US cybersecurity agency CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have warned organizations of potential widespread exploitation of a recent zero-day vulnerability in the Atlassian Confluence Data Center and Server.  Tracked as CVE-2023-22515 (CVSS score of 9.8), the bug has been exploited by a nation-state threat actor since September 14, roughly two weeks before Atlassian released patches for it.

Researchers at the University of Twente looked at whether a simulation of a cyberattack in an escape room could contribute to a greater awareness of cybersecurity. Healthcare facility employees participated in the study. The escape room was found to increase cybersecurity awareness among healthcare employees. For example, participants reported being more alert regarding phishing, installing software updates, and using strong passwords. Acute Zorg Euregio (AZE), a regional network of organizations involved in acute care, arranged the escape room.

According to research by the Mozilla Foundation, cars with Internet-connected features are quickly turning into data-harvesting machines that threaten privacy. Researchers analyzed the privacy policies of 25 car brands and discovered that they collect various types of customer data, such as facial expressions, how people drive, and more. They also discovered terms that enabled the disclosure of this information to third parties. They concluded that cars were "the official worst category of products for privacy" they had ever evaluated.

Researchers discovered a backdoor being used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor, dubbed "BLOODALCHEMY" by Elastic Security Labs researchers, targets x86 systems and is part of the REF5961 intrusion set recently adopted by a China-linked group. The tooling of REF5961 has been observed in a different espionage-focused attack against the Mongolian government. BLOODALCHEMY is the new backdoor used by the operators of REF5961.

The Fast Identity Online (FIDO) Alliance and LastPass surveyed 1,005 Information Technology (IT) decision-makers, finding that 89 percent expect their organizations to use passwords for less than 25 percent of logins within five years. The survey discovered that 95 percent already offer passwordless access at their organization. Ninety-two percent plan to more widely adopt passwordless technologies. According to Mike Kosak, senior principal intelligence analyst at LastPass, there are multiple reasons for eliminating passwords.

Keyfactor reports that 97 percent of organizations are having difficulties securing their Internet of Things (IoT) and connected products. A survey conducted by Keyfactor also revealed that 98 percent of organizations faced certificate outages in the past 12 months, which cost more than $2.25 million on average. According to the report, 89 percent of organizations operating and using IoT and connected products were victims of cyberattacks, costing an average of $250,000.

According to a warning from the US Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3), NoEscape, a triple-extortion ransomware threat group believed to have stemmed from the now defunct Russian-speaking gang Avaddon, is targeting the Healthcare and Public Health (HPH) sector. Since its discovery in May of this year, NoEscape, a Ransomware-as-a-Service (RaaS) group, has targeted various industries.

A new variant of the RomCom backdoor was used against Women Political Leaders (WPL) Summit participants. The conference is focused on gender equality and women in politics. The campaign involved a fake website mimicking the official WPL portal. A Trend Micro report analyzing the new variant warns that its operators, tacked as Void Rabisu, have been using a stealthier backdoor and a new TLS-enforcement technique in the command-and-control (C2) communications to make discovery more difficult.

According to security researchers at Sophos X-Ops' unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical vulnerability.  The researchers noted that despite Progress Software releasing a patch for the WS_FTP Server vulnerability (tracked CVE-2023-40044) just last month, not all servers have been updated, leaving them vulnerable to exploitation.  The researchers saw an attempted ransomware attack by the self-proclaimed Reichsadler Cybercrime Group.