The East Valley Institute of Technology (EVIT) recently started informing over 200,000 individuals that their personal and health information was compromised in a recent data breach.  The incident occurred on January 9, when a threat actor gained unauthorized access to EVIT’s network, accessing sensitive information pertaining to current and former students, staff, faculty, and parents.

Companies are rapidly implementing Microsoft's Copilot Artificial Intelligence (AI)-based chatbots to improve data collection and time management. However, threat actors also benefit from Copilot. According to security researcher Michael Bargury, attackers can use Copilot to search for data, exfiltrate it without logs, and socially engineer victims to phishing sites without having them open emails or click links. Bargury has demonstrated how Copilot is vulnerable to prompt injections that enable hackers to evade its security controls.

AMD is warning about "SinkClose," a severe CPU vulnerability affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The vulnerability enables attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install almost undetectable malware. Ring -2 is one of the highest privilege levels associated with modern CPUs' System Management Mode (SMM) feature, which handles power management, hardware control, security, and more. This article continues to discuss the SinkClose flaw that helps install nearly undetectable malware.

Reliance on error-filled code written by generative Artificial Intelligence (AI) using Large Language Models (LLMs) is resulting in highly vulnerable software, according to Veracode Chief CTO and co-founder Chris Wysopal. He noted that LLMs write code like human software developers who do not write secure code. Code-writing generative AI programs such as Microsoft Copilot are expected to help improve software security. Generative AI programs help developers write 50 percent more code, but the code written by AI has been found to be less secure.

The top three data exfiltration tools used by threat actors between September 2023 and July 2024 were Rclone, WinSCP, and cURL, according to ReliaQuest. Data exfiltration may involve threat actor–owned infrastructure or third-party cloud services. ReliaQuest says most high-profile ransomware groups, such as "LockBit," "Black Basta," and "BlackSuit," use the top three tools. This article continues to discuss key findings regarding the top data exfiltration tools used by threat actors.

NCC Group researchers discovered vulnerabilities in Sonos smart speakers, including a flaw that could have enabled attackers to eavesdrop on users. An attacker in Wi-Fi range of the targeted Sonos smart speaker can exploit one of the vulnerabilities for Remote Code Execution (RCE). The researchers showed how an attacker could have taken control of a speaker, secretly recorded audio, and exfiltrated it to their server using this vulnerability. This article continues to discuss the Sonos product vulnerabilities. 

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of two vulnerabilities, including a path traversal flaw affecting Apache OFBiz. Apache OFBiz is an open source Enterprise Resource Planning (ERP) system with a suite of business applications to help manage an organization. Many industries and businesses of different sizes use it because it is versatile and cost-effective. The path traversal vulnerability could allow attackers to remotely execute arbitrary commands on vulnerable servers.