The finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).
Multiple privilege escalation issues in Microsoft Azure’s cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant resources.
DARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.
Federal authorities have seized servers belonging to the Radar/Dispossessor ransomware gang in the U.S. and Europe. The FBI dismantled dozens of servers linked to the group, which is believed to have ties to the LockBit ransomware enterprise.
The effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to identify where open-source software components are being used in sectors like healthcare, transportation, and energy production to enhance national cybersecurity.
Microsoft released its August 2024 Patch Tuesday updates, fixing 89 vulnerabilities, including nine zero-days. Among these, six zero-days were actively exploited, while three others were publicly disclosed. A tenth zero-day still remains unpatched.
The FBI found that the cybercriminal duo was involved in Dark Web platforms like WWH Club, Skynetzone, and Opencard for buying, selling, and trading sensitive information and cybercriminal training.
SAP has released a security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass flaw (CVE-2024-41730) in the SAP BusinessObjects Business Intelligence Platform.
Nightfall AI’s research found that 35% of exposed API keys were still active, leading to significant security risks. The study uncovered an average of about 350 secrets, including passwords and API keys, exposed per 100 employees annually on GitHub.
Promoted through Telegram and other underground forums, DeathGrip RaaS offers aspiring threat actors on the dark web sophisticated ransomware tools, including LockBit 3.0 and Chaos builders.