Quantum computers are expected to break RSA and ECC encryption within the next 7 to 10 years. RSA and ECC are public key encryption algorithms that serve as the foundation for nearly all cybersecurity systems, applications, and protocols. They secure credit card transactions, online banking, medical devices, connected cars, and other systems. Therefore, companies must prepare to ensure they are protected once an adequately advanced quantum computer has been developed.

VMware has disclosed an authentication bypass vulnerability in its Cloud Director Appliance, tracked as CVE-2023-34060 with a CVSS score of 9.8, that can be exploited by an attacker with network access to the appliance to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (Appliance Management Console). This bypass is not present on port 443 (VCD provider and tenant login). It is also not present on a new installation of Cloud Director Appliance 10.5.

Postmeds, a company doing business as Truepill, is sending data breach notifications, informing recipients that threat actors have compromised their sensitive personal information. Truepill is a Business-to-Business (B2B) pharmacy platform that uses Application Programming Interfaces (APIs) to fulfill orders and service delivery for Direct-to-Consumer (D2C) brands, digital health companies, and other healthcare organizations across the US.

It has recently been discovered that the WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.  WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search.  According to WordPress.org stats, it is used by more than a million sites.

Intel has addressed a high severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583 with a CVSS score of 8.8, can enable privilege escalation, information disclosure, and/or Denial-of-Service (DoS) via local access. According to Google Cloud, the successful exploitation of the vulnerability could also allow a bypass of the CPU's security boundaries. It is caused by how redundant prefixes are interpreted by the processor.

The US government recently announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service.  According to the Department of Justice (DoJ), the FBI dismantled the infrastructure associated with the IPStorm malware and the proxy network powered by the IPStorm botnet.  The malware was delivered to thousands of Windows, Linux, Mac, and Android devices worldwide, enabling cybercriminals to use the compromised devices for a proxy service.

According to Forescout researchers, a popular brand of industrial routers has 21 vulnerabilities. Forescout analysts will reveal the bugs at Black Hat Europe, including one of 9.6 critical severity on the CVSS scale and nine of high severity, impacting a brand of Operational Technology (OT)/Internet of Things (IoT) routers popular in the medical and manufacturing sectors. Such routers bridge the broader Internet with internal networks through 3G and 4G cellular networks. They are most common in critical industries like transportation, government, and water treatment.

In collaboration with Australia's national science agency CSIRO, a team of experts led by Monash University researchers developed an algorithm that can help strengthen online transactions against powerful attacks from quantum computers. Cryptography researchers from Monash University's Faculty of Information Technology and CSIRO's data and digital specialist arm Data61 have developed what is described as the most efficient quantum-secure cryptography algorithm called LaV.

A federal judge in Seattle threw out a class-action lawsuit alleging that some of the top automakers used their vehicles' onboard infotainment systems to record and intercept drivers' text messages and phone call logs. The judge ruled that the practice did not violate the Washington Privacy Act, noting that the plaintiffs had failed to prove the activity threatened "their business, person, or reputation." Among the automakers being sued were Honda, Toyota, Volkswagen, and General Motors.

Adobe recently rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products.  Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software.  Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues.