Rapid7 cybersecurity researchers have issued a warning regarding the potential exploitation of a recently disclosed critical vulnerability in the Apache ActiveMQ, tracked as CVE-2023-46604, to launch the HelloKitty ransomware. Apache ActiveMQ is a Java-written open-source message broker software serving as a Message-Oriented Middleware (MOM) platform. ActiveMQ facilitates asynchronous communication and data exchange among various applications by providing messaging and communication capabilities.

New research on popular Artificial Intelligence (AI) image generators reveals that they could be hacked to create inappropriate and potentially harmful content. Although most online art generators claim to block violent, pornographic, and other forms of inappropriate content, Johns Hopkins University researchers were able to manipulate two of the most well-known systems to generate the type of images that the products' safeguards are supposed to prevent.

Non-privileged threat actors could exploit 34 different vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers in order to gain complete control of the devices and run arbitrary code on the underlying systems. According to Takahiro Haruyama, a senior threat researcher at VMware Carbon Black, a threat actor without privilege can erase or modify firmware and elevate operating system privileges by exploiting the drivers.

Researchers are bringing attention to a real issue that accompanies Artificial Intelligence (AI) technology, which is teaching it how to forget. According to scientists, 'Machine Unlearning' is an essential weapon against AI risks. They are helping to develop new methods for making AI models known as Deep Neural Networks (DNNs) forget data that poses a risk to society. The issue is that re-training AI programs to 'forget' data is expensive and time-consuming.

The Boeing Company has confirmed that a cyber incident, previously claimed by the LockBit ransomware gang, impacted some operations. The LockBit ransomware group claimed the cyber incident on its leak site on October 27. The company was given a deadline of six days to contact LockBit before the gang would publish all the data it had stolen in the alleged attack. However, Boeing was removed from LockBit's leak page sometime between October 30 and October 31.

Microsoft's decision to add support to Microsoft 365 for the SketchUp 3D Library in June 2022 seems to have resulted in the introduction of many vulnerabilities within its suite of cloud-based collaboration and productivity tools. ZScaler's ThreatLabz recently published a report on the security vendor's identification of up to 117 different vulnerabilities in Microsoft 365 via SketchUp. SketchUp is one of the most used of seven formats available to Microsoft 365 users to insert 3D files into Windows and Mac versions of Word, Excel, Outlook, and PowerPoint.

Threat actors are always finding new ways to deploy malicious packages on public registries for programming languages. They want to execute malware code when those packages are imported and used in projects. In an attack campaign that was recently identified on NuGet Gallery, the repository for .NET packages, malicious actors use the inline tasks feature of the MSBuild code building tool to execute malicious code.

The Forum of Incident Response and Security Teams (FIRST) has released the fourth version of the Common Vulnerability Scoring System (CVSS). CVSS is a standardized framework used to assess the severity of software security vulnerabilities. It is used to assign numerical scores or qualitative representations (e.g., low, medium, high, and critical) to vulnerabilities according to their susceptibility to exploitation, impact on confidentiality, and more.

MITRE ATT&CK v14 is the newest iteration of the popular investigation framework and knowledge base of cyberattackers' tactics and techniques. ATT&CK aims to classify and catalog cyber adversaries' behaviors in real-world attacks. The framework is constantly being modified to consider new behaviors related to attackers’ interactions with devices, systems, and networks.

A senior White House official announced on October 31 that 40 countries in an alliance led by the US plan to sign a pledge to never pay ransom to cybercriminals and to make an effort to eliminate the hackers' funding mechanism. The International Counter Ransomware Initiative is a response to the worldwide increase in ransomware attacks. Anne Neuberger, US deputy national security adviser for cyber and emerging technologies in the Biden administration, highlighted that the US is by far the most impacted with 46 percent of such attacks.