Threat actors with a Google account could exploit a loophole impacting Google Kubernetes Engine (GKE) to take over a Kubernetes cluster. The flaw has been dubbed "Sys:All" by the cloud security company Orca. About 250,000 active GKE clusters in the wild are said to be vulnerable to the attack vector. According to security researcher Ofir Yakobi, there is a common misconception that the system:authenticated group in GKE only includes verified and deterministic identities. However, it includes any Google-authenticated account, even those from outside the organization.

According to the UK's National Cyber Security Centre (NCSC), Artificial Intelligence (AI) tools will negatively impact cybersecurity in the near future, contributing to the rise of the ransomware threat. Cybercriminals are already using AI for various purposes, and the trend is expected to worsen over the next two years, increasing the volume and severity of attacks. AI will allow inexperienced threat actors, hackers-for-hire, and low-skilled hacktivists to carry out more effective, targeted attacks.

Retailers in the Middle East and Africa are more vulnerable to web-skimming attacks, but they make up a small fraction of all consumer victims. An independent researcher recently discovered web-skimming code on the staging server of the clothing retail website Khaadi, which is based in Pakistan and the United Arab Emirates. The code was discovered during an investigation into a web-skimming attack on a German football team's website, and an Internet-wide search revealed 1,800 other potentially compromised websites.

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.  Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.  The team also used two unique two-bug chains to hack a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station, earning an additional $120,000.

Google recently announced the promotion of Chrome 121 to the stable channel with patches for 17 vulnerabilities, including 11 reported by external researchers.  Of the externally reported security defects, three have a severity rating of "high." Google says it handed over $30,000 in bug bounty rewards to the reporting researchers.  Google noted that the first high-severity bug that Chrome 121 addresses is a use-after-free issue in WebAudio. Tracked as CVE-2024-0807, the flaw earned the reporting researcher a $11,000 bug bounty.

Restaurant chain Jason’s Deli just recently started informing customers that their user accounts and personal information might have been compromised in credential stuffing attacks.  Over the weekend, the company, which owns over 200 fast casual restaurants across the United States, began informing customers that attackers have been observed accessing user accounts using login credentials obtained from other data breaches.

A new study by three UC Berkeley School of Information students and alums aims to make it easier to determine the authenticity of an audio clip as deepfakes and doctored audio have become more common. Deepfakes are a type of media, including images, audio, and videos, manipulated or created using Artificial Intelligence (AI). In addition to spreading false information, deepfakes can decrease the effectiveness of security systems. The team explored various techniques for distinguishing a real voice from a cloned one made to impersonate a specific person.

A National Science Foundation (NSF) grant has been awarded in support of Northeastern University professor David Choffnes and other computer scientists exploring the vulnerabilities of Internet of Things (IoT) devices as part of the "Security and Privacy Heterogeneous Environment for Reproducible Experimentation" (SPHERE) project. Choffnes says the remote IoT lab will be the first of its kind. Anyone can schedule a time to configure the lab's IoT devices to simulate different deployments and interact with them in automated ways to uncover security and privacy flaws.

A new report released by Palo Alto Networks' Unit 42 delves into how the BianLian ransomware group operates as it evolves to focus primarily on the healthcare and manufacturing sectors, as well as the US and Europe. BianLian first appeared around 2021 and gained widespread attention in 2022 when it hit companies in the US, UK, and Australia with ransomware attacks. The group now only steals data and threatens to publish it if victims refuse to pay.