Security experts at Sonatype have warned of surging cyber risk in open-source ecosystems, having detected three times more malicious packages in 2023 than last year.  The vendor detected 245,032 malicious packages in 2023, which amounts to twice as many software supply chain attacks as during the period 2019-2022.  Sonatype noted that it is not just deliberate malicious activity that is posing a threat to organizations that download these components to accelerate time-to-value.

The FBI gave a public service announcement warning of an increase in phantom hacker scams targeting senior citizens throughout the US. According to the FBI, the phantom hacker scam layers imposter tech support, financial institution personas, and government personas to increase the victims' trust and identify the most lucrative accounts to target. Multiple fraudsters posing as bank representatives contact unsuspecting victims, fraudulently claiming that their accounts have been the target of hacking attempts.

Budget hotel chain Motel One Group recently announced that some customer information and credit card data was stolen in a recent ransomware attack.  The company claimed that the hackers accessed the hotel operator’s internal systems and attempted to deploy file-encrypting ransomware but were only partially successful.  According to the hotel chain’s initial assessment, the attackers accessed information related to customers’ addresses, along with “150 credit card details”.  The company noted that the affected cardholders have already been informed personally.

A vulnerability, tracked as CVE-2023-4211, in the kernel drivers for several Mali GPUs "may be under limited, targeted exploitation," the British semiconductor manufacturer Arm confirmed when it released drivers updated with patches. Arm's Mali GPUs are used in various devices, most notably in Android smartphones from Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and others. The vulnerability is caused by improper GPU memory processing and enables a local non-privileged user to access already freed memory. It impacts kernel drivers for various Arm GPUs.

A phishing campaign that spreads cyber espionage malware is aimed at users in the Middle East. The campaign is conducted by the Advanced Persistent Threat (APT) tracked as APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy. The APT uses a tool that researchers have dubbed "Menorah." This malware can identify the target's machine, access and upload files, and download additional files and malware. According to Trend Micro, the document used in the attack contains pricing information in Saudi Riyal, suggesting that at least one of the victims is in Saudi Arabia.

According to researchers, the average time it takes threat actors to exploit vulnerabilities before or after their public disclosure continues to decrease. Researchers at Mandiant analyzed 246 vulnerabilities disclosed in 2021 and 2022, tracked as "exploited in the wild." They discovered that the overall average time-to-exploit (TTE) is decreasing, with exploitation likely to happen before the end of the first month following the release of a patch. This is a trend that has continued over the past few years. Between 2018 and 2019, the average TTE was 63 days.

Integrating Machine Learning (ML) technologies into different security aspects has brought a new era of proactive threat detection, risk mitigation, and improved decision-making processes. From cybersecurity to physical security, ML technologies have proven to be significantly helpful for protecting individuals, organizations, and societies from evolving threats. The introduction of ML technologies has revolutionized the approach to security across various domains. This technology promises dynamic and adaptable security solutions that can address both known and emerging threats.

According to researchers, thousands of servers running the Exim mail transfer agent are vulnerable to attacks involving the exploitation of critical vulnerabilities that enable remote execution of malicious code with little or no user interaction. Exim is an open-source mail transfer agent used by as many as 253,000 servers on the Internet. Zero Day Initiative disclosed the vulnerabilities but they escaped much notice until recently when they surfaced in a security mailing list.

Researchers suspect the mass exploitation of vulnerabilities in Progress Software's WS_FTP Server. Researchers at Rapid7 first observed evidence of exploitation across multiple instances of WS_FTP on September 30. Progress recently released fixes for eight vulnerabilities in WS_FTP, including one with a CVSS severity rating of 10. The company said that there was no evidence of exploitation at the time. Researchers did not specify which vulnerabilities were being exploited, but it appeared that "one or more" of the eight vulnerabilities detailed in Progress' advisory were being targeted.

A nonprofit organization that develops communications standards reported that hackers stole a database containing user information. The European Telecommunications Standards Institute (ETSI) disclosed the incident last week. It is currently unclear whether the attack was motivated by financial gain or whether the hackers intended to acquire the user list for espionage purposes. Following the incident, ETSI called on France's cybersecurity agency ANSSI to investigate and restore the affected information systems.