A formidable new Ransomware-as-a-Service (RaaS) group, known as NoEscape, has emerged as a rebrand of the Russian threat actor Avaddon. NoEscape, identified by the US Department of Health and Human Services' Health Sector Cybersecurity Coordination Center (HHS HC3), exhibits unique features and employs aggressive multi-extortion tactics. The group has been observed targeting organizations in professional services, manufacturing, and information industries, with a particularly worrisome focus on the healthcare and public health sector. NoEscape gains access to networks through various means, such as phishing emails or compromised servers. Initial signs of compromise may include unusual network activity, unauthorized access attempts, or suspicious files.

A serious vulnerability, CVE-2023-43261, has been discovered in certain industrial routers manufactured by Chinese IoT and video surveillance product maker Milesight, particularly affecting several UR-series industrial cellular routers. This vulnerability allows unauthorized remote attackers to access sensitive system log files, including 'httpd.log', potentially compromising security.

A recent surge in phishing attacks has been identified, exploiting LinkedIn's Smart Links feature. These attacks leverage the appearance of trustworthiness to bypass email security measures, targeting a wide range of industries, including finance, manufacturing, energy, construction, and healthcare.

CVE-2023-44487 is a recently disclosed denial-of-service vulnerability that exists in the HTTP/2 protocol. It is known as rapid reset and has been actively exploited in the wild from August 2023 to October 2023. The outbreak of this vulnerability has caused record-breaking DDoS attacks as Cloudflare has reported a measure of 201 million requests per second, nearly tripling their last largest reported attack. These record-breaking attacks are also reported by other vendors such as Google and Amazon Web Services.

Microsoft has recently addressed a significant security issue in their instant messaging and videotelephony application, Skype for Business, tracked as CVE-2023-41763. This vulnerability is categorized as an Elevation of Privilege bug. Although Microsoft has now fixed it, the flaw was actively exploited. Attackers could access some sensitive information but not alter or restrict access to it. The impact relates primarily to confidentiality.

The maintainers of the cURL data transfer project are actively working on addressing a high-severity vulnerability in the software, which affects both libcurl and curl. This vulnerability is tracked as CVE-2023-38545 and is considered one of the most severe flaws in the open-source tool. While specific details about the vulnerability and affected versions have not been disclosed to prevent pre-release problem identification, all iterations released over the "last several years" are considered vulnerable. The release of fixes for this vulnerability is scheduled for October 11, 2023.

On October 3, 2023, McLaren Health Care, one of Michigan's largest healthcare providers, fell victim to a significant ransomware attack. The attackers claimed to have exfiltrated 6 terabytes of data, potentially affecting up to 2.5 million patients. McLaren is actively investigating the incident and will be notifying affected individuals once a thorough assessment is completed.

A Cisco Security Advisory was released on October 4th, 2023, regarding CVE-2023-20101. This vulnerability has a CVSS 3.1 base score of 9.8, marking it as critical. It affects the ‘Cisco Emergency Responder Release 12.5(1)SU4’ within their Unified Communications Manager. This vulnerability enables an unauthenticated remote attacker to log in to an affected device with root-level privileges.

CVE-2023-44416 (CVSS Score: 6.8) is just one of many recent zero days from D-Link, a Taiwanese networking equipment corporation. This specific flaw, reported by Zero Day Initiative, affects the command line interface (CLI) service that listens on TCP port 23 within the DAP-2622 Access Point product. There is a lack of proper validation of a user-supplied string before executing a system call. A network-adjacent attacker can use the vulnerability to execute arbitrary code in root context on affected installations of D-Link DAP-2622 without requiring authentication.