A team of Houston Christian University (HCU) cyber engineering students took first place in the 2023 Capture the Flag (CTF) competition at the annual Alamo AFCEA chapter event (Alamo ACE). This is the second time an HCU team has won the top award at the annual conference. The CTF is a competition in which undergraduate and graduate college students compete to solve cybersecurity challenges in the realms of reverse engineering, cryptography, web vulnerabilities, memory forensics, network vulnerabilities, and data analytics.

The United States and the United Kingdom recently announced charges and sanctions against two individuals allegedly involved in hacking and other cyber operations on behalf of Russia’s FSB security service.  The threat actor, linked to an FSB unit called Centre 18, has targeted academia, defense firms, governments, NGOs, and think tanks in the US, the UK, and other NATO countries.  The hackers conducted both cyberespionage operations and influence campaigns, including a campaign whose goal was to interfere in the 2019 elections in the United Kingdom.

A set of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm affect USB and Internet of Things (IoT) modems, along with hundreds of Android and iOS smartphone models. Ten of the 14 flaws, collectively dubbed 5Ghoul, affect 5G modems from the two companies, out of which three have been identified as high-severity vulnerabilities. According to the researchers, 5Ghoul vulnerabilities could be used to continuously launch attacks.

The elevation of privilege flaws is the most common vulnerability corporate insiders exploit when conducting unauthorized activities on networks, according to a Crowdstrike report. The report, based on data collected between January 2021 and April 2023, reveals that insider threats are rising, and the use of privilege escalation flaws is a major component of unauthorized activity.

A sophisticated proxy Trojan targeting macOS is being distributed via pirated versions of legitimate business software such as editing tools, data recovery software, and network scanning applications. The Trojan works by posing as a legitimate program during installation and then creating a hidden proxy server on the user's system. This covert server allows threat actors to keep a backdoor open on the system while also redirecting network traffic through the compromised device. Such a proxy Trojan can have varying degrees of severity for victims.

According to Cycode, security practitioners are under significant pressure to secure today's applications. Seventy-eight percent of CISOs stated that today's AppSec attack surfaces are unmanageable, and 90 percent revealed that relationships between their security and development teams need improvement. Seventy-seven percent of CISOs believe software supply chain security is a more significant gap in AppSec than generative Artificial Intelligence (AI) or open source.

WordPress recently released a security update for the popular content management system (CMS) to address a remote code execution (RCE) vulnerability.  Security researchers at Defiant noted that the flaw addressed in the open-source CMS is a property oriented programming (POP) chain issue introduced in WordPress core 6.4.  The researchers stated that it can be combined with a different object injection flaw, allowing attackers to execute PHP code on vulnerable websites.  The bug was identified in a class introduced in WordPress 6.4 to improve HTML parsing in the block editor.

It has recently been revealed that a cyberattack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days.  The attack targeted a private group water scheme in the Erris area and reportedly impacted 180 people in Binghamstown and Drum, leaving them without water on Thursday and Friday.  According to the water utility's representative,  hackers targeted a Eurotronics water pumping system, defacing a user interface with a message announcing the hack.

Research has been done on applying blockchain-based federated Machine Learning (ML) to improve the privacy and security of users and their sensitive data. The method could be used to protect driver data. Data collection in cars is a potential privacy nightmare because the information gathered can reveal the driver's identity, driving habits, how safely they drive, where they have been, and where they regularly go. According to a report by the Mozilla Foundation, a nonprofit technology research and advocacy organization, carmakers' privacy policies are incredibly lax.

According to the first study of privacy practices and challenges in public libraries led by University of Illinois Urbana-Champaign information sciences professor and cybersecurity expert Masooda Bashir, librarians have historically taken a firm stand on protecting their patrons' privacy, but how well they do this varies based on certain factors. Bashir and her research group conducted an online survey of public library employees across the US, asking about employee training, secure storage methods, how data breaches were handled, and more.