A newly disclosed vulnerability called "regreSSHion" could allow unauthenticated Remote Code Execution (RCE) on millions of OpenSSH servers. Qualys' threat research unit found the critical flaw, which is as severe as the 2021 "Log4Shell" vulnerability. According to the company, the OpenSSH server process 'sshd' is impacted by a signal handler race condition enabling unauthenticated RCE with root privileges on glibc-based Linux systems. The vulnerability can lead to the takeover of a system, potentially resulting in malware installation and backdoor creation.

Angelos Stavrou, professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech and founder of the mobile security startup A2 Labs, is training Artificial Intelligence (AI) to defend computer networks in a $16 million collaborative cybersecurity project. Stavrou wants to take AI training to the next level with a multi-agent training exerciser (MATrEx), a groundbreaking method for training AI in a three-tiered gaming system that includes simulations, emulations, and a real network. This article continues to discuss the idea behind MATrEx.

Seven Cornell projects have been awarded funding by the Google Cyber NYC Institutional Research Program to improve online privacy, safety, and security. As part of this broader program, Cornell Tech has also launched the Security, Trust, and Safety (SETS) Initiative aimed at advancing education and research on cybersecurity, privacy, and trust and safety.

A University at Buffalo-led research team used Large Language Models (LLMs), including OpenAI's ChatGPT and Google's Gemini, to spot deepfakes of human faces. They found that LLMs lagged in performance compared to state-of-the-art deepfake detection algorithms, but their Natural Language Processing (NLP) may make them a more practical deepfake detection tool in the future. According to the study's lead author, Siwei Lyu, LLMs can plainly explain their findings to humans, such as identifying an incorrect shadow or mismatched earrings.

Sanchari Das, assistant professor of computer science at the University of Denver's Ritchie School of Engineering and Computer Science, found several security and privacy issues in popular Virtual Assistant (VA) apps that could expose users' private data to malicious actors. The growing use and sophistication of VA apps prompted Das to explore how much user data they have access to and how many permissions they require.

Microsoft warns that a new direct prompt injection attack called "Skeleton Key" could bypass ethical and safety guardrails in generative Artificial Intelligence (GenAI) models such as ChatGPT. It allows users to access offensive, harmful, or illegal content by giving context to normally forbidden chatbot requests. For example, most commercial chatbots would initially decline if a user asked for instructions on developing dangerous wiper malware that could disrupt power plants. However, revising the prompt in a certain context would likely enable the AI to provide the malicious content.

The US Department of Justice (DOJ) announced announced charges against a Russian national for his alleged participation in the launch of disruptive cyberattacks against Ukraine before Russia's February 2022 invasion. The individual named Amin Timovich Stigal is believed to be a member of "Cadet Blizzard," a state-sponsored threat actor also known as "DEV-0586" and "Ruinous Ursa." Court documents allege that the 22-year-old conspired to distribute the "WhisperGate" Master Boot Record (MBR) wiper to the systems of Ukrainian government entities.

Research by Tanya Koohpayeh Araghi from the Interdisciplinary Internet Institute (IN3) of the Universitat Oberta de Catalunya (UOC) has developed a new tool to protect digital data securely and cost-effectively. When doctors use the Internet to transfer images or make diagnoses, the data is vulnerable to attacks. Therefore, images must be protected to ensure accuracy and confidentiality. The study focuses on medical images, providing advances in protection through a technique involving digital watermarking.

The North Korean state-backed hacker group "Kimsuky" has been linked to the use of a new malicious Google Chrome extension that steals sensitive information. Zscaler ThreatLabz has dubbed the extension "TRANSLATEXT," which could gather email addresses, usernames, passwords, cookies, and browser screenshots. This article continues to discuss the Kimsuky threat and findings regarding its use of a new malicious Google Chrome extension.

Fortra recently announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts.  The company said the vulnerability is tracked as CVE-2024-5276 (CVSS score of 9.8), affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier.  The company noted that the issue could also be exploited to modify application data.  The company noted that using this vulnerability, data exfiltration via SQL injection is impossible.