Security researchers at Shadowserver found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.  Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.

Brazil's Federal Police, with support from cybersecurity researchers, have disrupted the Grandoreiro banking malware operation, which has targeted Spanish-speaking countries since 2017. ESET, Interpol, the National Police of Spain, and Caixa Bank provided critical data that led to the identification and arrest of individuals behind the malware's infrastructure. The police made five arrests and conducted thirteen search and seizure actions in Sao Paulo, Santa Catarina, Para, Goias, and Mato Grosso.

CloudSEK reports that a massive database containing the information of roughly 750 million individuals in India was offered for sale on the dark web earlier this month.  The company noted that the database, 1.8 terabytes in size, contains personal information such as names, mobile phone numbers, addresses, and Aadhaar details (the Aadhaar number is unique to an individual and serves for identification purposes).

Insurance consulting and brokerage firm Keenan & Associates has recently started informing more than 1.5 million individuals that their personal information was stolen in an August 2023 cyberattack.  The company noted that the cyberattack was discovered on August 27, when disruptions occurred on some of its servers, and was contained within hours.  Keenan’s investigation into the cyberattack revealed that an unauthorized party gained access to certain Keenan internal systems at various times between approximately August 21, 2023 and August 27, 2023.

With support from Lockheed Martin, a team of student researchers at Embry-Riddle Aeronautical University's Prescott Campus are developing a Cellular Intrusion Detection (CID) system aimed at detecting unwanted cellular devices in secure areas. Zachary Traynor, an Electrical Engineering senior, recently interned at Lockheed Martin, learning about multi-level security checks and clearances that protect confidential information and products.

According to researchers from the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT), ambient light sensors are vulnerable to privacy threats when embedded in a smart device's screen. The team has presented a computational imaging algorithm to recover an image of the environment from the perspective of the display screen using these sensors' subtle single-point light intensity changes in order to show how hackers could use them in conjunction with monitors.

The Farm and Food Cybersecurity Act would require the agriculture secretary to conduct a survey every two years on the state of cyber vulnerabilities and threats to the food and agriculture sectors, as well as collaborate with major intelligence community officials to perform exercises simulating industry-disrupting cyberattacks. According to the US Agency for International Development (USAID), cyberattacks on agriculture supply chains pose a significant threat to global food security because the sector's digitization enables hackers to disrupt farming equipment.

Quantum communication transmission rates have been limited by the "dead time" of single-photon detectors. Researchers at LG Electronics in South Korea recently revealed a new protocol to improve transmission rates while also increasing security. The novel protocol introduces techniques for overcoming the limitations posed by single-photon detectors' dead time and channel loss.

Three former Department of Homeland Security (DHS) employees have recently been sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.  The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced to 2 years of probation; and Murali Y. Venkata, also from the IT department, sentenced to 4 months in prison.

Schneider Electric, the energy management and automation giant, has been targeted in a Cactus ransomware attack, resulting in data theft. Researchers discovered that the ransomware attack targeted the company's Sustainability Business division. The attack disrupted some of Schneider Electric's Resource Advisor cloud platform, which continues to experience outages today. The ransomware group allegedly stole terabytes of data during the cyberattack and is now extorting the company by threatening to leak the data if the demanded ransom is not paid.