Japan's Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting ransomware attacks. Their tips are based on entries in Windows Event Logs, supporting timely detection of attacks. According to JPCERT/CC, the technique can be useful when responding to ransomware attacks, as identifying the attack vector is critical for timely mitigation. JPCERT/CC's investigation strategy includes four types of Windows Event Logs: application, security, system, and setup logs.

According to Der Spiegel, the North Korea-linked Advanced Persistent Threat (APT) "Kimsuky" infiltrated Diehl Defence, a German company that makes Iris-T air defense systems. They did so through a phishing campaign involving fake job offers and advanced social engineering methods. The Kimsuky APT used booby-trapped PDF files and spear-phishing lures to offer Diehl Defence employees jobs with American defense contractors. This article continues to discuss the targeting of Diehl Defence by Kimsuky hackers.

Researchers at Embry-Riddle Aeronautical University are developing systems to detect cyberattacks on drones and other networks by imitating how ants locate intruders in their colonies. Dr. Bryan Watson and his team at Embry-Riddle Aeronautical University's Biologically Inspired Design-for-Resilience Lab (BID4R) are creating mathematical models of ant behavior for use in networked systems, such as those including drones and household appliances. This article continues to discuss the study on ant behavior to inform network protection.

Xinyue Zhang of Kennesaw State University is delving into the intersection of Artificial Intelligence (AI) and cybersecurity. She is working on developing secure AI models that protect personal information and reduce energy costs. Her research is focused on federated learning, which enables AI models to work across multiple devices without sharing data, and NextG networks, the next generation of wireless technology that provides faster and more reliable connections. She wants to develop a federated learning system that addresses specific vulnerabilities faced by current systems.

In a study titled "Detection of Deepfake Environmental Audio," a team of researchers analyzed errors made by the first deep neural network detector developed to automatically classify environmental sounds as real or Artificial Intelligence (AI)-generated. AI-generated deepfakes are getting increasingly more difficult to spot as fake, thus calling for better detection solutions. This article continues to discuss the study "Detection of Deepfake Environmental Audio."

A recently discovered vulnerability in the NVIDIA Container Toolkit could enable attackers to break out of containerized environments, access sensitive data, and compromise systems. According to Wiz researchers, the vulnerability impacts both cloud-based and on-premises Artificial Intelligence (AI) applications that use NVIDIA's toolkit. The toolkit is widely used for GPU support in containers. Researchers warn that this vulnerability puts organizations at risk of data breaches, customer information exposure, and more.

The US Cybersecurity and Infrastructure Security Agency (CISA) reports that SAP Commerce, Gpac framework, and D-Link DIR-820 routers are being exploited using old vulnerabilities. The oldest flaw, tracked as CVE-2019-0344 with a CVSS score of 9.8, enables attackers to execute arbitrary code on a vulnerable system with Hybris user rights. It is an unsafe deserialization issue in SAP Commerce Cloud's "virtualjdbc" extension. Hybris is a Customer Relationship Management (CRM) tool deeply integrated into the SAP cloud ecosystem.

The group, known as "Storm-0501," targets schools, hospitals, and other vulnerable organizations for financial gain. Microsoft Threat Intelligence reports that Storm-0501 has been affiliated with various Ransomware-as-a-Service (RaaS) strains such as "BlackCat/ALPHV," "LockBit," and "Embargo." The ransomware group has now changed tactics as it now exploits hybrid cloud environments with weak passwords and overprivileged accounts instead of just buying initial access from brokers.

Over the past year, more than 140,000 phishing websites have been linked to the "Sniper Dz" Phishing-as-a-Service (PhaaS) platform. According to Palo Alto Networks' Unit 42 researchers, Sniper Dz has an online admin panel with phishing pages. Phishers can host these pages on Sniper Dz's infrastructure or download templates to host on their own servers. This article continues to discuss findings regarding the Sniper Dz PhaaS.

Texas healthcare provider UMC Health System diverted patients for several days after taking IT systems offline following a ransomware attack.  UMC disclosed the incident on September 27, when it announced that emergency and non-emergency patients via ambulance were being diverted to nearby hospitals.  On Monday, the hospital announced that sustained efforts over the weekend allowed it to restore some of the affected services and that only a select number of patients were being diverted.