A new analysis by the US Cybersecurity and Infrastructure Security Agency (CISA) and government agency partners from Australia and Canada found that 52 percent of critical open source projects use memory-unsafe code. The "Exploring Memory Safety in Critical Open Source Projects" joint report delves into memory safety risk in open source software. It looked at 172 projects from the Open Source Security Foundation (OpenSSF) Securing Critical Projects Working Group's List of Critical Projects.

Apple has released a firmware update for AirPods to fix a flaw that could let a malicious actor access the headphones. The authentication flaw affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. According to an Apple advisory, when a user's headphones seek a connection request to one of their previously paired devices, an attacker in Bluetooth range could spoof the intended source device and gain access to their headphones. Therefore, a nearby attacker could eavesdrop on private conversations.

A China-linked Advanced Persistent Threat (APT) group, SentinelOne tracks as "ChamelGang," has been using ransomware to hide its cyber espionage operations. The threat actor recently targeted critical infrastructure organizations in East Asia and India. The group previously targeted government and private sector organizations in the US, Russia, Taiwan, and Japan. ChamelGang uses "CatB," a ransomware tool, to disguise its cyber espionage activities. This article continues to discuss findings regarding the ChamelGang APT group.

Police forces from 61 countries have joined together to dismantle online scam networks through Operation First Light 2024. The operation, which was coordinated by Interpol, resulted in the arrest of 3950 suspects and the identification of 14,643 more.   Interpol noted that authorities managed to freeze 6745 bank accounts and seized assets worth $257m, significantly disrupting transnational organized crime networks involved in phishing, investment fraud, fake online shopping sites, and romance and impersonation scams.

Japan Aerospace Exploration Agency (JAXA), Japan’s space agency, recently announced that it has suffered a series of cyberattacks since last year, but sensitive information related to rockets and satellites was not affected. Officials said JAXA is currently working with the government’s cybersecurity team to introduce countermeasures, and an investigation into the incidents is still ongoing. JAXA has had a series of successes in its space program this year.

Security researchers at Claroty have recently disclosed the details of several vulnerabilities discovered in a gas chromatograph made by Emerson and warned that attacks could have a serious impact. A gas chromatograph is a chemical analysis instrument that measures the content of various components in a sample.  Such devices are used by hospitals in blood testing and by environmental facilities to measure air pollution.  The researchers found that Rosemount GC370XA, GC700XA, and GC1500XA products are affected by four vulnerabilities.

Evolve Bank and Trust recently announced that it was the victim of a cybersecurity incident that involved customers' data being illegally released on the dark web. On Tuesday, ransomware group Lockbit 3.0 posted data hacked from Evolve.  The hackers had given the bank until Tuesday afternoon to meet its ransom demands in exchange for not posting sensitive data from an alleged hack of the central bank.  Some of the data affected include account numbers and deposit balances.  The investigation into the incident is still ongoing. 

By krahal

The relatively new kid on the block is generating tectonic explosions worldwide, from international political issues to how you write a note to a friend or prepare your lawsuit briefs.

By grigby1 

By grigby1