According to Mimecast, many human risk factors, which make up most of today's biggest cybersecurity gap, remain unaddressed and beyond the control of security professionals. Human factors have caused 74 percent of all cyber breaches, which include errors, stolen credentials, misuse of access privileges, and social engineering. The concern is even more significant in certain sectors, such as the public sector, where 87 percent of respondents are worried that employee email and social media lapses will harm their organization.

Japanese technology giant Fujitsu recently announced that it fell victim to a cyberattack that likely resulted in the theft of personal and customer information.  According to the company, it discovered that multiple work computers within its environment were infected with malware and disconnected them from the network.  Fujitsu did not share details on the type of malware attack it fell victim to, what personal information was stolen, how many people might have been affected, and whether the breach is limited to its Japanese offices.

According to Rob Joyce, the National Security Agency's (NSA) outgoing cybersecurity director, the US is still identifying victims of the China-backed hacking group "Volt Typhoon." The group was the subject of a recent takedown by the Federal Bureau of Investigation (FBI) and other official advisories over the past year. The Volt Typhoon hacking group had been latching onto critical infrastructure using compromised equipment, including Internet routers and cameras. This article discusses the continued effort to identify victims targeted by the extensive China-backed hacking campaign.

The United Arab Emirates' (UAE) rapid adoption of Information Technology (IT) and Operational Technology (OT) has significantly increased its attack surface, with nearly 155,000 remotely accessible assets left vulnerable because of misconfigurations and insecure applications. According to the "State of the UAE Cybersecurity Report 2024, remote access points, network administration interfaces, insecure network devices, and other assets were found to be vulnerable.

The US Department of Defense (DoD) recently announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program (VDP) launched in November 2016.  The program was initiated following a successful "Hack the Pentagon" bug bounty program running on HackerOne, which was followed by similar programs covering Air Force, Marine Corps, Army, and Defense Travel System assets.

In mid-January 2024, researchers at the Zero Day Initiative (ZDI) discovered a DarkGate campaign that exploited the Windows zero-day flaw, tracked as CVE-2024-21412, using fake software installers. An unauthenticated attacker can exploit the flaw by sending the victim a specially crafted file that bypasses the displayed security checks. The attacker must trick the victims into clicking the file link.

A leaked database containing over 70 million records, allegedly stolen from AT&T, is now on the illicit marketplace BreachForums nearly for free. Some researchers have confirmed the legitimacy of the data, but it is unclear how the hackers got it. The seller claims that ShinyHunters, a criminal group, obtained the data in 2021. The data has previously been made public. In 2022, Cybernews reported that ShinyHunters demanded at least $200,000 for 70 million records allegedly belonging to AT&T.

The International Monetary Fund (IMF) recently announced that it is investigating a cybersecurity breach that led to the compromise of several internal email accounts.  The Washington-headquartered UN financial agency revealed in a brief statement on Friday that the incident was first detected on February 16.  The investigation determined that 11 IMF email accounts were compromised.  The IMF noted that the impacted email accounts were re-secured and that they have no indication of further compromise beyond these email accounts at this point in time.

Researchers Alireza Taheritajar and Reza Rahaeimehr at Augusta University have published a technical paper detailing their acoustic side-channel attack method. They demonstrated a new acoustic side-channel attack on keyboards that can deduce user input from typing patterns, even in noisy environments. Although the method has an average success rate of 43 percent, which is significantly lower than previously presented techniques, it does not require controlled recording conditions or a specific typing platform.

Researchers at Ben-Gurion University's Offensive AI Research Lab have presented an attack that can decipher AI assistant responses. The technique involves a side-channel found in all major Artificial Intelligence (AI) assistants except Google Gemini. It refines the fairly raw results through Large Language Models (LLMs) trained specifically for the task.