F5 has issued a warning to BIG-IP administrators about "skilled" hackers compromising devices by exploiting two recently disclosed vulnerabilities to hide their access and stealthily execute code. F5 BIG-IP is a suite of products and services that offer load balancing, security, and performance management for networked applications. Large companies and government organizations have widely adopted the platform, which makes any product vulnerability a significant concern. This article continues to discuss the F5 BIG-IP flaws being exploited by hackers in stealthy attacks.

State-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been targeting blockchain engineers of an unnamed cryptocurrency exchange platform through Discord with macOS malware named KANDYKORN. According to Elastic Security Labs, the activity dating back to April 2023 overlaps with Lazarus Group, based on an analysis of the network infrastructure and techniques used. Researchers reported that the threat actors used a Python application to lure blockchain engineers in order to gain initial access to the environment.

Attackers are using new wiper malware called BiBi-Linux in attacks against Israeli companies to destroy their data. During a forensics investigation of a breach at an Israeli company, the Security Joes Incident Response team discovered the malware. According to Security Joes researchers, the malware is an x64 ELF executable without obfuscation or protection measures. It enables attackers to specify target folders and, if executed with root permissions, could destroy an entire operating system.

A link-shortening service provides cyberattackers and scammers with .us top-level domains, making their phishing campaigns slightly less detectable. Infoblox researchers have dubbed the threat actor responsible for the operation "Prolific Puma." Prolific Puma has generated as many as 75,000 unique domain names in the past 18 months, evading regulations to provide criminals with .us URLs.

Researchers at the Massachusetts Institute of Technology (MIT) have developed a search engine called SecureLoop, capable of efficiently identifying optimal designs for deep neural network accelerators that preserve data security while improving performance. As computationally intensive Machine Learning (ML) applications, such as chatbots that perform real-time language translation, rise, device manufacturers often incorporate specialized hardware components to quickly move and process the enormous amounts of data demanded by these systems.

According to a new study from Aalto University, online games' privacy policies and practices have dark design patterns that may be deceptive, misleading, or coercive to users. The gaming industry is worth about $193 billion, with around three billion gaming enthusiasts worldwide. Although online gaming can improve well-being and facilitate social relationships, privacy and awareness problems have the potential to offset these benefits and cause actual harm to gamers.

A world-first illustrated children's book aimed at teaching children ages 4 to 7 about cybersecurity and how to protect their information online was released at Abertay cyberQuarter by Education Scotland in collaboration with the Scottish Government. The book titled "The Bongles and The Crafty Crows" guides young children on creating passwords and passcodes using three random words, enabling them to explore, play, and communicate using digital technologies while making their online information more secure.

Jongeun You, an assistant professor of political science at Northern Michigan University, brings further attention to the vulnerability of the US water sector to cyberattacks. According to You, water and wastewater operators typically rely on Industrial Control System (ICS) devices created decades ago, and their Operational Technology (OT)/Information Technology (IT) systems are often found to be outdated. In addition, the US has over 150,000 public water systems, resulting in a structure that is difficult to protect because of its fragmentation.

Alexis Musaelyan-Blackmon won first place in the "Powering Diverse and Inclusive Communities of Belonging" category of the third annual Women Who Empower Innovator Awards presented by Northeastern University. With an interest in harnessing data, Artificial Intelligence (AI), and computational biology, Musaelyan-Blackmon came up with "Dephend," a play on the words "phishing" and "defend," to combat ever-evolving security threats. Dephend is a cloud-based Software-as-a-Service (SaaS) security platform that, once deployed, provides real-time insights into cyber threats.

Cybersecurity experts at RMIT University warn that the popular shopping app TEMU may contribute to unsafe data collection practices. TEMU has been at the center of many cybersecurity and consumer data discussions due to its rising popularity. According to Dr. Arathi Arakala, lecturer in mathematics at RMIT University, TEMU's privacy and cookie policy states that the type of data it gathers includes essential user data for its service, such as address, phone number, and payment information.