The US Department of Energy (DOE) recently announced a $15 million investment in university-based electric power centers to bolster cybersecurity in the energy sector.  The DOE says the funding will go to six universities selected by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), which will partner with industry stakeholders and the DOE National Laboratories for cybersecurity research and training development.

Sauvik Das, an assistant professor at Carnegie Mellon University's (CMU) Human-Computer Interaction Institute (HCII), and his team of researchers developed a taxonomy of Artificial Intelligence (AI) privacy risks after analyzing 321 documented AI privacy incidents. The team's goal was to document how the unique capabilities and requirements of AI technologies described in those incidents led to new privacy risks, worsened existing ones, or did not significantly alter known risks. This article continues to discuss the study "Deep Fakes, Phrenology, Surveillance, and More!

Researchers at the Department of Energy's (DOE) Oak Ridge National Laboratory have shown that advanced quantum-based cybersecurity can be implemented in a deployed fiber link. Their findings validate an earlier proof-of-principle laboratory experiment conducted by ORNL scientists in 2015. The team used a true local oscillator to transmit a quantum signal for Quantum Key Distribution (QKD), a secure secret key-sharing method. A local oscillator suppresses the effects of noise scattered from other data transmitted in the same fiber-optic network.

Security researchers have discovered a new cyber espionage group linked to Ukraine that has been active since at least January. They named the group "PhantomCore" and named the attackers' remote access malware "PhantomRAT." The hackers used a known vulnerability in the Windows file archiver tool WinRAR to launch attacks on unnamed Russian companies. Tracked as CVE-2023-38831, the bug was previously exploited by state-controlled hackers linked to Russia and China in early 2023 before being patched. This article continues to discuss findings regarding PhantomCore.

Implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) will improve the US Cybersecurity and Infrastructure Security Agency's (CISA ) ability to use cybersecurity incident and ransomware payment information reported to the agency to identify patterns, fill information gaps, quickly release resources to help entities suffering from cyberattacks, and notify others who may be affected. When information about cyber incidents is shared quickly, CISA can use it to help other organizations avoid a similar incident.

The US Department of State has announced a $10 million bounty for information that will help law enforcement find anyone launching cyberattacks against American infrastructure on behalf of another country. The feds highlighted the BlackCat/ALPHV Ransomware-as-a-Service (RaaS) operation, which helped the adversary who compromised Change Healthcare and led to billions of dollars in damages. This article continues to discuss the bounty put up by the US for information to help crack down on the RaaS group's cyberattacks against US critical infrastructure.

Splunk recently announced security patches for its Enterprise product, including vulnerabilities that have been assigned a high severity rating.  One of the flaws, CVE-2024-29946, impacts the Dashboard Examples Hub in the Splunk Dashboard Studio app and can be exploited to bypass protections for risky Search Processing Language (SPL) commands. Splunk noted that this could let attackers bypass SPL safeguards for risky commands with the permissions of a highly privileged user in the Hub.

To mitigate a malware upload campaign, the Python Package Index (PyPI) repository's maintainers suspended user registration and the creation of new projects. Checkmarx warns that multiple malicious Python packages are being distributed using typosquatting methods. According to researchers, this is a multi-stage attack with a malicious payload aimed at stealing cryptocurrency wallets, sensitive data from browsers, and more. Researchers have also reported that the malicious payload uses a persistence mechanism to survive reboots.

A Linux version of "DinodasRAT," a multi-platform backdoor, has been discovered in the wild, with targets including China, Taiwan, Turkey, and Uzbekistan. DinodasRAT, also known as "XDealer," is a malware written in C++ that can gather sensitive information from compromised hosts. In October 2023, a government entity in Guyana was targeted as part of "Operation Jacana," a cyber espionage campaign aimed at deploying the Windows version of the implant.

Cisco has released a set of recommendations to help customers mitigate password-spraying attacks on Remote Access VPN (RAVPN) services running on Cisco Secure Firewall devices. The company revealed that the attacks have also targeted other remote access VPN services and appear to be part of a reconnaissance operation. In a password-spraying attack, an adversary tries the same password on multiple accounts to log in.