In summer 2023, Microsoft President Brad Smith admitted that security failings enabled Chinese state hackers to access US government officials' emails. Microsoft was blamed for a "cascade of security failures" that allowed the Chinese threat actor "Storm-0558" to access 25 organizations' email accounts, including those belonging to US government officials, according to an April 2024 Cyber Safety Review Board (CSRB) report.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns federal agencies of the ongoing exploitation of a patched authentication bypass vulnerability in Progress Software's Telerik Report Server. The vulnerability exists because the current installation setup was not properly validated in version 2024 Q1 (10.0.24.305) and earlier iterations. The flaw enables an attacker to supply specific parameters and create a new administrator user. They can then log in to the server.

Cisco Talos and Volexity warn that Pakistan-based threat actors have targeted Indian government entities in two espionage campaigns. Since 2018, "Operation Celestial Force" has targeted Indian defense, government, and technology employees with Android and Windows malware.

Edge devices, services, and network infrastructure devices often start mass exploitation attacks. There has been a rise of mass exploitation compromises and criminal targeting of edge and infrastructure devices. Nation-states such as Russia and China and criminal groups like FIN11 use edge devices, often compromised by zero-day vulnerabilities, according to Mandiant's M-Trends 2024 report. According to Forescout's Riskiest Devices 2024 report, endpoints were the riskiest in 2023 but are now network infrastructure.

Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned of the deepfake threat to election integrity. The tech policy expert emphasized how technology has made deepfakes easier and cheaper to make. In a report titled "Facing Fakes: How Politics and Politicians Can Respond to the Deepfake Age," Feeney calls on the UK government update existing laws rather than create new regulations for Artificial Intelligence (AI) and deepfakes.

GitHub has recently announced that through its bug bounty program, which the company launched ten years ago, it has paid out more than $4 million.  In 2023, the bug bounty paid out exceeded $850,000.  GitHub noted that its annual bug bounty payout has exceeded $800,000 since 2021.  The largest single reward in 2023 was $75,000 for a vulnerability that allowed access to the environment variables of a production container.

Rockwell Automation recently announced that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.  The first vulnerability, CVE-2024-37368, is described as a user authentication issue that can lead to information leakage.  The company noted that the vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project.  Due to the lack of proper authentication, this action is allowed without proper authentication verification.

Microsoft recently revealed updates for 51 vulnerabilities, only one of which was rated "critical." Microsoft noted that the bug, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) and has been assigned a CVSS score of 9.8, with exploitation rated as "more likely." Microsoft has recommended disabling the service until a time at which you can install the update.  The zero-day vulnerability, made public in February, is a protocol-level bug impacting DNSSEC validation.

In a new phishing campaign, HTML attachments abusing the Windows Search protocol are used to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that lets applications open Windows Explorer to perform searches with specific parameters. Most Windows searches will use the local device's index. However, Windows Search can be forced to query file shares on remote hosts and apply a custom title for the search window. Prof. Dr.

A new Protect AI report delves into a dozen critical vulnerabilities in open source Artificial Intelligence (AI) and Machine Learning (ML) tools discovered in recent months. The company warns of security defects reported as part of its AI bug bounty program, including critical issues that could lead to information disclosure, resource access, privilege escalation, and server takeover. The worst bug is an improper input validation in Intel Neural Compressor software that could enable remote attackers to escalate privileges.