A team of mathematics researchers from RMIT University's Centre for Cyber Security Research and Innovation (CCSRI) collaborated with a tech startup called Tide Foundation to develop a breakthrough cybersecurity technology. The new technology, called "ineffable cryptography," enables data and devices to be locked with keys that no one will ever hold. It involves secretly generating and operating keys across a decentralized network of servers run by independent organizations. Only a part of a key is held by each server in the network.

Researchers at the University of Chicago explored a security flaw in Meta's Quest Virtual Reality (VR) system that could enable hackers to hijack users' headsets, steal sensitive information, and manipulate social interactions. In the "inception attack," hackers develop an app that injects malicious code into the Meta Quest VR system. They then launch a clone of the VR system's home screen and apps, appearing identical to the user's original screen. When inside, attackers can monitor, record, and modify everything the user does with the headset.

VUSec, the Systems and Network Security Group at Vrije Universiteit Amsterdam, and IBM Research Europe have announced Speculative Race Conditions (SRCs) as a new class of vulnerabilities in which thread synchronization primitives using conditional branches can be microarchitecturally evaded on speculative paths via a Spectre-V1 attack. According to researchers, the new SRC attack, dubbed "GhostRace," affects all major CPU vendors. This article continues to discuss the new type of data leakage attack affecting all major CPUs.

Callie Guenther of Critical Start highlights that recent attacks on large financial institutions such as Bank of America call for companies to develop a security culture. The recent surge in cyberattacks against financial institutions represents a significant escalation in the threat landscape, increasing concerns regarding cybersecurity measures and regulatory responses. The February attack on Bank of America, facilitated by a third-party service, highlights the complexity of vulnerabilities that financial institutions face in an interconnected digital ecosystem.

According to the Federal Trade Commission (FTC), experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023.  The FTC noted that the investment scams accounted for over $4.6b in fraud losses in the United States alone in 2023, marking a troubling 21% increase from the previous year.

As part of its Artificial Intelligence (AI) Cyber Challenge, the Defense Advanced Research Projects Agency (DARPA) has awarded seven companies $1 million each to develop a cyber reasoning system. To "redefine" AI security, the US research agency is supporting seven small businesses in automatically detecting and fixing software vulnerabilities at scale.

Mikhail Vasiliev, a Russian-Canadian national and LockBit ransomware affiliate, has been sentenced to years in prison after pleading guilty to cyber extortion. Vasiliev was first arrested in late 2022, with authorities suspecting him of being involved in the launch of attacks on critical infrastructure organizations and large industrial groups. Europol reported at the time of Vasiliev's arrest that he was involved in cyberattacks with enormous ransom demands.

Stanford University recently notified 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS). The university says that the incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The university noted that the hackers were evicted from the environment, and the network was secured shortly after the attack was discovered.

Salt Labs researchers discovered three security vulnerabilities in ChatGPT extension functions that could enable unauthorized, zero-click access to users' accounts and services. ChatGPT plug-ins and custom versions of the Artificial Intelligence (AI) system published by developers expand the AI model's capabilities. They enable interactions with external services by granting OpenAI's popular generative AI chatbot access and permission to perform tasks on different third-party websites, including GitHub and Google Drive.

According to cybersecurity researchers at GitGuardian, GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in more than 3 million public repositories in 2023, with most still valid after five days. GitGuardian sent out 1.8 million complimentary email alerts to those who exposed secrets, with only 1.8 percent of those contacted taking prompt action to address the issue.