The US Cybersecurity and Infrastructure Security Agency (CISA) has published new micro-challenges that are now part of the Cyber Careers Pathway Tool. This interactive tool allows users to explore the 52 work roles in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. CISA's micro-challenges provide an opportunity for K-12 students and individuals looking to reskill or transition from a non-cyber career to gain further insight into the knowledge, skills, and tasks performed in the top cybersecurity workforce roles.

The National Student Clearinghouse, an educational nonprofit that provides reporting, verification, and research services to colleges and universities in North America, has recently revealed that nearly 900 schools are impacted by the MOVEit hack.  The National Student Clearinghouse in late August informed Maine’s attorney general that more than 51,000 individuals were affected by the incident.

The City of Dallas has recently announced that an $8.5 million budget has been approved to support the restoration of its systems following a ransomware attack that happened in May 2023.  The attack was identified on May 3, when the cybercrime gang named Royal started deploying file-encrypting ransomware on multiple systems.  The investigation launched into the matter has revealed that the attackers had access to the city’s network for roughly a month before that.

A team of researchers from the University of Colorado (CU) Boulder is leading a project for 5G wireless security. The National Science Foundation's (NSF) Convergence Accelerator program awarded CU Boulder $5 million for the "GHOST: 5G Hidden Operations through Securing Traffic" project. The work aims to ensure American soldiers, businesses, and non-governmental organizations (NGOs) can use 5G cellular networks in foreign countries without untrusted or potentially malicious network operators being able to extract user information.

According to a new report from New York University (NYU), the immersive Internet experience known as the metaverse will erode users' privacy unless significant measures are taken to improve and regulate how the technology collects and stores personal data. The metaverse relies on Extended Reality (XR) technologies, encompassing Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR).

The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Known Exploited Vulnerabilities (KEV) catalog in November 2021 to provide an authoritative source of vulnerabilities that have been exploited "in the wild." Recently, the catalog has expanded to include over 1,000 vulnerabilities. As part of a vulnerability management program that facilitates prioritization based on organizational attributes, such as how a vulnerable product is being used and the exploitability of the relevant system, every organization should prioritize the mitigation of KEVs.

The APT36 hacking group, also known as Transparent Tribe, has been using at least three YouTube-mimicking Android apps to infect devices with their signature Remote Access Trojan (RAT) called CapraRAT. Once the malware has been installed on a victim's device, it can extract data, record audio and video, and access sensitive communication information, functioning as a spyware tool. APT36 is a Pakistan-aligned threat actor notorious for using malicious Android apps to target Indian defense and government entities, those dealing with Kashmir region affairs, and human rights activists.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Centers of Academic Excellence in Cybersecurity (NCAE-C) have sponsored the Hack the Building 2.0: Hospital Edition competition at the Maryland Innovation and Security Institute (MISI) in Columbia, Maryland. The National Security Agency (NSA) manages the NCAE-C program in collaboration with CISA and the Federal Bureau of Investigation (FBI).

Earth Lusca, a threat actor with ties to China, has been observed targeting government organizations with a new Linux backdoor called SprySOCKS. Trend Micro first documented Earth Lusca in January 2022, detailing the adversary's attacks against public and private sector entities in Asia, Australia, Europe, and North America. Since 2021, the group has used spear-phishing and watering hole attacks to execute its cyber espionage schemes. Some of the group's activities overlap with another threat cluster tracked by Recorded Future as RedHotel.

According to the Information Services Group (ISG), companies are actively pursuing practical applications of generative Artificial Intelligence (AI) technology while staying mindful of its risks. Eighty-five percent of companies surveyed by ISG believe investments in generative AI within the next two years are either important or critical. Rather than adopting a "blank slate" strategy, companies are requesting that their service providers apply generative AI to existing services, such as call center operations.