X-Industry

A new malware-as-a-service option for cybercriminals known as BunnyLoader was released on September 4^th, 2023.  It has since seen a variety of updates and has reached version 2.0.  As one might expect from any number of the “as a service” monikers, malware-as-a-service is a business model for cybercriminals.  The business model is such that malware and its associated infrastructure are provided to customers for a fee.  This can also be seen as a variation to the software-as-a-service model.

Thos

The International Committee of the Red Cross (ICRC) has released the first-ever ethical guidelines for civilian hackers, or hacktivists, engaged in armed conflicts.  The organization asks hacktivists to comply with eight “humanitarian law-based rules” to protect themselves and avoid harming others.

The ICRC said that international humanitarian law does not prohibit hacking military targets during armed conflicts, but those involved in such operations must adhere to basic humanitarian principles.

Cyber-attacks and crimes are no ‘new’ news.  However, with more of our information being shared online than ever before, we might be more vulnerable than we might like to believe.  A 2020 report suggests that cyberattacks on infrastructure were the fifth top risk of the year.  Not only that but it is expected that the cost of cybercrimes might reach $10.5 trillion dollars by 2025.

These numbers are alarming, and for us to better understand the tremendous impact that cyber-attacks might have on c

**Critical** 
Advisory ID:
cisco-sa-cer-priv-esc-B9t3hqk9

First Published:
2023 October 4 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCwh34565

CVSS Score:
Base 9.8

CVE-2023-20101

 Download CSAF

 Download CVRF

 Email

Summary - A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.[1]  This vu

To celebrate the 20th Cybersecurity Awareness Month, CISA has launched a new program, meant to promote four critical actions that businesses and individuals can take to improve cybersecurity.  Since 2004, October has been dedicated to raising awareness on the importance of cybersecurity for both private and public sectors, as part of a collaborative effort between government and industry.  This year, CISA is introducing Secure Our World, an initiative to deliver an “enduring message” to be integ

Agility Robotics, creator of the bipedal humanoid robot Digit, says it is planning to open what it calls “RoboFab”, the company’s robot manufacturing facility in Salem, Oregon with the capability to produce more than 10,000 robots per year.  Initial construction of Agility’s 70,000 square foot robot factory began last year, and it is set to open later this year.  Agility anticipates production capacity of hundreds of Digit robots in the first year, with the capability to scale to more than 10,00

Every month, I feel as if ChatGPT is bringing us closer to the life we watched on The Jetsons.   The Jetsons is an American animated sitcom produced by Hanna-Barbera Productions.  It aired on ABC in prime time from September 23, 1962, to March 17, 1963.  Don’t get me started on smart lawnmowers and vacuum cleaners. 

ChatGPT can perform many technical tasks, such as writing, coding, and researching. Much hype surrounding the chatbot has been on its ability to revolutionize the workspace.  However

Companies are gripped by labor shortages in the security services market segment, and some are turning to robots.  Ed Bacco, a technology executive who joined ADT’s commercial arm just over four years ago, sees androids as a way of getting around the intense battle for talent and high turnover rates that have always been a problem for the industry.  “We wanted to have more consistency in our guards, and so when I came over to ADT, I saw an opportunity to introduce something to the market,” said

Malicious ADs served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools.  The findings come from researchers, who revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.

Introduced by Microsoft in February 2023, Bing Chat is an interactive search experience that's powered by OpenAI's large language model called GPT-4.  A month lat

Cybersecurity agencies from Japan and the US have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries.  The attacks have been tied to a malicious cyber actor dubbed BlackTech by the US National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency

Web browser security has undergone significant changes over the past decade.  While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.

The limitations of Browser Isolation, such as degraded browser performance and inability to tackle modern web-borne threats like phishing and malicious extensions, necessitate a shift towards more advanced solutions

In 1923, the Soviet Union created the Nagorno-Karabakh Autonomous Oblast (an oblast is an administrative region or province) within the Azerbaijan Soviet Socialist Republic.  This oblast has a 95% ethnically Armenian population.  In 1988, Nagorno-Karabakh intended to leave Azerbaijan and join the neighboring Republic of Armenia.  While the Soviet Union was able to keep the resulting tension under control, once the USSR began to collapse, armed conflict between Azerbaijan and Armenia began for co

The US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.  "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."

See:  https://www.ic3.gov/Media/News/2023/230928.pdf

Not much is

The US Democratic-backed AI Accountability Act of 2023 gives the US Federal Trade Commission (FTC) new authority and a new office to regulate how AI algorithms make critical decisions on housing, healthcare.  Democrats in the House and Senate are teaming up on legislation to give the federal government new authority to regulate artificial intelligence in “high-impact” use scenarios.

See:  https://redskyalliance.org/xindustry/regulation-v-innovation

The Algorithmic Accountability Act of 2023, int

Recently identified Xenomorph Android banking trojan samples show an expanded target list that now includes North American users.  Initially detailed in February 2022 and likely linked to the infamous banking trojan Alien, Xenomorph relies on overlays to steal users’ personal and login information.  It can also intercept notifications and SMS messages to bypass two-factor authentication.

See:  https://redskyalliance.org/intel-reports/intelligence-report-weekly-data-and-threats-04-20-2023

The mal

A US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants.  About 380,000 are furloughed, meaning they cannot work or get paid.  The rest are working without pay.  A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.

Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms.  The US government wil

"The production lines are at a standstill everywhere." The problems at VW were bigger than initially thought: The IT disruption is not only global, it also affects Audi in addition to Volkswagen.  An update from 27 September:  The disruption at Volkswagen (VW) seems bigger than initially known and it does not only affect the Volkswagen production facilities.  The VW subsidiary Audi and Porsche were also affected by the IT disruption, as an Audi spokeswoman admitted.  The extent to which this is

The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the US had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool.  The nonprofit manages educational reporting, data exchange, verification, and research services for 3,600 colleges and universities as well as 22,000 high schools.

In June of this year, the organization first confirmed that it was affected by exploitation of the tool, which was

Retch is a new ransomware variant first discovered in mid-August 2023.  It encrypts files on compromised machines and leaves two ransom notes asking victims to pay a ransom for file decryption.

Infection Vector - Information about the infection vector used by the Retch ransomware threat actor is not currently available.  However, it is unlikely to be significantly different from other ransomware groups.[1]  Retch ransomware samples have been submitted to a public file scanning service from the f

Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and externally, according to a new global survey conducted by Keeper Security.

The study, Cybersecurity Disasters Survey Incident Reporting & Disclosure, was published on September 26, 2023.  It found that, despite cyber-attacks being top of mind for IT and security leaders 40% of them said they had experienced one and 74% admitted they were concerned abo