According to findings from KnowBe4's research, Human Resources (HR)-related topics are the most commonly used by hackers to facilitate phishing attacks. The strategy is not new, but it consistently results in successful attacks. Email phishing is still widely used by cybercriminals as it is still significantly effective. In the third quarter of this year, slightly more than half of phishing emails contained an HR-related subject line regarding dress code changes, training arrangements, and vacation updates.

The National Security Agency (NSA) has published a Cybersecurity Information Sheet (CSI) to help federal agencies, partners, and organizations assess devices within their systems and respond more effectively to threats. Transitioning to a zero trust security framework improves defenders' ability to protect sensitive data, systems, applications, and services from nation-state actors and malicious actors.

As part of a cyber espionage operation between August 2022 and May 2023, an updated version of a sophisticated backdoor framework called MATA was used in attacks against more than a dozen Eastern European oil and gas sector and defense industry companies. The threat actors behind the attack used spear-phishing emails to target several victims. Some were infected with Windows executable malware by downloading files. Researchers say each phishing document has an external link to fetch a remote page containing a CVE-2021-26411 exploit.

According to Jérôme Segura, Director of Threat Intelligence at Malwarebytes, people who have used Google to search for and download the KeePass password manager and the Notepad++ text editor may have been infected with malware. Malvertising through search engine ads is a threat that seems to never go away and is getting worse again, according to Malwarebytes. According to Segura, threat actors are effectively using evasion techniques that avoid ad verification checks and enable them to target specific types of victims.

Google recently announced improved protections against malware for all Android devices with Google Play Services in the form of real-time scanning at code level in Google Play Protect.  Google Play Protect scans over 100 billion applications daily to prevent malware and unwanted applications from reaching Android devices.  Google noted that once it identifies nefarious software, Google Play Protect can either send a warning, block an application’s installation, or completely disable the software.

The Ragnar Locker ransomware operation's Tor negotiation and data leak websites have been seized as part of an international law enforcement operation. Both websites now display a seizure message stating that many international law enforcement agencies from the US, Europe, Germany, France, Italy, Japan, Spain, the Netherlands, the Czech Republic, and Latvia participated in the operation. Ragnar Locker, also known as Ragnar_Locker and RagnarLocker, is one of the longest-running ransomware operations, having launched at the end of 2019 as it began targeting enterprises.

According to Microsoft, multiple North Korean threat actors have been observed exploiting a recent vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server.  Tracked as CVE-2023-42793, the critical severity flaw allows unauthenticated attackers to execute code remotely on vulnerable on-premises TeamCity instances and gain administrator-level permissions.  JetBrains released patches for the bug on September 21, with the first in-the-wild exploitation attempts reported only one week later.

New research reveals that Artificial Intelligence (AI)-driven chatbots such as ChatGPT can infer a great deal of sensitive information about the people they are chatting with. The phenomenon stems from how the models' algorithms are trained using broad swathes of web content, a crucial aspect of their functionality, making it difficult to prevent. Martin Vechev, a computer science professor at ETH Zürich in Switzerland who led the research, says that it is unclear how to solve this issue.

The North Korea-leaked Lazarus Group, also known as Hidden Cobra or TEMP.Hermit, has been observed using trojanized Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers in the ongoing Operation Dream Job campaign. The campaign involves tricking job seekers on social media into downloading malicious apps for fake job interviews. These backdoored apps operate discretely to avoid detection by behavior-based security solutions, activating only when the user selects a server from the drop-down menu of the trojanized VNC client.

The National Security Agency (NSA) and its US partners have published a new report describing phishing attack techniques and the defenses that organizations can implement to combat them. The Cybersecurity Information Sheet (CSI) titled "Phishing Guidance: Stopping the Attack Cycle at Phase One" delves into cybersecurity controls to reduce phishing attacks. The CSI goes over how to protect against login credential phishing and malware-based phishing, as well as remediation steps for successful phishing activity.