According to Forescout researchers, a popular brand of industrial routers has 21 vulnerabilities. Forescout analysts will reveal the bugs at Black Hat Europe, including one of 9.6 critical severity on the CVSS scale and nine of high severity, impacting a brand of Operational Technology (OT)/Internet of Things (IoT) routers popular in the medical and manufacturing sectors. Such routers bridge the broader Internet with internal networks through 3G and 4G cellular networks. They are most common in critical industries like transportation, government, and water treatment.

In collaboration with Australia's national science agency CSIRO, a team of experts led by Monash University researchers developed an algorithm that can help strengthen online transactions against powerful attacks from quantum computers. Cryptography researchers from Monash University's Faculty of Information Technology and CSIRO's data and digital specialist arm Data61 have developed what is described as the most efficient quantum-secure cryptography algorithm called LaV.

A federal judge in Seattle threw out a class-action lawsuit alleging that some of the top automakers used their vehicles' onboard infotainment systems to record and intercept drivers' text messages and phone call logs. The judge ruled that the practice did not violate the Washington Privacy Act, noting that the plaintiffs had failed to prove the activity threatened "their business, person, or reputation." Among the automakers being sued were Honda, Toyota, Volkswagen, and General Motors.

Adobe recently rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products.  Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software.  Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues.

According to security researchers at Sophos, cybercriminals have been observed disabling or wiping out logs in 82% of incidents.  The researchers stated that time is critical when responding to an active threat.  The time between spotting the initial access event and full threat mitigation should be as short as possible.  The researchers noted that the farther along in the attack chain an attacker makes it, the bigger the headache for responders.  The researchers added that missing telemetry only adds time to remediations that most organizations can’t afford.

AMD developed Secure Encrypted Virtualization (SEV) to make its cloud services more secure, but even the latest versions of the security feature, SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging), were vulnerable to a software-based attack. This discovery was made by CISPA researcher Ruiyi Zhang, who devised a type of attack called CacheWarp, which, in the worst-case scenario, allows attackers to gain in-depth access to data and even manipulate it. This was not possible with previous attack techniques. According to AMD, the vulnerability has been addressed with an update.