DARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.
Federal authorities have seized servers belonging to the Radar/Dispossessor ransomware gang in the U.S. and Europe. The FBI dismantled dozens of servers linked to the group, which is believed to have ties to the LockBit ransomware enterprise.
The effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to identify where open-source software components are being used in sectors like healthcare, transportation, and energy production to enhance national cybersecurity.
Microsoft released its August 2024 Patch Tuesday updates, fixing 89 vulnerabilities, including nine zero-days. Among these, six zero-days were actively exploited, while three others were publicly disclosed. A tenth zero-day still remains unpatched.
The FBI found that the cybercriminal duo was involved in Dark Web platforms like WWH Club, Skynetzone, and Opencard for buying, selling, and trading sensitive information and cybercriminal training.
SAP has released a security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass flaw (CVE-2024-41730) in the SAP BusinessObjects Business Intelligence Platform.
Nightfall AI’s research found that 35% of exposed API keys were still active, leading to significant security risks. The study uncovered an average of about 350 secrets, including passwords and API keys, exposed per 100 employees annually on GitHub.
Promoted through Telegram and other underground forums, DeathGrip RaaS offers aspiring threat actors on the dark web sophisticated ransomware tools, including LockBit 3.0 and Chaos builders.
Orion SA recently disclosed to US regulators that it fell victim to a criminal wire fraud scheme resulting in a $60 million loss. The incident, possibly a BEC scam, involved fraudulent wire transfers to unknown third-party accounts by an employee.
During a recent security audit by Laburity researchers, an application with a vulnerability related to pfblockerNG was identified. Attempts using default credentials failed, but an exploit from exploit-db was unsuccessful.