CyLab's picoCTF seeks to close the cybersecurity workforce gap by introducing cybersecurity to the next generation through its annual online hacking competition. The competition, aimed at college, high school, and middle school students, provides a gamified environment for practicing and demonstrating cyber skills. Megan Kearns, picoCTF program director, emphasizes that the picoCTF hacking competition provides an environment for students to apply theoretical knowledge and demonstrate their developing skills.

Researchers have discovered a new Linux variant of a Remote Access Trojan (RAT) called BIFROSE, also known as Bifrost. It uses a deceptive domain that spoofs VMware. According to researchers at Palo Alto Networks' Unit 42, the new version of Bifrost bypasses security measures and compromises targeted systems. BIFROSE has previously been offered for sale in underground forums for up to $10,000. The malware was used by BlackTech, a state-backed hacking group from China that has targeted organizations in Japan, Taiwan, and the US.

New research on consumer understanding of privacy terms, released by the Consumer Policy Research Centre and UNSW Sydney, reveals that Australian consumers do not understand how companies, including data brokers, track, target, and profile them. The report also found that 70 percent of Australians believe they have little or no control over how their data is shared between companies. This article continues to discuss insights regarding consumers' understanding of data broking, data privacy, and what it means for them.

According to online reports from Anycubic customers, someone hacked their 3D printers to warn them that they are vulnerable to attacks. The perpetrator added a hacked_machine_readme.gcode file to their devices, which typically contains 3D printing instructions, informing users that their printer is affected by a critical security flaw. This vulnerability allegedly allows potential attackers to control any Anycubic 3D printer it affects using the company's MQTT service Application Programming Interface (API). This article continues to discuss the hacking of Anycubic 3D printers.

Recorded Future's Insikt Group discovered new infrastructure likely used by the operators of the commercial spyware called Predator in at least 11 countries. Analysts identified potential Predator customers in Angola, Armenia, Botswana, Egypt, and more, by examining the domains most likely used to deliver the spyware. Predator, developed by the Israeli-owned spyware consortium Intellexa, has been active since at least 2019, infecting Android and iPhone devices. The sophisticated spyware can access a device's microphone, camera, and all stored or transmitted data.

YX International has secured a database that exposed one-time security codes that could have given access to Facebook, Google, and TikTok accounts. The Asian technology and Internet company manufactures cellular networking equipment and offers SMS text message routing services. SMS routing facilitates the delivery of time-critical text messages to their intended recipients across different regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services.

The Düsseldorf Police in Germany recently seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators.  The police noted that Crimemarket was a hub for trading illegal drugs, narcotics, and cybercrime services, while it also hosted tutorials/guides for conducting various crimes.  The police said that during the operation, 102 search warrants were executed throughout the country simultaneously during the evening of February 29th, 2024.

The U.S. Department of Justice (DoJ) recently unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities.  The DoJ noted that the campaign was active from at least 2016 until April 2021 and targeted over a dozen American organizations, including the Departments of the Treasury and State, various defense contractors, and New York-based accounting and hospitality companies.

The MITRE-led Common Weakness Enumeration (CWE) program has added four new microprocessor-related vulnerabilities to its list of common software and hardware flaws. Of the updates included in CWE Version 4.14, the latest version of the popular resource for describing and documenting various types of weaknesses, the new CWEs are the most signficiant.

According to Zscaler researchers, an Advanced Persistent Threat (APT) group dubbed SPIKEDWINE has been targeting European officials with a backdoor called WINELOADER. The group used a PDF document masquerading as an invitation letter from India's Ambassador. The campaign is distinguished by its low volume and the threat actors' advanced tactics, techniques, and procedures (TTPs). Zscaler's evidence suggests that this campaign has been active since at least July 6, 2023. The threat actor used compromised websites to host intermediate payloads or as Command-and-Control (C2) servers.