US senators Mark R. Warner and James Lankford over the weekend announced the introduction of a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors.  The bill is referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST).

The East Valley Institute of Technology (EVIT) recently started informing over 200,000 individuals that their personal and health information was compromised in a recent data breach.  The incident occurred on January 9, when a threat actor gained unauthorized access to EVIT’s network, accessing sensitive information pertaining to current and former students, staff, faculty, and parents.

Companies are rapidly implementing Microsoft's Copilot Artificial Intelligence (AI)-based chatbots to improve data collection and time management. However, threat actors also benefit from Copilot. According to security researcher Michael Bargury, attackers can use Copilot to search for data, exfiltrate it without logs, and socially engineer victims to phishing sites without having them open emails or click links. Bargury has demonstrated how Copilot is vulnerable to prompt injections that enable hackers to evade its security controls.

AMD is warning about "SinkClose," a severe CPU vulnerability affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The vulnerability enables attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install almost undetectable malware. Ring -2 is one of the highest privilege levels associated with modern CPUs' System Management Mode (SMM) feature, which handles power management, hardware control, security, and more. This article continues to discuss the SinkClose flaw that helps install nearly undetectable malware.

Reliance on error-filled code written by generative Artificial Intelligence (AI) using Large Language Models (LLMs) is resulting in highly vulnerable software, according to Veracode Chief CTO and co-founder Chris Wysopal. He noted that LLMs write code like human software developers who do not write secure code. Code-writing generative AI programs such as Microsoft Copilot are expected to help improve software security. Generative AI programs help developers write 50 percent more code, but the code written by AI has been found to be less secure.

NCC Group researchers discovered vulnerabilities in Sonos smart speakers, including a flaw that could have enabled attackers to eavesdrop on users. An attacker in Wi-Fi range of the targeted Sonos smart speaker can exploit one of the vulnerabilities for Remote Code Execution (RCE). The researchers showed how an attacker could have taken control of a speaker, secretly recorded audio, and exfiltrated it to their server using this vulnerability. This article continues to discuss the Sonos product vulnerabilities. 

The top three data exfiltration tools used by threat actors between September 2023 and July 2024 were Rclone, WinSCP, and cURL, according to ReliaQuest. Data exfiltration may involve threat actor–owned infrastructure or third-party cloud services. ReliaQuest says most high-profile ransomware groups, such as "LockBit," "Black Basta," and "BlackSuit," use the top three tools. This article continues to discuss key findings regarding the top data exfiltration tools used by threat actors.