, with 61 percent of the traffic being unencrypted.

The Allied Pilots Association (APA) says it has made progress in restoring its systems after falling victim to a file-encrypting ransomware attack last week.  The American Airlines pilot union says the incident occurred on October 30 and resulted in certain systems being encrypted.  The restoration efforts, APA said, would focus on pilot-facing products and tools, with full operations expected to be restored later.  Over the weekend, the organization announced that it had restored most functionality, including access to the alliedpilots.org website.

The Gootloader Group is using GootBot, a new destructive post-compromise tool that spreads bots throughout enterprise environments following infiltration. According to researchers with the IBM X-Force threat intelligence group, Gootloader has been active since 2014 and uses Search Engine Optimization (SEO) poisoning to trick victims into downloading infected business document templates for initial compromise.