The National Institute of Standards and Technology (NIST) has finalized its principal encryption algorithms that can withstand the cyberattack of a quantum computer. Researchers worldwide are racing to develop quantum computers that could break the encryption used today to provide security and privacy for nearly all online activities. The announced algorithms are specified in the first completed standards from NIST's post-quantum cryptography standardization project, and are ready for use.

Samy Kamkar, a renowned hacker, has his own version of a laser microphone. He can point an invisible laser at a distant laptop through a window and detect its vibrations to reconstruct almost every character typed on it. The method, which uses the subtle acoustics created by tapping different keys on a computer, works even without a keyboard view if the hacker has a line-of-sight view of a relatively reflective part of the target laptop. This article continues to discuss Kamkar's keystroke eavesdropping technique.

Security researchers Dennis Giese and "Braelynn" found that hackers can take control of Ecovacs vacuum and lawn mower robots to spy on owners using the devices' cameras and microphones. After analyzing several Ecovacs products, the researchers found several vulnerabilities that could be exploited to hack the robots via Bluetooth and remotely turn on microphones and cameras. The main issue is a vulnerability that enables anyone with a phone to connect to and hijack an Ecovacs robot via Bluetooth from as far away as 450 feet.

Cybersecurity professionals are testing their skills against a new online voting platform called Secure Internet Voting (SIV) to explore potential security vulnerabilities in the next generation of election systems. It allows people to vote using their phones or computers and is already being used in small pilot programs across the US. However, it faces significant barriers to wider adoption as most states prohibit widespread use of online voting due to security concerns, preferring auditable paper ballots. This article continues to discuss SIV and hackers' exploration of it.

Security researchers at Barracuda Networks have discovered a new sophisticated phishing attack featuring a stealthy infostealer malware that exfiltrates a wide range of sensitive data.  The researchers noted that the infostealer is engineered to collect comprehensive browser information and files. It extracts MasterKeys from browsers such as Chrome, Edge, Yandex, and Brave and captures session cookies, saved passwords, credit card information, and browser histories.

The "Gcore Radar Report" for the first half of 2024 details Distributed Denial-of-Service (DDoS) attack data, showing attack patterns and cyber threats. According to the report, DDoS attacks increased 46 percent in the first half of 2024 to 445K. Peak attack power rose as the most powerful DDoS attack was 1.7 Tbps compared to 2023's 1.6 Tbps attack. Although the increase in power is only 0.1 Tbps in a year, it is still a significant threat. This article continues to discuss key takeaways from the Gcore Radar Report.

In a study, researchers from Stanford University and the CISPA Helmholtz Center for Information Security highlighted that over the past three years, 280 million Chrome extension installs contained malware. Many of these malicious extensions have been available in the Chrome store for a long time. Extensions with malware have lasted over a year (380 days), and those with vulnerable code have lasted over 1,248 days. Such extensions can steal plain-text passwords, drain bank accounts, and more. This article continues to discuss the threat of browser backdoors.

According to a new report from Palo Alto Networks' Unit 42, organizations are introducing over 300 new services monthly, making up about 32 percent of high or critical cloud exposures. The company warned that the rapid expansion of digital services is making the cybersecurity landscape increasingly complex. It is becoming more difficult for businesses and government entities to keep an accurate inventory of their Information Technology (IT) assets, which attackers gravitate toward.

Tenable researchers found vulnerabilities in Microsoft's Azure Health Bot Service that threat actors could have used to access sensitive data. Healthcare organizations can build and deploy Artificial Intelligence (AI)-powered virtual health assistants using the Azure Health Bot Service. Some of these chatbots may need access to sensitive patient information to do their jobs. Tenable discovered a data connection feature that lets bots interact with external data sources.