Cybersecurity solutions provider Fortra recently announced patches for two vulnerabilities in FileCatalyst Workflow, including a critical severity flaw involving leaked credentials.  The critical issue is tracked as CVE-2024-6633 (CVSS score of 9.8) and exists because the default credentials for the setup HSQL database (HSQLDB) have been published in a vendor knowledgebase article.

There are currently efforts in California to establish first-in-the-nation safety measures for the largest artificial intelligence systems.  The proposal, aiming to reduce potential risks created by AI, would require companies to test their models and publicly disclose their safety protocols to prevent them from being manipulated.  The bill is among hundreds lawmakers are voting on during its final week of session.  Gov. Gavin Newsom then has until the end of September to decide whether to sign them into law, veto them, or allow them to become law without his signature.

Security researchers at Akamai recently warned that an unpatched vulnerability found in CCTV cameras commonly used in critical infrastructure is being actively exploited to spread a Mirai variant malware.  The command injection vulnerability, CVE-2024-7029, is found in the brightness function of AVTECH CCTV cameras that allows for remote code execution (RCE).  The vulnerability was highlighted in a Cybersecurity and Infrastructure Security Agency (CISA) industrial control system (ICS) advisory in August 2024.

According to security researchers at Forescout, published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access.  The researchers noted that 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111 new CVEs per day.  The majority of published vulnerabilities in H1 2024 had either a medium (39%) or low (25%) severity score (CVSS), while just 9% had a critical score.

BlackByte is a ransomware-as-a-service brand believed to be an off-shoot of Conti.  It was first seen in 2021.  Security researchers at Talos have observed the BlackByte ransomware brand employing new techniques in addition to their standard TTPs.  The researchers found that BlackByte has been considerably more active than previously assumed.  The researchers stated that the group has been significantly more active than would appear from the number of victims published on its data leak site but cannot explain why only 20% to 30% of BlackByte’s victims are posted.

Google recently announced significantly boosted rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program (VRP).  With the updated rewards, Google says security researchers may earn as much as $250,000 for a single issue or even more if specific conditions are met.  As before, the highest payouts will go to researchers who demonstrate memory corruption bugs in non-sandboxed processes.

The Play ransomware group has recently published gigabytes of data allegedly stolen from US-based semiconductor supplier Microchip Technology.  The company revealed that operations at some of its manufacturing facilities were disrupted due to the attack. Microchip provides microcontroller, mixed-signal, analog, and Flash-IP solutions to 123,000 customers across the industrial, automotive, consumer, aerospace and defense, communications, and computing sectors.

Today, the National Security Agency (NSA) released a copy of an internal lecture delivered by Rear Admiral Grace Hopper from August 19, 1982. Known as one of the most influential figures in the development of early computing technologies, Hopper’s contributions have left an indelible mark on the field of computer science, particularly in the realm of programming languages. The lecture, which Hopper delivered during her tenure at the NSA, provides a rare glimpse into the thoughts and expertise of a woman who played a pivotal role in shaping modern computing.

According to security researchers at Chainalysis, online fraudsters are rapidly adapting their activities to run more impactful scams of shorter duration.  The researchers noted that online scams are one of the largest areas of illegal activity that they monitor, with billions of dollars worth of crypto flowing to illicit accounts in the year to date (YTD).

According to security researchers at Comparitech, ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records.  The researchers noted that in 2023, the number of attacks reached a record high of 121, marking a significant increase from the 71 attacks reported in 2022. The average downtime per attack has also grown, rising from just under nine days in 2021 to 12.6 days in 2023.