The U.S. Department of Justice announced the arrest of former cybersecurity consultant Vincent Cannady, who allegedly extorted $1.5 million from a New York-based multinational IT infrastructure services provider where he was assigned by a staffing company to address possible network security issues, reports BleepingComputer.
Organizations remediated security issues added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog 3.5 times faster than those that are not in the catalog, according to The Record, a news site by cybersecurity firm Recorded Future.
Software firms have been urged by the FBI and Cybersecurity and Infrastructure Security Agency to ensure the absence of path traversal or directory traversal vulnerabilities in their products prior to shipping, BleepingComputer reports.
FedScoop reports that increasing artificial intelligence-related cybersecurity risks have prompted Sens. Mark Warner, D-Va., and Thom Tillis, R-N.C., to introduce the Secure AI Act of 2024.
Major airsoft game host and equipment renter Airsoft C3 had the sensitive data of 75,000 individuals part of its enthusiast community website compromised due to a Google Cloud Storage Bucket misconfiguration, indicating a significant threat to the U.S. airsoft community, according to Cybernews.
International development firm Chemonics, which mainly caters to the United States Agency of International Development, has not yet provided more extensive information regarding a cyberattack that compromised more than 6,000 individuals initially reported in July 2021, reports FedScoop.
BleepingComputer reports that numerous Android apps with over four billion downloads are susceptible to the novel Dirty Stream attack, which involves the exploitation of a flaw in Android's content provider system that could enable arbitrary code execution and secrets compromise.
Attacks with the novel Goldoon botnet have been deployed against vulnerable D-Link DIR-645 routers impacted by the almost 10-year-old critical arbitrary command execution bug, tracked as CVE-2015-2051, to facilitate further compromise, with escalating botnet activity recorded since April 9, according to The Hacker News.
Iranian state-backed hacking operation APT42 — also known as Mint Sandstorm, Mint Phosphorous, Charming Kitten, and TA453 — has spoofed major news organizations, including The Washington Post, think tanks, such as the McCain Institute, and internet services, such as Gmail, YouTube, and Google Drive, as part of cyberespionage campaigns against journalists and human rights activists, reports CyberScoop.