Debashis Chanda, a University of Central Florida (UCF) researcher, has developed a new method for detecting photons, which are elementary particles spanning from visible light to radio frequencies and are used in cellular communication. The development could lead to increasingly precise and efficient technologies in different fields, possibly strengthening security measures. Traditionally, photon detection has relied on changes/modulation of voltage or current amplitude.

The ransomware group named Rhysida has targeted Insomniac Games, the American game developer behind Spider-Man, Spyro the Dragon, and other popular video games. Rhysida says it stole "exclusive, unique, and impressive data" from Insomniac Games, but no details about the amount or contents have been provided. However, the gang's low-quality screenshots include some sensitive internal emails, copies of passports, images of game assets, and more. The gang is selling the allegedly stolen data for $2 million in digital currency.

Contractors present a significant Identity and Access Management (IAM) vulnerability. Although these third parties are necessary for business operations, they still pose a threat. As suggested by discussions with security leaders, contractors are often left unaccounted for in security strategies. Outsourcing to contractors has become a critical component of business growth, from offshore customer support to software development.

The National Science Foundation (NSF) has awarded the University of Texas at San Antonio (UTSA) a two-year grant to establish the National DigiFoundry (NDF). This consortium could redefine the management of digital assets such as cryptocurrencies. Current digital asset management systems present a number of cybersecurity challenges. They are vulnerable to decentralized notification attacks, multi-call transaction audits, and more. The NDF is building a robust framework capable of adapting to the fast-paced digital asset market.

Security researchers at Wordfence are warning users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked.  The researchers revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553).  The impacted plugin, Backup Migration, is said to have an estimated 90,000 installs.  The researchers noted that unauthenticated threat actors could exploit the bug to inject arbitrary PHP code, resulting in a full site compromise.

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Managing Risk from Software Defined Networking Controllers." The CSI makes recommendations to help National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators mitigate the risks related to software driven network management solutions such as Software Defined Networking Controllers (SDNCs). SDNCs enable organizations to configure networking and security policies, as well as control application access, from a centralized location.

Kyivstar, Ukraine's largest telecommunications operator, was recently targeted by a major cyberattack, leaving millions of people without cell service or Internet access. Following customer complaints about network and Internet outages, Kyivstar later reported on Facebook that it was the victim of a "powerful" cyberattack that resulted in a "large-scale technical failure." The attack on Kyivstar also impacted the operations of PrivatBank, Ukraine's largest state-owned bank.

Researchers in China have proposed and demonstrated a new protocol for cloud-computing-based information storage that combines quantum-level security with improved data-storage efficiency. According to the researchers, their work, which combines existing techniques known as Quantum Key Distribution (QKD) and Shamir's Secret Sharing (SSS), could protect sensitive data in the cloud, such as patients' genetic information. However, some independent experts are skeptical that it represents a real advancement in information security.

Google recently announced patches for several high and moderate-severity Chromecast vulnerabilities that were exploited earlier this year at a hacking competition. Google stated that the latest update for its streaming device addresses a total of three vulnerabilities affecting AMLogic chips, specifically the U-Boot subcomponent, and one issue in KeyChain, specifically in the System component. The vulnerabilities were presented in July at the HardPwn USA 2023 hardware hacking competition that took place alongside the Hardwear.io conference in California.

Apple recently rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks.  According to Apple, the newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes.  In an advisory from Cupertino’s security response team, it was noted that the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution when certain images are processed.