Quasar RAT, also known as CinaRAT or Yggdrasil, is an open-source Remote Access Trojan (RAT) that has been using DLL side-loading to avoid detection and stealthily steal data from compromised Windows hosts. According to researchers at Uptycs, this technique exploits the inherent trust that these files command within the Windows environment. They detailed the malware's reliance on ctfmon.exe and calc.exe in the attack chain. Quasar RAT is a C#-based remote administration tool.

The US energy services company BHI Energy has detailed how the Akira ransomware operation breached its network and stole data. BHI Energy is an engineering services and staffing solutions provider that supports private and government-operated oil and gas, nuclear, wind, solar, and fossil power generation units, as well as electricity transmission and distribution facilities. In a data breach notification sent to affected people by BHI Energy, the company describes in detail how the Akira ransomware group breached its network on May 30, 2023.

The FBI and Department of Justice (DoJ) have recently announced that thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program.  The DoJ noted that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs.  The money they earned was funneled to the North Korean weapons program.

Eight recently discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM), including three of critical severity, could allow attackers to gain access to unpatched systems with the highest levels of privilege. SolarWinds occupies a sensitive position in corporate networks as a comprehensive Information Technology (IT) management platform. Administrators use the ARM tool to provision, manage, and audit user access rights to data, files, and systems. This tool exemplifies the platform's ability to oversee and impact critical corporate network components.

Cisco has released the first fixes for the IOS XE zero-day vulnerability, tracked as CVE-2023-20198, which attackers exploited to deliver a malicious implant. The fixes were recently made available, but several cybersecurity companies and organizations observed a significant decrease in the number of Internet-facing Cisco devices infected with the implant. Several theories have been proposed regarding the cause of this change, but the real reason remains unclear.

A research team in the US has developed a novel hardware accelerator prototype for edge devices that can encrypt cloud-sent and -received messages with 1,000 to 6,000 times the energy efficiency of a standard RISC-V processor. Their proposed method is called RISE. Smartphones, Internet of Things (IoT) sensors, wearable devices, and other edge devices typically have limited computational capabilities and memory, requiring frequent data transmission to the cloud for processing. However, the data exchange between edge devices and the cloud poses security and privacy risks.

Identity and access management (IAM) specialist Okta has recently found itself on the receiving end of another security breach after a threat actor was able to access a stolen credential.  Okta said an adversary used the credential to access its support case management system.  The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.  The company noted that it should known that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.

A team of digital security researchers at the University of Wisconsin-Madison discovered that some widely used websites are vulnerable to browser extensions capable of extracting sensitive information from HTML code, including passwords, credit card numbers, and social security numbers. About 15 percent of the more than 7,000 websites examined by the researchers retain sensitive information as plain text in their HTML source code.

The International Criminal Court (ICC) has recently revealed that a September cyberattack on its IT systems was a highly targeted espionage attempt, although attribution thus far remains elusive.  The ICC noted that based on the forensic analysis carried out, the court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organizations, and states.  Should evidence be found that specific data entrusted to the court has been compromised, those affected would be contacted immediately and directly by the court.

Polytechnique Montréal has announced a cybersecurity project to prevent insider threats. Through the Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2), experts from Polytechnique Montréal, HEC Montréal, and Université de Montréal will develop a solution for this issue. Every employee, consultant, and third party with access to a company's computer systems represents a potential entry point for a cyberattack or intrusion. Whether malicious, careless, or simply unaware, these users increasingly serve as the entry point for cybercriminals.