The transition to mobile and contactless services in the hospitality industry is making hotels more vulnerable to cyber threats, according to a report from Trustwave SpiderLabs.

A new cyberattack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.

Final work is underway for the Cyber Incident Reporting for Critical Infrastructure Act, which CISA Director Jen Easterly expects to be done by the end of the year or early 2024 at the latest, she said at the Billington Cybersecurity Summit.

The Associated Press (AP) has warned that users of a popular writing style guide have been hit by phishing attacks after their personal information was compromised in a data breach.

The CISA added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected systems, although private enterprises are encouraged to follow suit.

As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the legitimate tool itself.

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.

The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.

A new campaign has been discovered with similarities to a previous campaign, including the use of social media sites to build rapport with targets. The threat actors then engage in encrypted messaging and send a malicious file with a 0-day exploit.

Researchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within Domain Name System (DNS) traffic data.