According to researchers at the cybersecurity company Checkmarx, Telegram, AWS, and Alibaba Cloud users are the target of a new malware campaign that hides malicious code within specific software functions to make it more difficult to detect. In September, Checkmarx discovered the campaign, which has been attributed to a threat actor dubbed "kohlersbtuh15." The malicious actor used the Python programming software repository Python Package Index (PyPI), launching attacks involving typosquatting and starjacking techniques.

New research explores the application of deep learning to analyze spectrogram images of the human eye and its movements as a biometric tool. For recognition and security applications, a group of researchers has created a novel method of personal identification based on eye movements. Since it focuses on the involuntary nature of certain eye movements, the biometric technique has proven resistant to fraudulent attempts. The team reached an accuracy of about 73 percent for eye angle spectrogram identification, and 65 percent for eye coordinate spectrogram identification testing.

Amnesty International has reported on a series of Predator spyware attacks against EU, US, and Asia civil society, journalists, politicians, and academics. The human rights group noted that the severity of these attacks warrants a global ban on spyware. Amnesty International's secretary general, Agnes Callamard, said that Intellexa alliance, the European-based developers of Predator and other surveillance products, have not limited who can use this spyware and for what purpose.

California Governor Gavin Newsom recently signed into law the first bill in the US compelling data brokers to delete all personal data of state residents upon request.  Dubbed the “Delete Act” (SB 362), this legislation will equip residents with a single “delete button” accessible via the California Privacy Protection Agency (CPPA) website, affecting roughly 113 registered data brokers in the state and imposing penalties on non-compliant brokers by 2026.  Data brokers collect a vast amount of personal information, which is why they are prime targets for cybercriminals.

Security researchers at Patchstack have discovered a new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below).  With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet.  The researchers noted that the vulnerability has been assigned CVE-2023-45603.  According to the researchers, this plugin suffers from an unauthenticated arbitrary file upload vulnerability.

Through the exploitation of Internet-accessible and vulnerable Operational Technology (OT) assets, cyber actors have demonstrated their continued determination to conduct malicious cyber activity against critical infrastructure. Therefore, the National Security Agency (NSA) has released a repository for OT Intrusion Detection Signatures and Analytics on the NSA Cyber GitHub to counter this threat.

Many ransomware incidents are perpetrated by threat actors exploiting known Common Vulnerabilities and Exposures (CVEs). However, many organizations may not know that a vulnerability used by ransomware threat actors is on their network. As required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, the Cybersecurity and Infrastructure Security Agency (CISA) established the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 to help organizations overcome this blind spot. CISA has announced the addition of new resources to the RVWP.

Shadow PC, a provider of high-end cloud computing services, is alerting its customers of a data breach that exposed private information for over 500,000 customers. A threat actor claims to be selling the stolen data. Shadow PC is a cloud gaming service that provides users with high-end Windows PCs streamed to their local devices, enabling them to play demanding games on a virtual computer. As a result of a successful social engineering attack on its employees, the company has begun sending data breach notifications.

In what researchers believe is a significant transition, the Everest ransomware group is intensifying its efforts to purchase access to corporate networks from employees. Everest noted on its dark web victim blog that those who help in its initial intrusion will receive a "good percentage" of the profits from successful attacks. In addition, the group pledged to provide collaborators with "full transparency" regarding each operation's nature and confidentiality regarding their role in the attack.

The threat actors behind ShellBot, also known as PerlBot, are using IP addresses transformed into its hexadecimal notation in order to compromise inadequately managed Linux SSH servers and launch the Distributed Denial-of-Service (DDoS) malware. According to the AhnLab Security Emergency Response Center (ASEC), the download URL used by the threat actor to install ShellBot has changed from a standard IP address to a hexadecimal value.