The Ragnar Locker ransomware operation's Tor negotiation and data leak websites have been seized as part of an international law enforcement operation. Both websites now display a seizure message stating that many international law enforcement agencies from the US, Europe, Germany, France, Italy, Japan, Spain, the Netherlands, the Czech Republic, and Latvia participated in the operation. Ragnar Locker, also known as Ragnar_Locker and RagnarLocker, is one of the longest-running ransomware operations, having launched at the end of 2019 as it began targeting enterprises.

According to Microsoft, multiple North Korean threat actors have been observed exploiting a recent vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server.  Tracked as CVE-2023-42793, the critical severity flaw allows unauthenticated attackers to execute code remotely on vulnerable on-premises TeamCity instances and gain administrator-level permissions.  JetBrains released patches for the bug on September 21, with the first in-the-wild exploitation attempts reported only one week later.

New research reveals that Artificial Intelligence (AI)-driven chatbots such as ChatGPT can infer a great deal of sensitive information about the people they are chatting with. The phenomenon stems from how the models' algorithms are trained using broad swathes of web content, a crucial aspect of their functionality, making it difficult to prevent. Martin Vechev, a computer science professor at ETH Zürich in Switzerland who led the research, says that it is unclear how to solve this issue.

The North Korea-leaked Lazarus Group, also known as Hidden Cobra or TEMP.Hermit, has been observed using trojanized Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers in the ongoing Operation Dream Job campaign. The campaign involves tricking job seekers on social media into downloading malicious apps for fake job interviews. These backdoored apps operate discretely to avoid detection by behavior-based security solutions, activating only when the user selects a server from the drop-down menu of the trojanized VNC client.

The National Security Agency (NSA) and its US partners have published a new report describing phishing attack techniques and the defenses that organizations can implement to combat them. The Cybersecurity Information Sheet (CSI) titled "Phishing Guidance: Stopping the Attack Cycle at Phase One" delves into cybersecurity controls to reduce phishing attacks. The CSI goes over how to protect against login credential phishing and malware-based phishing, as well as remediation steps for successful phishing activity.

A Synology DiskStation Manager (DSM) vulnerability could be exploited to decipher an administrator's password. Claroty's Team82 researchers discovered the vulnerability, tracked as CVE-2023-2729, with a CVSS score of 5.9. They found a weak Random Number Generator (RNG) in Synology's DSM Linux-based operating system running on the Network Attached Storage (NAS) products. The problem is the insecure JavaScript Math.random() function used to generate the administrator password for the NAS device.

A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.  Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions.  The threat actor claims the new stolen data includes genetic information on the royal family, the Rothschilds, and the Rockefellers.  Today, the same hacker released an additional CSV file containing the 23andMe data of 139,172 people living in Germany.

The hacktivist group SiegedSec has claimed to be behind a series of attacks against Israeli infrastructure and Industrial Control Systems (ICS). SecurityScorecard's Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team discovered a list of what the hacking group claims to be its Israeli ICS targets, which the group compiled. An image of the list found by analyzing various dark web groups reveals a series of IP addresses, with the claim of having launched attacks against Israeli infrastructure.

Several Advanced Persistent Threat (APT) groups, including two Russian groups, are conducting campaigns to exploit a known vulnerability in the popular WinRAR archive utility and deliver malware. The attackers are exploiting a vulnerability, tracked as CVE-2023-38831, in multiple versions of WinRAR that can result in arbitrary code execution. The WinRAR team released a patch for the vulnerability in August, but threat actors had been exploiting it since at least April, when researchers were unaware of it.

The Cybersecurity and Infrastructure Security Agency (CISA) works with public safety, national security, and emergency preparedness communities to improve seamless and secure communications in order to maintain the safety, security, and resiliency of the US. Any disruption to communications can have a domino effect on a public safety agency's ability to provide critical lifesaving services.