According to new Sophos X-Ops research, ransomware gangs use media coverage of attacks to increase pressure on victims to meet their demands. An analysis conducted by Sophos X-Ops emphasized that ransomware groups and the media now have a closer relationship, suggesting that while hackers have traditionally been secretive, some now see the potential in using their publicity to strengthen extortion techniques.

The Department of Energy's (DOE) Pacific Northwest National Laboratory (PNNL) has established the Center for AI @ PNNL to coordinate the pioneering research of hundreds of scientists working on various projects focusing on science, security, and energy resilience. With the availability of generative Artificial Intelligence (AI), which allows almost anyone to produce sophisticated text and images with just a small amount of data, AI use has surged.

The Gaza Cyber Gang, a pro-Hamas threat actor, is targeting Palestinian entities with an updated version of the Pierogi backdoor. SentinelOne named the malware Pierogi++ because it is written in the C++ programming language, unlike its Delphi- and Pascal-based predecessor. According to security researcher Aleksandar Milenkoski, recent Gaza Cyber Gang activities show constant targeting of Palestinian entities, with no significant changes in dynamics since the start of the Israel-Hamas war.

Dell is urging customers of its PowerProtect products to review a newly released security advisory and patch a series of potentially serious vulnerabilities.  Dell noted that the vulnerabilities impact PowerProtect Data Domain (DD) series appliances, which are designed to help organizations protect, manage, and recover data at scale.  APEX Protect Storage, PowerProtect DD Management Center, PowerProtect DP series appliances, and PowerProtect Data Manager appliances are also affected.

In response to a rise in supply chain cyberattacks over the past five years, the National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Recommendations for Software Bill of Materials (SBOM) Management." This CSI offers guidance to network owners and operators on integrating SBOM use to help protect the cybersecurity supply chain, with some additional guidance for National Security Systems (NSS).

In collaboration with researchers from three other organizations, MITRE has released a draft of a new threat-modeling framework for those who make embedded devices used in critical infrastructure environments. The new EMB3D Threat Model aims to provide device makers with a common understanding of the vulnerabilities in their technologies that are being targeted by attacks, as well as the security mechanisms for addressing those vulnerabilities.

Group-IB warns that a hacking group dubbed GambleForce has been targeting businesses and government agencies in attacks involving exploiting SQL injection flaws. In September, the company discovered and gained access to a command-and-control (C2) server used by the group, which regularly targets gambling companies and other types of organizations.

Microsoft has disrupted Storm-1152, an alleged threat actor group that built Cybercrime-as-a-Service (CaaS) businesses. CaaS is a business model in which adversaries with superior skills create attack tools, such as automated bots, to sell to other fraudsters who may not be technically savvy, thus increasing cybercrime and fraud opportunities. The CaaS model encourages and enables more people to commit fraud at a rate and volume that can overwhelm even the most experienced internal Security Operation Center (SOC) teams.

Volt Typhoon, also known as Bronze Silhouette, a Chinese state-sponsored Advanced Persistent Threat (APT) hacking group, has been linked to a botnet called KV-botnet, which it has been using since at least 2022 to attack Small Office Home Office (SOHO) routers in high-value targets. The APT mainly targets routers, firewalls, and Virtual Private Network (VPN) devices to proxy malicious traffic so that it blends in with legitimate traffic and thus goes undetected.

According to security researchers at Chainalysis, approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021.  The researchers estimate that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023.  The researchers noted that approval phishing is a type of crypto scam in which attackers attempt to trick targets into signing a malicious blockchain transaction that gives their address approval to spend specific tokens inside the victim’s wallet.