A novel cloud-native cryptojacking operation has targeted Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to mine cryptocurrency. Sysdig has given the malicious cyber activity the codename AMBERSQUID. The AMBERSQUID operation exploited cloud services without triggering the AWS requirement for approval of additional resources, as would have been the case if they had only spammed EC2 instances, according to Alessandro Brucato, a security researcher at Sysdig.

The "ncurses" programming library contains multiple memory corruption vulnerabilities that allow attackers to target applications running in macOS, Linux, and FreeBSD. Microsoft researchers discovered the vulnerabilities in the library that provides Application Programming Interfaces (APIs) for text-based user interfaces and terminal applications. Researchers from the company's threat intelligence team described the vulnerabilities in a technical report as enabling data leaks, privilege escalation, and arbitrary code execution.

The BlackCat (ALPHV) ransomware group encrypts Azure cloud storage using stolen Microsoft accounts and the recently discovered Sphynx encryptor. Sophos X-Ops incident responders found that the attackers used a new Sphynx variant with added support for using custom credentials. After gaining access to the Sophos Central account with a stolen One-Time Password (OTP), the attackers disabled Tamper Protection and modified security policies. These actions were possible after stealing the OTP from the victim's LastPass vault through the LastPass Chrome extension.

Three high-severity Kubernetes vulnerabilities, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, could enable attackers to remotely execute code and take control of all Windows nodes in the Kubernetes cluster. The three flaws impact all Kubernetes versions before 1.28. The Kubernetes team released updated versions at the end of August. If administrators are unable to upgrade to a patched version, Akamai has provided alternative mitigation steps. This article continues to discuss the potential exploitation and impact of the three high-severity Kubernetes vulnerabilities.

Machine Learning (ML) has changed how computer-related tasks are considered and performed. Its ability to identify patterns and process massive amounts of data lends itself to many applications. When it comes to malware detection, ML has streamlined a once daunting process, allowing antivirus software to detect potential attacks more efficiently and with a higher success rate. Antivirus software previously relied on knowledge of earlier attacks, comparing program code to a list of known malicious binaries to determine which programs may be harmful.

Federated learning has garnered attention for its potential to bolster privacy, security, and efficacy across multiple industries. This technique is sometimes subjected to "critical learning" to improve its quality and robustness. However, during these times, external actors have the opportunity to initiate precise and damaging attacks.

The weaponization of generative Artificial Intelligence (AI) tools, such as ChatGPT, is taking shape. In online communities, threat actors are collaborating on new methods to circumvent ChatGPT's ethics rules, also known as "jailbreaking." Hackers are building a network of new tools to exploit or create Large Language Models (LLMs) for malicious purposes. It appears that ChatGPT has sparked a frenzy among cybercriminal forums. Since December, hackers have been looking for new and inventive ways to maliciously manipulate ChatGPT and open-source LLMs.

MetaStealer, a new malware designed to steal information from Intel-based macOS computers, has been discovered in the wild. MetaStealer, not to be confused with the 'META' information stealer malware that gained popularity last year, is a Go-based malware capable of evading Apple's built-in antivirus technology XProtect. SentinelOne reports that it has been tracking the malware for the past few months and has observed a strange social engineering component in its distribution.

3AM is a new ransomware family that was detected in a single incident where an unidentified affiliate attempted to deliver LockBit, attributed to Bitwise Spider or Syrphid, to the target network but failed. According to the Symantec Threat Hunter Team, 3AM is written in Rust and appears to be a brand-new malware family. Before encrypting files, the ransomware tries to disable multiple services on the infected computer. Once encryption is complete, Volume Shadow (VSS) copies are deleted. The new ransomware family's name derives from its ransom note.

A threat actor known for providing ransomware groups with initial access to enterprise systems has used Microsoft Teams to phish employees. According to Microsoft threat researchers, Storm-0324 likely relies on the publicly available TeamsPhisher tool for this activity. Storm-0324 is a temporary name designated by Microsoft to this threat actor, suggesting that the company is still not highly confident about the origin or identity of the actor behind the operation.