Nominations are now open for the 12th Annual Best Scientific Cybersecurity Paper Competition. The National Security Agency (NSA) welcomes nominations of papers published in 2023 in peer-reviewed journals and technical conferences that show an outstanding contribution to cybersecurity science. Winners will be announced at the end of 2024.

Battery maker VARTA AG was recently targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.  VARTA is a German manufacturer of batteries for the automotive, consumer, and industrial sectors, partially owned by Energizer Holdings.  VARTA's annual revenue exceeds $875 million.  The company announced that hackers targeted parts of its IT infrastructure on the night of February 12th, causing a severe disruption in five production units.

Through the exploitation of a 20-year-old design flaw dubbed KeyTrap in the DNSSEC specification, one packet can exhaust a vulnerable DNS server's processing capacity, effectively disabling the machine. According to the researchers who uncovered this flaw, associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt, DNS server software makers briefed on the vulnerability described it as the worst DNS attack ever discovered. The KeyTrap security flaw, tracked as CVE-2023-50387, has received a CVSS severity rating of 7.5 out of 10.

The National Security Agency (NSA) Research Directorate selected "Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots" as the 11th Annual Best Scientific Cybersecurity Paper Competition winner. The winning paper by Stony Brook University researchers looked into automated attacks on new webservers and how a web browser can trust an organization's publicly available cryptographic credentials.

Video messaging giant Zoom recently announced patches for seven vulnerabilities in its desktop and mobile applications, including a critical severity bug in Windows software.  The critical issue tracked as CVE-2024-24691 (CVSS score of 9.6) is described as an improper input validation that could allow an attacker with network access to escalate privileges.

A student at Oklahoma State University received the Best Paper Award at the Institute of Electrical and Electronics Engineers (IEEE) Consumer Communications and Networking Conference for his paper, "A Lightweight Aggregate Authentication Protocol For Internet of Drones." Image Bhattarai's motivation behind this paper stemmed from an interest in data privacy and the identification of a gap in existing knowledge regarding lightweight authentication for drones.

Enterprise software maker SAP has recently announced the release of 13 new and three updated security notes as part of its February 2024 Security Patch Day, including one addressing a critical vulnerability in the SAP ABA cross-application component.  The critical issue, a code injection bug tracked as CVE-2024-22131 (CVSS score of 9.1), could be exploited by an attacker with remote execution authorization to use a vulnerable interface to invoke an application function and perform actions without permission.

Maanak Gupta, a computer science assistant professor at Tennessee Tech University, and his team of students are leading innovative Artificial Intelligence (AI) research on using early detection and adaptive response strategies to protect systems and networks from cyber threats. They are developing early detection methods to stay ahead of cybercriminals who are creating malware capable of deceiving AI by bypassing trained models.

The Glupteba botnet uses a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, increasing the sophistication of the malware. According to Palo Alto Networks' Unit 42 researchers, this bootkit can interfere with and control the operating system boot process, allowing Glupteba to hide and create a stealthy persistence that is difficult to detect and remove. Glupteba is an information stealer and backdoor that can facilitate illicit cryptocurrency mining and launch proxy components on infected hosts.

According to a MixMode report, while the use of Artificial Intelligence (AI) in cybersecurity has increased, large-scale adoption remains hindered by a lack of expertise, budget, and trust. The report surveyed 641 Information Technology (IT) and security practitioners in the US to better understand the state of AI in cybersecurity. It found that AI adoption is still in its early stages. Fifty-two percent of respondents believe AI adoption in cybersecurity is in its early stage, with only 18 percent saying their AI tools and practices are fully mature.