Aqua Nautilus researchers reported the first instance of an exploit attack on the "Looney Tunables" Linux privileged escalation vulnerability. They say they are "100% certain" that the threat actor Kinsing was behind the attack, but they are not ready to reveal how. Kinsing poses a significant threat to cloud environments, specifically Kubernetes clusters, Docker Application Programming Interfaces (APIs), Redis servers, and Jenkins servers.

Socks5Systemz, a proxy botnet, has infected about 10,000 systems through the PrivateLoader and Amadey malware loaders. Infected computers become traffic-forwarding proxies for malicious, illegal, or anonymous traffic. It charges subscribers between $1 and $140 per day in cryptocurrency to access this service. Socks5Systemz is described in detail in a BitSight report, which states that the proxy botnet has been active since at least 2016, but has remained relatively unknown until recently. This article continues to discuss the Socks5Systemz proxy botnet.

SecuriDropper is a new Dropper-as-a-Service (DaaS) for Android capable of bypassing Google's new security restrictions and delivering malware. Dropper malware on Android is designed to act as a conduit for a payload to be installed on a compromised device, making it a profitable business model for threat actors who can advertise the capabilities to other cybercriminals. Furthermore, doing so allows adversaries to separate the development and execution of an attack from the malware installation.

According to a new report from researchers at Duke University's Sanford School of Public Policy, data brokers are selling large amounts of highly sensitive data on American military service members. The study delves into the data broker industry, which collects personal information on individual consumers before selling it to marketers. The industry has grown rapidly in recent years, prompting California to enact a law that lets consumers prevent data brokers from gathering and selling their information with the click of a button.

The recent Okta Support system breach occurred because of the compromise of a service account with access to view and update customer support cases. Okta Security discovered that an employee had signed in to their personal Google profile on their Okta-managed laptop's Chrome browser. According to David Bradbury, Chief Security Officer at Okta, the service account's username and password were saved into the employee's personal Google account. The compromise of the employee's personal Google account or device is what most likely exposed this credential.

Ashish Venkat, an assistant professor of computer science and cybersecurity expert at the University of Virginia (UVA), has received a CAREER Award from the National Science Foundation (NSF) to develop a hardware and software system that enables rapid and secure mitigation of cyberattacks, including zero-day events.

A scientist claims to have created a low-cost system for using quantum computing to crack RSA, the world's most commonly used public key algorithm. However, multiple cryptographers and security experts have expressed skepticism regarding the claim. The scientist making the claim is Ed Gerck, who, according to his LinkedIn profile, is a quantum computing developer at Planalto Research, a company he founded.

The UK National Cyber Security Centre (NCSC) has updated its guidance to help in the migration to Post-Quantum Cryptography (PQC). The updated guidance builds on the NCSC 2020 white paper titled "Preparing for Quantum-Safe Cryptography." It includes advice on algorithm choices and protocol considerations following the availability of draft standards from the US National Institute of Standards and Technology (NIST). The "Q-Day" point, when quantum computers can break existing cryptographic algorithms such as Public-Key Cryptography (PKC), is coming.

Microsoft has launched the Secure Future Initiative to improve the overall security of its products and users. According to Brad Smith, Vice Chair and President of Microsoft, the growing speed, scale, and sophistication of cyberattacks requires a new response. He emphasized that ransomware attempts have increased by 200 percent since September 2022. Nation-state actors' cyber operations have become more advanced, and the most resourced attackers are quickly innovating.

In recent weeks, Apple has alerted people in Armenia about their phones being targeted by state-sponsored hackers, with several cybersecurity experts pointing at the Pegasus spyware. The number of spyware infections in Armenia has been steadily increasing over the last two years, according to CyberHUB, an Armenian digital rights organization investigating the incidents. Many infections are linked to Azerbaijan's government, which has a history of conflict with Armenia, particularly over the disputed Nagorno-Karabakh region.