Evolution Mining recently announced that it had been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems.  Evolution Mining is one of Australia's largest gold producers, and it also has a presence in Canada.   The company stated that despite the disruption the ransomware attack caused to its IT systems, it does not anticipate it will have any material impact on operations.  This means that mining operations should continue uninterrupted.

The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency (DARPA), has officially awarded seven semifinalists $2m each at DEFCON 32 where the agency hosted an immersive experience to underscore the real-world stakes of the competition.  AIxCC aims to find a cyber reasoning system to successfully find and fix vulnerabilities in open-source software.  The seven teams announced as semifinalists who will advance to the final competition include 42-b3yond-6ug, all_you_need_is_a_fuzzing_brain, Lacrosse, Shellphish, Team Atlanta, Theori, and Trail of Bits.

US senators Mark R. Warner and James Lankford over the weekend announced the introduction of a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors.  The bill is referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST).

The East Valley Institute of Technology (EVIT) recently started informing over 200,000 individuals that their personal and health information was compromised in a recent data breach.  The incident occurred on January 9, when a threat actor gained unauthorized access to EVIT’s network, accessing sensitive information pertaining to current and former students, staff, faculty, and parents.

Companies are rapidly implementing Microsoft's Copilot Artificial Intelligence (AI)-based chatbots to improve data collection and time management. However, threat actors also benefit from Copilot. According to security researcher Michael Bargury, attackers can use Copilot to search for data, exfiltrate it without logs, and socially engineer victims to phishing sites without having them open emails or click links. Bargury has demonstrated how Copilot is vulnerable to prompt injections that enable hackers to evade its security controls.

AMD is warning about "SinkClose," a severe CPU vulnerability affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The vulnerability enables attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install almost undetectable malware. Ring -2 is one of the highest privilege levels associated with modern CPUs' System Management Mode (SMM) feature, which handles power management, hardware control, security, and more. This article continues to discuss the SinkClose flaw that helps install nearly undetectable malware.

Reliance on error-filled code written by generative Artificial Intelligence (AI) using Large Language Models (LLMs) is resulting in highly vulnerable software, according to Veracode Chief CTO and co-founder Chris Wysopal. He noted that LLMs write code like human software developers who do not write secure code. Code-writing generative AI programs such as Microsoft Copilot are expected to help improve software security. Generative AI programs help developers write 50 percent more code, but the code written by AI has been found to be less secure.