Security researchers at Barracuda have discovered a new generation of QR code phishing (quishing) attacks.  The researchers found that there are new techniques that have been designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image.  The researchers noted that this tactic is designed to evade optical character recognition (OCR)-based defenses.  In an email, it will look like a traditional QR code.  To a typical OCR detection system, it appears meaningless.

The Australian government recently introduced the country's first standalone cybersecurity law to Parliament.  The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment.  The Cyber Security Bill 2024 covers many areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical infrastructure organizations.

Microsoft has recently patched two zero-day bugs under active exploitation and three that were publicly disclosed in this month’s Patch Tuesday update round.  The first exploited zero-day bug is CVE-2024-43572, a remote code execution (RCE) vulnerability in the Microsoft Management Console with a CVSS score of 7.8.  Threat actors could pair it with phishing, privilege escalation, or network propagation attacks to achieve data exfiltration, lateral movement, system compromise, and deployment of backdoors.

A new automated tool created by cybersecurity researcher Marcus Hitchins helps security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) Remote Code Execution (RCE) flaw disclosed by Simone Margaritelli. The flaw enables arbitrary RCE under certain conditions. Akamai later showed that the flaw allowed for 600x amplification in Distributed Denial-of-Service (DDoS) attacks. This article continues to discuss the CUPS RCE flaw and the tool developed by Hitchins to scan environments for devices exposed to CUPS RCE attacks.

Katina Michael, a professor in the School for the Future of Innovation in Society and School of Computing and Augmented Intelligence at Arizona State University, calls for better measures to secure sensitive biometric data. Biometric data refers to the unique physical characteristics of a person, including voice, fingerprint, palm, face, and DNA. Such data can help hackers carry out cybercriminal activities. This article continues to discuss Michael's insights and recommendations regarding cybersecurity and privacy for biometrics.

"Q-Day," when quantum computers can break existing cryptographic algorithms, is predicted to happen within the next decade, leaving digital information vulnerable under current encryption protocols. Post-Quantum Cryptography (PQC) is one of the top priorities for the security community as it works to build and implement encryption capable of withstanding post-quantum threats and attacks. This article continues to discuss the latest efforts aimed at helping with the creation, development, and migration to PQC.

Users looking for game cheats are being tricked into downloading Lua-based malware that can establish persistence on infected systems and deliver additional payloads. Morphisec researcher Shmuel Uzan explained that these attacks take advantage of the popularity of Lua gaming engine supplements. This malware strain is widely distributed throughout North America, South America, Europe, Asia, and Australia. This article continues to discuss the delivery of Lua-based malware through fake cheating script engines.

DataDome's "2024 Global Bot Security Report" found that 95 percent of advanced bot attacks go undetected, emphasizing the need for better detection and mitigation strategies. Some organizations may have basic defenses but need to prepare for more sophisticated attacks involving Artificial Intelligence (AI) and Machine Learning (ML). Recent statistics show that organizations must prioritize and strengthen security against bot attacks. According to DataDome, 65 percent of websites are vulnerable to bot attacks. This article continues to discuss recent findings regarding bot attacks.

"GoldenJackal," an Advanced Persistent Threat (APT) hacking group, successfully breached air-gapped government systems in Europe. The APT group used two custom toolsets to steal sensitive data such as emails, encryption keys, images, archives, and documents. According to ESET, this occurred at least twice against the embassy of a South Asian country in Belarus and a European government organization. This article continues to discuss new findings regarding GoldenJackal's attacks on air-gapped government systems.