About 38 percent of applications using the Apache Log4j library are still vulnerable to security issues, including Log4Shell, a critical vulnerability with the highest severity rating. Log4Shell is a Remote Code Execution (RCE) flaw that enables complete control of systems running Log4j 2.0-beta9 and up to 2.15.0. On December 10, 2021, the flaw was discovered as an actively exploited zero-day, and its widespread impact, ease of exploitation, and security implications served as an invitation to threat actors.

The Pacific Northwest National Laboratory (PNNL) is working on the first US Department of Homeland Security (DHS)-sponsored effort to explore the cybersecurity vulnerabilities and potential impact of increasingly smart agriculture technologies on US society. The "Food and Agriculture Risk Modeling" (FARM) project will proactively identify vulnerabilities in today's digital agricultural software and equipment as well as calculate the consequences of potentially successful cyberattacks.

A team of researchers may have discovered the key to tackling threats from a large-scale quantum attack in an algebraic structure known as a quadratic twist. According to Jason LeGrow, assistant professor of mathematics in the Virginia Tech College of Science and Commonwealth Cyber Initiative Fellow, the most promising class of efficient blind signatures known to withstand quantum attacks is based on certain mathematical protocols believed to be quantum-safe. Before a message is signed, a blind signature disguises its content.

A new wave of Microsoft-themed email messages emerged in June. The messages appeared legitimate, with the Microsoft logo prominently displayed and a familiar email template requiring the user to update their two-factor authentication (2FA) code. There were no attachments or links, just a QR code. When the user scans the QR code with their mobile device, they are taken to a Microsoft-themed web portal where they must enter their login credentials and subsequent MFA code. If they enter their credentials, the information is sent to an attacker, and the user's account is compromised.

Phishing attacks on businesses pose a constant threat of data compromise, which is why many businesses invest in phishing awareness training. Training has resulted in more employees being aware of phishing strategies. As recipients become more aware of phishing tactics, attackers are resorting to another strategy called pretexting. Pretexting builds trust by using impersonation and false stories to persuade victims to share data or take other harmful actions.

According to security researchers at Veeam, the ransomware epidemic hitting UK businesses is leading many to increase their prices, adding to already high inflation.  The researchers surveyed 100 directors of UK businesses with over 500 employees that had been successfully compromised at least once by ransomware in the past 18 months.  The researchers found that large companies had to increase costs to customers by an average of 17% following an attack.  Over a fifth (22%) of respondents said they increased prices by 21-30%, while 6% increased prices by 31-40%.

As data-hungry Artificial Intelligence (AI) and Machine Learning (ML) technologies become more efficient, the key question, according to Ali Makhdoumi, an associate professor of decision sciences at Duke University's Fuqua School of Business, is how to incentivize data sharing while protecting users' privacy.

A team of Houston Christian University (HCU) cyber engineering students took first place in the 2023 Capture the Flag (CTF) competition at the annual Alamo AFCEA chapter event (Alamo ACE). This is the second time an HCU team has won the top award at the annual conference. The CTF is a competition in which undergraduate and graduate college students compete to solve cybersecurity challenges in the realms of reverse engineering, cryptography, web vulnerabilities, memory forensics, network vulnerabilities, and data analytics.

The United States and the United Kingdom recently announced charges and sanctions against two individuals allegedly involved in hacking and other cyber operations on behalf of Russia’s FSB security service.  The threat actor, linked to an FSB unit called Centre 18, has targeted academia, defense firms, governments, NGOs, and think tanks in the US, the UK, and other NATO countries.  The hackers conducted both cyberespionage operations and influence campaigns, including a campaign whose goal was to interfere in the 2019 elections in the United Kingdom.

A set of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm affect USB and Internet of Things (IoT) modems, along with hundreds of Android and iOS smartphone models. Ten of the 14 flaws, collectively dubbed 5Ghoul, affect 5G modems from the two companies, out of which three have been identified as high-severity vulnerabilities. According to the researchers, 5Ghoul vulnerabilities could be used to continuously launch attacks.