The Russian-based APT29 group used the same iOS and Google Chrome exploits as NSO Group and Intellexa in an espionage campaign against the Mongolian government. According to the researchers who discovered the campaign, it is still unclear how the APT group got the exploit. Three attacks linked "with moderate confidence" to APT29 in November 2023, February 2024, and July 2024 used the exploits. The campaigns involved watering hole attacks on Mongolian government websites. The threat actors compromised the websites and loaded a hidden iframe.

The City of Columbus, Ohio, has taken legal action against a security researcher for illegally downloading and distributing data stolen and leaked by the "Rhysida" ransomware gang from the City's Information Technology (IT) network. On July 18, 2024, a ransomware attack on Columbus, Ohio's capital and most populous city, caused service outages. Rhysida ransomware claimed responsibility for stealing 6.5 TB of databases, including employee credentials, server dumps, city video camera feeds, and other sensitive data.

Cybersecurity solutions provider Fortra recently announced patches for two vulnerabilities in FileCatalyst Workflow, including a critical severity flaw involving leaked credentials.  The critical issue is tracked as CVE-2024-6633 (CVSS score of 9.8) and exists because the default credentials for the setup HSQL database (HSQLDB) have been published in a vendor knowledgebase article.

There are currently efforts in California to establish first-in-the-nation safety measures for the largest artificial intelligence systems.  The proposal, aiming to reduce potential risks created by AI, would require companies to test their models and publicly disclose their safety protocols to prevent them from being manipulated.  The bill is among hundreds lawmakers are voting on during its final week of session.  Gov. Gavin Newsom then has until the end of September to decide whether to sign them into law, veto them, or allow them to become law without his signature.

Security researchers at Akamai recently warned that an unpatched vulnerability found in CCTV cameras commonly used in critical infrastructure is being actively exploited to spread a Mirai variant malware.  The command injection vulnerability, CVE-2024-7029, is found in the brightness function of AVTECH CCTV cameras that allows for remote code execution (RCE).  The vulnerability was highlighted in a Cybersecurity and Infrastructure Security Agency (CISA) industrial control system (ICS) advisory in August 2024.

According to security researchers at Forescout, published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access.  The researchers noted that 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111 new CVEs per day.  The majority of published vulnerabilities in H1 2024 had either a medium (39%) or low (25%) severity score (CVSS), while just 9% had a critical score.

BlackByte is a ransomware-as-a-service brand believed to be an off-shoot of Conti.  It was first seen in 2021.  Security researchers at Talos have observed the BlackByte ransomware brand employing new techniques in addition to their standard TTPs.  The researchers found that BlackByte has been considerably more active than previously assumed.  The researchers stated that the group has been significantly more active than would appear from the number of victims published on its data leak site but cannot explain why only 20% to 30% of BlackByte’s victims are posted.

Google recently announced significantly boosted rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program (VRP).  With the updated rewards, Google says security researchers may earn as much as $250,000 for a single issue or even more if specific conditions are met.  As before, the highest payouts will go to researchers who demonstrate memory corruption bugs in non-sandboxed processes.

The Play ransomware group has recently published gigabytes of data allegedly stolen from US-based semiconductor supplier Microchip Technology.  The company revealed that operations at some of its manufacturing facilities were disrupted due to the attack. Microchip provides microcontroller, mixed-signal, analog, and Flash-IP solutions to 123,000 customers across the industrial, automotive, consumer, aerospace and defense, communications, and computing sectors.

Today, the National Security Agency (NSA) released a copy of an internal lecture delivered by Rear Admiral Grace Hopper from August 19, 1982. Known as one of the most influential figures in the development of early computing technologies, Hopper’s contributions have left an indelible mark on the field of computer science, particularly in the realm of programming languages. The lecture, which Hopper delivered during her tenure at the NSA, provides a rare glimpse into the thoughts and expertise of a woman who played a pivotal role in shaping modern computing.