According to the Cybersecurity and Infrastructure Security Agency (CISA), a critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild.  CISA added the bug to its long list of Known Exploited Vulnerabilities (KEV) on September 24, with federal agencies given until October 15 to patch it.  However, Ivanti has yet to update its security advisory to reflect the new information.

The US House Homeland Security Committee Republicans have recently unveiled a new bill aimed at addressing the growing cyber threats posed by state-sponsored Chinese actors targeting US critical infrastructure.  The legislation established an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.  The task force will focus on countering malicious cyber activity from the Chinese Communist Party (CCP), including advanced persistent threats (APTs) like Volt Typhoon.

A security researcher recently launched a project with the goal of showing that physical access control vulnerabilities still impact many organizations. The researcher noted that he documented nearly 40 instances of buildings that last year had hackable door controllers. He is now going through all the findings again to determine which of the buildings are still vulnerable, considering that more than a year has passed.

HP intercepted an email campaign involving a standard malware payload delivered via an Artificial Intelligence (AI)-generated dropper. The application of Generative AI (GenAI) on the dropper is a significant step towards novel AI-generated malware payloads. The company found an invoice-themed phishing email with an encrypted HTML attachment in June 2024. Phishers typically send targets a ready-encrypted archive file. However, in this case, the attacker implemented the AES decryption key in JavaScript in the attachment, which is uncommon.

Mobile banking users worldwide are at risk from "Octo2," a new, advanced "Octo" malware variant. ThreatFabric analysts say Octo malware is one of the most widespread mobile threats in recent years. Octo2's advanced remote access and evasion features make it harder for security systems to detect. Its main enhancements involve increasing remote access stability, a critical feature in device takeover attacks. This article continues to discuss findings regarding the Octo2 malware variant.

The cyber espionage malware called "RomCom," which targeted the Ukraine military and its supporters last year, has returned with a new variant. It uses valid code-signing certificates to evade detection. Attackers can execute commands and download more malicious files in a multi-stage attack. The variant, dubbed "SnipBot" by researchers at Palo Alto's Unit 42, has been spreading since December. The malware, based on RomCom 3.0., also shares techniques seen in RomCom 4.0, thus making it the fifth version of the original RomCom Remote Access Trojan (RAT) family.

An infostealer malware operation spanning 30 campaigns targeting different demographics and system platforms has been attributed to "Marko Polo," a cybercriminal group. The threat actors spread 50 malware payloads, including "AMOS," "Stealc," and "Rhadamanthys," via malvertising, spearphishing, and brand impersonation. According to Recorded Future's Insikt Group, the malware campaign has affected thousands, potentially resulting in millions of dollars in losses. This article continues to discuss new findings regarding the Marko Polo malware operation.

The cybersecurity community started warning about remote hacker attacks on Automatic Tank Gauge (ATG) systems nearly a decade ago, but critical vulnerabilities remain. ATG systems are widely deployed in gas stations, monitoring the parameters in a storage tank, including volume, pressure, and temperature. In 2015, some cybersecurity companies found that ATGs could be remotely hacked, warning that honeypot data revealed hackers had targeted these devices. Earlier this year, researchers at Bitsight found that the situation regarding vulnerabilities and exposed devices has not improved.

CyberDanube, an Austrian industrial cybersecurity company, says hackers can take control of Riello Uninterruptible Power Supply (UPS) devices by exploiting unpatched vulnerabilities. The Italy-based Riello Elettronica is an electrical manufacturing sector company, leading in the UPS market. CyberDanube reports that the vendor has failed to fix two vulnerabilities in its NetMan 204 network communications card, which integrates Riello UPS systems into medium or large networks. The first issue is a SQL injection vulnerability that can modify log data without authentication.

North Korea-linked threat actors are using poisoned Python packages to spread "PondRAT" malware as part of an ongoing campaign. Palo Alto Networks' Unit 42 found that PondRAT is a lighter version of "POOLRAT," also known as "SIMPLESEA," a macOS backdoor previously used by the "Lazarus Group" in attacks related to the 3CX supply chain compromise last year. This article continues to discuss findings regarding the new PondRAT malware.