By krahal

By grigby1 

The US Department of Homeland Security (DHS) has developed a four-legged robot called "NEO" to jam the wireless transmissions of smart home devices. NEO has an onboard computer and antenna array that enable law enforcement officers to launch a Denial-of-Service (DoS) attack, disabling potentially harmful Internet of Things (IoT) devices. Although NEO might not be able to impact hard-wired smart devices, it can still disable the radio frequencies most wireless IoT devices use to reduce risks for officers. This article continues to discuss the NEO robot that can create DoS events.

According to a recent memo from the Office of Science and Technology Policy (OSTP), certain covered institutions will be required to implement cybersecurity programs for Research and Development (R&D) security. These mandates will also apply to higher education institutions that support R&D. In addition to enhancing the overall security of the US, this action is a direct response to increasing threats presented by the People's Republic of China (PRC), according to Arati Prabhakar, Assistant to the President for Science and Technology and author of the memo.

Michigan Medicine, the academic medical center of the University of Michigan, recently started notifying roughly 57,000 individuals that their personal and health information might have been compromised in a data breach.  The incident resulted from threat actors gaining access to employee email accounts on May 23 and May 29.  The compromised accounts were disabled as soon as the data breach was discovered.

Google recently announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers.  Memory safety bugs were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones.

"FLUXROOT," a Latin America (LATAM)-based financially motivated actor, has used Google Cloud serverless projects to conduct credential phishing, bringing further attention to the abuse of cloud computing. In another attack on Brazilian users, an adversary named "PINEAPPLE" has used Google's cloud infrastructure to spread "Astaroth" stealer malware, also known as "Guildma." This article continues to discuss the abuse of Google Cloud by FLUXROOT and PINEAPPLE hacker groups.

ESET researchers have found a sophisticated Chinese browser injector. This signed ad-injecting driver comes from a "mysterious" Chinese company. According to ESET, "HotPage" comes self-contained in an executable file, which installs its main driver and injects libraries into Chromium-based browsers. It poses as a security product capable of blocking ads but actually introduces new ads. In addition, the malware replaces the content of the current page, redirects the user, and more. This article continues to discuss findings regarding the ad-injecting malware.

CrowdStrike warns of a fake recovery manual that installs a new information-stealing malware called "Daolpu." Threat actors have been taking advantage of the chaos surrounding the buggy CrowdStrike Falcon update that caused global Information Technology (IT) outages. A new campaign involves phishing emails appearing to carry instructions for using a new recovery tool that fixes Windows devices affected by the recent CrowdStrike Falcon crashes. This article continues to discuss findings regarding the fake CrowdStrike recovery manual that installs Daolpu.

Karel Dhondt and Victor Le Pochat, researchers at KU Leuven, found that many dating apps may leak users' sensitive data and exact locations. They analyzed 15 location-based dating apps to determine what user data a malicious actor could steal. All 15 apps leaked sensitive user data that attackers could abuse. This article continues to discuss findings regarding the privacy and security of the analyzed dating apps.