An Apple ID spearphishing campaign involving push bombing and caller ID spoofing recently targeted several technology professionals, including startup founders and cybersecurity professionals. Parth Patel, a software engineer and co-founder of a stealth technology startup, said that he and other startup founders in his circle had been targeted. Patel reported receiving a flurry of push notifications on all of his Apple devices, all requesting permission to reset his Apple ID password.

The US National Vulnerability Database (NVD) program manager, Tanya Brewer, has officially announced that the National Institute of Standards and Technology (NIST) will delegate some management responsibilities for the world's most popular software vulnerability repository to an industry consortium. NIST established the US NVD in 2005 and has continued to operate it since then. The NVD Consortium will help NIST with funding and feedback for future developments.

Cisco recently announced patches for multiple IOS and IOS XE software vulnerabilities that could be exploited without authentication to cause a denial-of-service (DoS) condition.  The most severe of the flaws, with a CVSS score of 8.6, impact the Locator ID Separation Protocol (LISP), IPv4 Software-Defined Access (SD-Access) fabric edge node, Internet Key Exchange version 1 (IKEv1) fragmentation, and DHCP snooping features of IOS and IOS XE software, and the IP packet processing of AP software.

According to security researchers at Flashpoint, reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year.  The researchers recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers, and financial data.  Over 70% of these incidents resulted from unauthorized access that stemmed from outside the affected organization.

Researchers at Los Alamos National Laboratory developed a new technology to improve data security in various areas. The Secure, Automatic, Failsafe Eraser (SAFE) technology can erase the memory of devices and prevent data disclosures. According to Bertrand Dushime, a member of the Lab's Space Electronics and Signal Processing group and a SAFE project collaborator, the goal is to modernize dismantlement verification instruments and improve the information barrier. This technology will enable better analysis, more specific parameter verification, higher-quality treaty verification, and more.

A team of IBM researchers reported in a study that combining Hybrid Quantum-Classical Computing (HQCC) and Artificial Intelligence (AI) technologies could bring us closer to the day quantum computing undermines current encryption methods. The team emphasizes the importance of making a quantum-proof shift as Q-Day approaches when quantum computers become powerful and stable enough to crack today's encryption schemes. This article continues to discuss the study "Advancements in Quantum Computing and AI May Impact PQC Migration Timelines."

A now-patched security flaw in the Microsoft Edge web browser could have been exploited to install arbitrary extensions on users' systems and perform malicious activities. According to Guardio Labs security researcher Oleg Zaytsev, this flaw could have enabled an attacker to use a private Application Programming Interface (API) originally intended for marketing purposes to covertly install additional browser extensions with broad permissions without the user knowing.

NVIDIA, the Artificial Intelligence (AI) computing giant, has patched two software flaws in its ChatRTX for Windows app, warning that users are vulnerable to code execution and data tampering attacks. According to NVIDIA, the flaws have a 'high-risk' rating and could be used to launch malicious code through Cross-Site Scripting (XSS) attacks. The security flaws, tracked as CVE-2024-0082 and CVE-2024-0083, impact ChatRTX for Windows 0.2 and earlier versions.

The INC Ransom extortion gang has threatened that it is going to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.  In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "soon" unless the NHS pays a ransom.  Scotland's NHS is the country's public health system, providing services ranging from primary care, hospital care, dental care, pharmaceutical, and long-term care.

Cybercriminals have been selling custom Raspberry Pi software called "GEOBOX" on Telegram that allows inexperienced hackers to turn the mini-computers into anonymous cyberattack tools. Researchers at Resecurity discovered the tool while investigating a high-profile banking theft incident involving a Fortune 100 company. Malicious individuals used several GEOBOX devices, with each connected to the Internet and strategically placed in different remote locations. These devices functioned as proxies, increasing their anonymity.