According to Microsoft, a sophisticated Chinese cyber-espionage campaign targeting Microsoft Outlook accounts gave Beijing access to tens of thousands of private US government emails.  The Storm-0558 group was able to steal 60,000 emails from 10 State Department accounts, nine of which were used by individuals working on East Asia and Pacific diplomacy.  According to a State Department briefing,  the hackers were also able to get hold of a list containing all of the department’s email accounts.

NIST recently published the final version of its latest guide to operational technology (OT) security.  NIST published the first draft of Special Publication (SP) 800-82r3 (Revision 3) in April 2021, with a second draft being released one year later.  Now, Revision 3 of the OT security guide has been finalized.  The new 316-page document provides guidance on improving the security of OT systems while addressing their unique safety, reliability, and performance requirements.

Hubert Kario, a senior quality engineer on the QE BaseOS Security team at Red Hat, has discovered flaws in a 25-year-old method for encrypting data using RSA public-key cryptography. According to Kario, in a paper titled "Everlasting ROBOT: the Marvin Attack," many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange, which were previously thought to be immune to Daniel Bleichenbacher's well-known attack, are actually vulnerable.

Reevaluating how most Artificial Intelligence (AI) systems protect against attacks helped researchers at EPFL's School of Engineering develop a new training approach to ensure Machine Learning (ML) models, particularly deep neural networks, always perform as intended. The new model effectively replaces a long-standing training approach based on a zero-sum game. It uses a continuously adaptive attack strategy to develop a more intelligent training scenario.

Researchers at the Georgia Institute of Technology are developing a new software tool powered by Artificial Intelligence (AI) to address the understudied area of digital security and domestic abuse. Abusers often use the Internet and mobile technology to broaden the scope of their abuse. However, the small scale of such online attacks has resulted in security researchers paying less attention to them.

Intelligence services in countries such as Russia, North Korea, and China have leveraged ad hoc relationships with cybercriminal groups within their borders for some time to shield their organizations from the repercussions of their actions. However, recent successes by authorities in the US and elsewhere have demonstrated that even this strategy does not put actors beyond the reach of law enforcement.

The UK Information Commissioner's Office (ICO) has issued a warning about the potential risks posed by data breaches that expose the Personally Identifiable Information (PII) of domestic abuse victims. The data privacy regulator urges organizations handling domestic abuse victims' PII to train their staff and implement appropriate systems to prevent such incidents. In the past 14 months, the ICO has reprimanded seven organizations for data breaches impacting victims of domestic abuse, including four instances in which organizations exposed victims' safe addresses.

A recent cyberattack on a Russian flight booking system caused delays at airports. A massive Distributed Denial-of-Service (DDoS) attack was launched against the Leonardo local airline booking system by "foreign hackers," according to one of the system's developers, the Russian state defense company Rostec. The incident lasted around an hour and disrupted the operations of several Leonardo customers, including Rossiya Airlines, Pobeda, and Aeroflot. IT Army, a Ukrainian hacktivist group, claimed responsibility for the shutdown of Leonardo.

Government and telecommunications organizations are facing new attacks by a threat actor linked to China, tracked as Budworm, which has been using an updated malware toolkit. The attacks against a Middle Eastern telecommunications company and an Asian government, occurred in August 2023, with the adversary using an updated version of its SysUpdate toolkit. Budworm, also known as APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, has been active since at least 2013, targeting various industry verticals in pursuit of its intelligence-gathering objectives.

Malicious npm and PyPI packages have been discovered stealing sensitive data from software developers. The campaign, which started on September 12, 2023, was first found by analysts at Sonatype, who discovered 14 malicious packages on npm. According to Phylum, following a brief operational hiatus on September 16 and 17, the attack continued and extended to the PyPI ecosystem. The attackers have uploaded 45 packages to npm (40) and PyPI (5) since the beginning of the campaign, with code variations suggesting a rapid evolution of the attack.