Cloud monitoring, log management, and SIEM tools provider Sumo Logic recently discovered a security breach and is urging customers to change credentials.  The company revealed on Tuesday that a "potential security incident" found on November 3 involved unauthorized access to a Sumo Logic AWS account through the use of compromised credentials.  The company noted that there is no indication that the company's systems, networks, or customer data have been impacted.

Jupyter infostealer infections have increased, mostly targeting organizations in the education and healthcare sectors. According to a new report from VMware's Carbon Black Threat Analysis Unit, there has been a surge in new incidents involving the malware, which was first discovered in late 2020. The malware enables hackers to steal credentials and exfiltrate data. It has evolved to target Chrome, Edge, and Firefox browsers, and the hackers who use it have also used search engines to trick people into downloading malicious files containing the malware.

MITRE and Microsoft have enhanced MITRE ATLAS (Adversarial Threat Landscape for Artificial Intelligence Systems), a community knowledge base that security professionals, Artificial Intelligence (AI) developers, and AI operators can use in the protection of AI-enabled systems. MITRE ATLAS now focuses more on generative AI vulnerabilities to catalyze secure AI use. This new framework update, as well as the accompanying new case studies, directly address the unique vulnerabilities of systems involving generative AI and Large Language Models (LLMs).

Those responsible for managing software systems must think about third-party software dependencies and risks in new ways and team up with business experts to develop new techniques for identifying and handling potential risks. A Software Bill of Materials (SBOM) can help with these tasks. Carnegie Mellon University Software Engineering Institute (SEI) researchers have highlighted their work on building upon SEI's Acquisition Security Framework for Supply Chain Risk Management (SCRM) and tailoring it for third-party software management. Their work resulted in the SEI SBOM Framework.

Researchers at the University of Bonn are working on a platform that prevents Internet fraud and complies with data protection laws. The University of Bonn researchers are collaborating with the Leibniz Institute for Information Infrastructure (FIZ) in Karlsruhe and the University of Duisburg-Essen to create an online platform that provides better protection against identity data misuse for both consumers and merchants. The DARIA research project focuses on data protection-compliant information fusion and risk assessment to prevent identity fraud and limit non-payment risk.

A team from the University of Central Florida won first place in this year's CyberForce Competition hosted by the Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and supported by DOE's Argonne National Laboratory (ANL) and several other national laboratories. During the all-day event, students from universities and colleges across the US dealt with real-world cybersecurity issues involving distributed energy resources like solar panels and wind turbines.

The Royal Mail postal service and courier company in the UK had an open redirect vulnerability on one of its websites, exposing its customers to phishing attacks and malware infections. The company made headlines earlier this year when it refused to pay LockBit's $80 million ransom. The ransomware attack by a Russia-linked group disrupted Royal Mail, and it was temporarily unable to ship items overseas.

Microsoft has recently introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage.  Microsoft Authenticator is an app that provides multi-factor authentication, password auto-fill, and password-less sign-in to Microsoft accounts.  The Authenticator app sends a push notification to the user’s device to grant or deny access.

A hacking group backed by the North Korean government is targeting financial institutions with malware that affects macOS. According to Jamf researchers, an Advanced Persistent Threat (APT) group known as BlueNoroff is launching financially motivated attacks against cryptocurrency exchanges, venture capital firms, and banks. BlueNoroff APT hackers are considered a subgroup of Lazarus, the North Korea-based government hackers. The latest campaign, which Jamf Threat Labs researchers linked to a previous campaign dubbed Rustbucket, involves malware capable of exploiting Mac devices.

Since January 2023, the Iran-linked Agonizing Serpens group, also known as Agrius, BlackShadow, Pink Sandstorm, and DEV-0022, has been launching destructive cyberattacks against Israeli organizations in the higher education and technology sectors. According to Palo Alto Networks' Unit 42 researchers, the threat actors first try to steal sensitive data such as Personally Identifiable Information (PII) and Intellectual Property (IP) and then use various wipers to cover their tracks.