Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.  Splunk noted that the most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without "admin" or "power" Splunk roles to execute code remotely.  According to Splunk, only instances running on Windows machines are affected by this vulnerability.  Instances that do not run Splunk Web are not impacted either.

According to a new study by Sophos, a shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors.

Between June 2023 and April 2024, security researchers at Zscaler discovered over 200 malicious apps on Google Play, which is nominally a safer platform for Android downloads than third-party app stores.  These apps collectively garnered more than eight million installs.  The researchers noted that Joker was the most prolific malware, accounting for nearly two-fifths (38%) of malicious apps identified by Zscaler. Joker enables Wireless Application Protocol (WAP) fraud, by covertly subscribing victims to premium-rate services without their consent.

Researchers at Checkmarx have discovered that threat actors could abuse entry points across PyPI, npm, Ruby Gems, and other programming ecosystems to stage software supply chain attacks. The researchers warned that attackers could use these entry points to execute malicious code when specific commands are run, putting the open source landscape at significant risk. Entry point attacks enable threat actors to sneakily and persistently compromise systems without triggering traditional security defenses.

Researchers at the Georgia Institute of Technology (Georgia Tech) have developed a new tool named "Detector of Victim-specific Accessibility" (DVa) to check for malware on Android phones. DVa runs on the cloud, checking the phone for malware, then producing a report for the user that outlines which apps are malware and how to remove them. Smartphones are accessible to people with disabilities because of the implementation of screen readers, voice-to-text, and other features. However, these features also make phones more hackable.

Juniper Networks has recently released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components. Fixes were announced for around a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon.

Gryphon Healthcare and Tri-City Medical Center recently disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen.

OpenAI disrupted over 20 malicious cyber operations involving ChatGPT, its Artificial Intelligence (AI)-driven chatbot. Threat actors have used ChatGPT to develop malware, evade detection, and more. OpenAI's report is the first to officially confirm that generative mainstream AI tools are being used for offensive cyber operations. In April, Proofpoint reported that "TA547," also known as "Scully Spider," launched an AI-written PowerShell loader for the "Rhadamanthys" infostealer.

The finalization of the latest version of the Cybersecurity Maturity Model Certification (CMMC) program empowers US Department of Defense (DOD) officials to better assess cybersecurity measures implemented by defense contractors. Defense contractors must pass the program to bid on DOD contracts. The CMMC will verify that DOD's thousands of contractors comply with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) protections. This article continues to discuss the evolution of the CMMC program.

The cyber insurance provider Coalition reported that its customers made fewer claims in the first half of 2024 than in the same period in 2023, but their average loss increased by 14 percent to $122,000. According to the company, the rise in ransomware severity increased losses, and threat actors targeted larger businesses. This article continues to discuss findings regarding the rise in ransomware demands and claim sizes.