Adobe recently released fixes for 72 security vulnerabilities across multiple products and warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. The company noted that the patches address critical security defects in Adobe Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension and is warning that the most severe of these vulnerabilities could allow attackers to take complete control of a target machine.

The Federal Bureau of Investigation (FBI) has partnered with law enforcement in the UK and Germany to dismantle Information Technology (IT) infrastructure linked to the ransomware group called "Dispossessor" or "Radar." According to the FBI, the group targets small and medium-sized businesses (SMBs) in the production, development, education, healthcare, financial services, and transportation sectors. This article continues to discuss the dismantling of the Radar/Dispossessor ransomware. 

AMD has issued firmware updates to address a nearly two-decade-old silicon-level vulnerability called "SinkClose" in its EPYC data center processors and Ryzen line of processors for PCs and embedded systems. The flaw impacts a processor component that protects System Management Mode (SMM), an execution mode more privileged than kernel-level mode. According to the IOActive researchers who discovered the privilege escalation vulnerability, it is an "unpatchable" issue. If exploited, it enables an attacker to install malware on a system that would be nearly impossible to remove.

Kootenai Health has recently disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation.  The organization is notifying patients who received care at its facilities that it detected a cyberattack in early March 2024, which disrupted certain IT systems.  The company stated that the ongoing investigation shows that the cybercriminals gained unauthorized access to Kootenai's systems on February 22, 2024, allowing the threat actors ten days to roam the network and steal sensitive data.

A 38-year-old Belarusian accused of being one of the world's most prolific Russian-speaking cybercriminals has been arrested and extradited by the UK's National Crime Agency (NCA) as part of an international law enforcement operation.  Silnikau, who also goes by Maksym Silnikov, was arrested by Spain's Guardia Civil in an apartment in Estepona, southern Spain, in July 2023.  On August 9, 2024, he was extradited from Poland to the US to face charges relating to cybercrime offenses.  The NCA noted that Silnikau is believed to have used the "J.P.

The National Institute of Standards and Technology (NIST) has formally published three post-quantum cryptography standards from its competition to develop cryptography that can withstand quantum computing decryption of current asymmetric encryption. The three standards are ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+). FN-DSA (Falcon) is a fourth that has been chosen for standardization in the future.

Evolution Mining recently announced that it had been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems.  Evolution Mining is one of Australia's largest gold producers, and it also has a presence in Canada.   The company stated that despite the disruption the ransomware attack caused to its IT systems, it does not anticipate it will have any material impact on operations.  This means that mining operations should continue uninterrupted.

The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency (DARPA), has officially awarded seven semifinalists $2m each at DEFCON 32 where the agency hosted an immersive experience to underscore the real-world stakes of the competition.  AIxCC aims to find a cyber reasoning system to successfully find and fix vulnerabilities in open-source software.  The seven teams announced as semifinalists who will advance to the final competition include 42-b3yond-6ug, all_you_need_is_a_fuzzing_brain, Lacrosse, Shellphish, Team Atlanta, Theori, and Trail of Bits.

US senators Mark R. Warner and James Lankford over the weekend announced the introduction of a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors.  The bill is referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST).

The East Valley Institute of Technology (EVIT) recently started informing over 200,000 individuals that their personal and health information was compromised in a recent data breach.  The incident occurred on January 9, when a threat actor gained unauthorized access to EVIT’s network, accessing sensitive information pertaining to current and former students, staff, faculty, and parents.