The National Institute of Standards and Technology (NIST) has formally published three post-quantum cryptography standards from its competition to develop cryptography that can withstand quantum computing decryption of current asymmetric encryption. The three standards are ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+). FN-DSA (Falcon) is a fourth that has been chosen for standardization in the future.

Evolution Mining recently announced that it had been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems.  Evolution Mining is one of Australia's largest gold producers, and it also has a presence in Canada.   The company stated that despite the disruption the ransomware attack caused to its IT systems, it does not anticipate it will have any material impact on operations.  This means that mining operations should continue uninterrupted.

The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency (DARPA), has officially awarded seven semifinalists $2m each at DEFCON 32 where the agency hosted an immersive experience to underscore the real-world stakes of the competition.  AIxCC aims to find a cyber reasoning system to successfully find and fix vulnerabilities in open-source software.  The seven teams announced as semifinalists who will advance to the final competition include 42-b3yond-6ug, all_you_need_is_a_fuzzing_brain, Lacrosse, Shellphish, Team Atlanta, Theori, and Trail of Bits.

US senators Mark R. Warner and James Lankford over the weekend announced the introduction of a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors.  The bill is referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST).

The East Valley Institute of Technology (EVIT) recently started informing over 200,000 individuals that their personal and health information was compromised in a recent data breach.  The incident occurred on January 9, when a threat actor gained unauthorized access to EVIT’s network, accessing sensitive information pertaining to current and former students, staff, faculty, and parents.

Companies are rapidly implementing Microsoft's Copilot Artificial Intelligence (AI)-based chatbots to improve data collection and time management. However, threat actors also benefit from Copilot. According to security researcher Michael Bargury, attackers can use Copilot to search for data, exfiltrate it without logs, and socially engineer victims to phishing sites without having them open emails or click links. Bargury has demonstrated how Copilot is vulnerable to prompt injections that enable hackers to evade its security controls.

AMD is warning about "SinkClose," a severe CPU vulnerability affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The vulnerability enables attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install almost undetectable malware. Ring -2 is one of the highest privilege levels associated with modern CPUs' System Management Mode (SMM) feature, which handles power management, hardware control, security, and more. This article continues to discuss the SinkClose flaw that helps install nearly undetectable malware.