Researchers discovered a backdoor being used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor, dubbed "BLOODALCHEMY" by Elastic Security Labs researchers, targets x86 systems and is part of the REF5961 intrusion set recently adopted by a China-linked group. The tooling of REF5961 has been observed in a different espionage-focused attack against the Mongolian government. BLOODALCHEMY is the new backdoor used by the operators of REF5961.

The Fast Identity Online (FIDO) Alliance and LastPass surveyed 1,005 Information Technology (IT) decision-makers, finding that 89 percent expect their organizations to use passwords for less than 25 percent of logins within five years. The survey discovered that 95 percent already offer passwordless access at their organization. Ninety-two percent plan to more widely adopt passwordless technologies. According to Mike Kosak, senior principal intelligence analyst at LastPass, there are multiple reasons for eliminating passwords.

Keyfactor reports that 97 percent of organizations are having difficulties securing their Internet of Things (IoT) and connected products. A survey conducted by Keyfactor also revealed that 98 percent of organizations faced certificate outages in the past 12 months, which cost more than $2.25 million on average. According to the report, 89 percent of organizations operating and using IoT and connected products were victims of cyberattacks, costing an average of $250,000.

According to a warning from the US Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3), NoEscape, a triple-extortion ransomware threat group believed to have stemmed from the now defunct Russian-speaking gang Avaddon, is targeting the Healthcare and Public Health (HPH) sector. Since its discovery in May of this year, NoEscape, a Ransomware-as-a-Service (RaaS) group, has targeted various industries.

A new variant of the RomCom backdoor was used against Women Political Leaders (WPL) Summit participants. The conference is focused on gender equality and women in politics. The campaign involved a fake website mimicking the official WPL portal. A Trend Micro report analyzing the new variant warns that its operators, tacked as Void Rabisu, have been using a stealthier backdoor and a new TLS-enforcement technique in the command-and-control (C2) communications to make discovery more difficult.

According to security researchers at Sophos X-Ops' unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  The researchers noted that despite Progress Software releasing a patch for the WS_FTP Server vulnerability (tracked CVE-2023-40044) just last month, not all servers have been updated, leaving them vulnerable to exploitation.  The researchers saw an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group.

SpyNote, an Android banking Trojan, has been examined to expose its diverse information-gathering capabilities. According to F-Secure, attack chains involving the spyware typically spread via SMS phishing campaigns and trick potential victims into installing the app by clicking on the embedded link. In addition to requesting invasive permissions to access call records, camera, SMS messages, and external storage, SpyNote hides its presence from the Android home screen and Recents screen in an effort to make detection difficult.

Using X's (formerly known as Twitter) newly implemented verification system, fraudsters are impersonating brands and stealing personal information. The blue checkmark was designated for verified companies and influencers. However, following the acquisition of the microblogging giant and a period of declining users and revenue, Elon Musk changed the rules, allowing anyone to obtain one for a monthly fee. The site's new, lenient approach to authentication has made it easier for scammers to operate.

In the wake of the Israel-Gaza conflict, researchers at Cloudflare have observed threat actors targeting Israeli rocket alerting applications to spread fear and mobile spyware.  The researchers noted that with thousands of rockets launched since Hamas attacked Israel on October 7, individuals in Israel rely on several mobile applications to receive timely alerts about incoming airstrikes and seek safety.  Pro-Palestinian hacktivist group AnonGhost claimed to have targeted various such applications, succeeding in compromising at least one.