Edge devices, services, and network infrastructure devices often start mass exploitation attacks. There has been a rise of mass exploitation compromises and criminal targeting of edge and infrastructure devices. Nation-states such as Russia and China and criminal groups like FIN11 use edge devices, often compromised by zero-day vulnerabilities, according to Mandiant's M-Trends 2024 report. According to Forescout's Riskiest Devices 2024 report, endpoints were the riskiest in 2023 but are now network infrastructure.

Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned of the deepfake threat to election integrity. The tech policy expert emphasized how technology has made deepfakes easier and cheaper to make. In a report titled "Facing Fakes: How Politics and Politicians Can Respond to the Deepfake Age," Feeney calls on the UK government update existing laws rather than create new regulations for Artificial Intelligence (AI) and deepfakes.

GitHub has recently announced that through its bug bounty program, which the company launched ten years ago, it has paid out more than $4 million.  In 2023, the bug bounty paid out exceeded $850,000.  GitHub noted that its annual bug bounty payout has exceeded $800,000 since 2021.  The largest single reward in 2023 was $75,000 for a vulnerability that allowed access to the environment variables of a production container.

Rockwell Automation recently announced that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.  The first vulnerability, CVE-2024-37368, is described as a user authentication issue that can lead to information leakage.  The company noted that the vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project.  Due to the lack of proper authentication, this action is allowed without proper authentication verification.

Microsoft recently revealed updates for 51 vulnerabilities, only one of which was rated "critical." Microsoft noted that the bug, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) and has been assigned a CVSS score of 9.8, with exploitation rated as "more likely." Microsoft has recommended disabling the service until a time at which you can install the update.  The zero-day vulnerability, made public in February, is a protocol-level bug impacting DNSSEC validation.

In a new phishing campaign, HTML attachments abusing the Windows Search protocol are used to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that lets applications open Windows Explorer to perform searches with specific parameters. Most Windows searches will use the local device's index. However, Windows Search can be forced to query file shares on remote hosts and apply a custom title for the search window. Prof. Dr.

A new Protect AI report delves into a dozen critical vulnerabilities in open source Artificial Intelligence (AI) and Machine Learning (ML) tools discovered in recent months. The company warns of security defects reported as part of its AI bug bounty program, including critical issues that could lead to information disclosure, resource access, privilege escalation, and server takeover. The worst bug is an improper input validation in Intel Neural Compressor software that could enable remote attackers to escalate privileges.

A Federal Information Security Modernization Act (FISMA) report recently issued to Congress found that federal agencies saw a nearly 10 percent increase in cyberattacks in 2023, but they also improved their detection and categorization. According to the fiscal year 2023 readout from the Office of Management and Budget (OMB), which oversees the FISMA, federal agencies reported 32,211 cyber incidents to the US Cybersecurity and Infrastructure Security Agency (CISA), compared to 29,319 incidents in the prior year period.

Researchers warn of a cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. According to the cloud security company Wiz, the activity is an updated version of a financially motivated operation first reported by CrowdStrike in March 2023. The threat actor used anonymous access to an Internet-facing cluster to launch malicious container images hosted on Docker Hub. This article continues to discuss observations regarding the cryptojacking campaign targeting misconfigured Kubernetes clusters.

Panera Bread is starting to notify employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack.  The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada.  Panera said that the files breached contained names and Social Security numbers and noted that other information provided in connection with employment may have also been in the files involved.