Budget hotel chain Motel One Group recently announced that some customer information and credit card data was stolen in a recent ransomware attack.  The company claimed that the hackers accessed the hotel operator’s internal systems and attempted to deploy file-encrypting ransomware but were only partially successful.  According to the hotel chain’s initial assessment, the attackers accessed information related to customers’ addresses, along with “150 credit card details”.  The company noted that the affected cardholders have already been informed personally.

A vulnerability, tracked as CVE-2023-4211, in the kernel drivers for several Mali GPUs "may be under limited, targeted exploitation," the British semiconductor manufacturer Arm confirmed when it released drivers updated with patches. Arm's Mali GPUs are used in various devices, most notably in Android smartphones from Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and others. The vulnerability is caused by improper GPU memory processing and enables a local non-privileged user to access already freed memory. It impacts kernel drivers for various Arm GPUs.

A phishing campaign that spreads cyber espionage malware is aimed at users in the Middle East. The campaign is conducted by the Advanced Persistent Threat (APT) tracked as APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy. The APT uses a tool that researchers have dubbed "Menorah." This malware can identify the target's machine, access and upload files, and download additional files and malware. According to Trend Micro, the document used in the attack contains pricing information in Saudi Riyal, suggesting that at least one of the victims is in Saudi Arabia.

According to researchers, the average time it takes threat actors to exploit vulnerabilities before or after their public disclosure continues to decrease. Researchers at Mandiant analyzed 246 vulnerabilities disclosed in 2021 and 2022, tracked as "exploited in the wild." They discovered that the overall average time-to-exploit (TTE) is decreasing, with exploitation likely to happen before the end of the first month following the release of a patch. This is a trend that has continued over the past few years. Between 2018 and 2019, the average TTE was 63 days.

Integrating Machine Learning (ML) technologies into different security aspects has brought a new era of proactive threat detection, risk mitigation, and improved decision-making processes. From cybersecurity to physical security, ML technologies have proven to be significantly helpful for protecting individuals, organizations, and societies from evolving threats. The introduction of ML technologies has revolutionized the approach to security across various domains. This technology promises dynamic and adaptable security solutions that can address both known and emerging threats.

According to researchers, thousands of servers running the Exim mail transfer agent are vulnerable to attacks involving the exploitation of critical vulnerabilities that enable remote execution of malicious code with little or no user interaction. Exim is an open-source mail transfer agent used by as many as 253,000 servers on the Internet. Zero Day Initiative disclosed the vulnerabilities but they escaped much notice until recently when they surfaced in a security mailing list.

Researchers suspect the mass exploitation of vulnerabilities in Progress Software's WS_FTP Server. Researchers at Rapid7 first observed evidence of exploitation across multiple instances of WS_FTP on September 30. Progress recently released fixes for eight vulnerabilities in WS_FTP, including one with a CVSS severity rating of 10. The company said that there was no evidence of exploitation at the time. Researchers did not specify which vulnerabilities were being exploited, but it appeared that "one or more" of the eight vulnerabilities detailed in Progress' advisory were being targeted.

A nonprofit organization that develops communications standards reported that hackers stole a database containing user information. The European Telecommunications Standards Institute (ETSI) disclosed the incident last week. It is currently unclear whether the attack was motivated by financial gain or whether the hackers intended to acquire the user list for espionage purposes. Following the incident, ETSI called on France's cybersecurity agency ANSSI to investigate and restore the affected information systems.

The potential for cybercriminals to use AI chatbots to create phishing campaigns has been cause for concern, and now security researchers at Egress have found that it is almost impossible to detect AI-generated phishing emails.  The researchers noted that AI detectors cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four (71.4%).  The researchers stated that the reason for this is due to how AI detectors work.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that its security advisories for Industrial Control Systems (ICS), Operational Technology (OT), and medical devices now include the OASIS Common Security Advisory Framework (CSAF) Version 2.0 standard to transform the vulnerability management landscape. In the current risk environment, it is difficult for organizations to manage the increasing number and complexity of new vulnerabilities.