Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches

Noteworthy stories that might have slipped under the radar: 4,000 take part in Locked Shields 2024 exercise, Qantas and JP Morgan hit by data exposure bugs, NVIDIA patches critical flaw. 

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Former NSA employee gets 21 year prison sentence for attempted espionage

Jareh Sebastian Dalke, a 32-year-old former NSA employee, has been sentenced to over 21 years in prison for attempting to sell classified national defense information to Russia. Dalke offered to provide information to an individual he believed to be a Russian agent but was actually an undercover FBI employee. 

Bricklayer raises $2.5 million for autonomous AI security analyst solution

Bricklayer AI has announced a pre-seed investment of $2.5 million that it will use to advance development of its autonomous AI security analyst solution. Bricklayer AI’s platform combines multiple AI agents to form a team of AI specialists that collaborate with their human peers to create a faster and more efficient cybersecurity team.

Advertisement. Scroll to continue reading.

Chinese keyboard apps leaking keystrokes

Citizen Lab researchers have analyzed the security of Chinese keyboard apps from nine vendors and found critical vulnerabilities in eight of them. The flaws can be exploited — in many cases by a passive network eavesdropper — to obtain the contents of users’ keystrokes in transit.

NVIDIA patches critical and high-severity vulnerabilities

NVIDIA this week published two new security advisories. One of them covers CVE-2024-0087, a critical flaw in Triton Inference Server that can lead to arbitrary code execution, privilege escalation and data tampering. Two medium-severity flaws have also been addressed in this product. The second advisory informs customers about two high-severity and one-medium severity vulnerabilities in the company’s ChatRTX product. 

USPS phishing campaign

Akamai discovered a phishing campaign targeting United States Postal Service (USPS) customers. The phishing domains set up by threat actors got as much traffic as the USPS’s real website.  

Los Angeles County phishing attack leads to data breach

The Los Angeles County Department of Health Services was recently targeted in a phishing attack that resulted in the email credentials of nearly two dozen employees getting compromised. The hacked email accounts contained personal and health information. 

Former CEO of security firm accused of lying about products and his work experience

Jack Blount, the former CEO of security firm Intrusion, has settled SEC charges that he made false and misleading statements about the company’s products and his own work experience. Blount has not admitted to any of the charges and he will not have to pay any fines, but he is barred from serving as an officer or director of a public company. 

Locked Shields 2024 cyber defense exercise

Roughly 4,000 experts from over 40 countries took part in the Locked Shields 2024 cyber defense exercise organized and hosted by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia. Participants trained to protect the infrastructure of a fictional country in a simulated environment, and this year’s event included AI and 5G technologies to reflect current trends.

New BMC vulnerability allows session hijacking and command execution

The Intelligent Platform Management Interface (IPMI) implementations in Baseboard Management Controller (BMC) software from multiple manufacturers are vulnerable to IPMI session hijacking, CERT/CC warned this week. An attacker with access to the BMC network can hijack sessions and execute arbitrary IPMI commands on the BMC. AMI and Microsoft are marked as affected in CERT/CC’s advisory, but many other vendors could also be impacted.

JP Morgan exposed data of 450,000 individuals

JP Morgan has informed authorities about a security incident that resulted in the exposure of information belonging to more than 450,000 individuals. The company was not targeted by malicious hackers. Instead, a software issue made it possible for some users to access retirement plan records they shouldn’t have had access to. Only three individuals had access and they all reported deleting the obtained data.

Qantas fixes data exposure bug

Australian airline Qantas has rushed to patch a bug in its app that resulted in customers being allowed to view the details of other passengers, including names and upcoming flight information. The company said no other information was exposed and it found no evidence of customers traveling with incorrect boarding passes as a result of the incident. 

Related: In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO

Related: In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights