Siemens urges updates for fire protection system vulnerabilities, posing remote attack risks. GitGuardian report reveals 12 million secrets exposed on GitHub, notably in IT and education. A breakthrough 3D nanoscale optical disk promises revolution in data storage. FortiGuard Labs unveils a complex Java-based RAT phishing campaign. Techniques discovered for bypassing AI restrictions, raising security concerns. EquiLend and Leicester City Council experience cyberattacks, while a WordPress plugin flaw and D-Link router vulnerability pose widespread threats. South Korean national arrested in Russia for cyber espionage, and a former Google engineer in the US for stealing tech secrets.

Roku experienced a data breach affecting over 15,000 customer accounts, leading to fraudulent activities. The Cybersecurity and Infrastructure Security Agency (CISA) faced a breach from Ivanti product vulnerabilities. A counterfeit Leather wallet app was implicated in cryptocurrency theft and removed from the Apple App Store. QNAP addressed security flaws in NAS devices, and a banking trojan called CHAVECLOAK targeted Brazilian users, underscoring the urgency of robust cybersecurity measures. Paysign investigates a data breach potentially impacting 1.2 million records. New sanctions target individuals associated with Intellexa Consortium's Predator spyware.

The Magnet Goblin group exploits vulnerabilities to install malware on systems, urging the adoption of patches and security measures like network segmentation. A notable exploit involves a vulnerability in the Popup Builder plugin for WordPress, risking over 3,300 websites. The cryptocurrency sector faces attacks exploiting smart contract flaws, resulting in significant losses mitigated by token burns and bounties. Acuity Inc. suffered a data breach, leaking sensitive federal information for $3,000 in Monero. Canva reported vulnerabilities affecting font security, recommending sandboxing and patching. In 2015, 000webhost experienced a data breach, exposing 15 million records.

The Fortinet FortiOS vulnerability CVE-2024-21762 threatens 150,000 devices, requiring updates for mitigation. Microsoft strengthens security after Russian hackers exploit an old account. Hacker Ebrietas in the USA earns rewards for exposing T-Mobile flaws. South Korea's National Police Agency creates a tool to detect deepfakes with 80% accuracy, enhancing election security. Security vulnerabilities identified in video doorbells, QNAP NAS systems, and Canon printers necessitate firmware updates. A new Google Chrome extension monitors extension ownership changes. The Have I Been Pwned API helps check for personal data breaches. NUKEMAP visualizes nuclear detonations' impacts. Magnet Goblin cybercrime group leverages malware in attacks.

A malware campaign called Balada Injector exploits a vulnerability in the Popup Builder WordPress plugin, impacting over 3,300 sites, preventable by updating the plugin. HKCERT warns of increased phishing in Hong Kong. Magnet Goblin targets Ivanti VPN and Magento servers using NerbianRAT malware. Rhysida's ransomware attack on Lurie Children's Hospital in Chicago involved data theft. pgAdmin addressed a critical vulnerability in version 8.4. Midnight Blizzard, a Russian group, stole Microsoft's source code. Meta plans interoperability for its messaging services, aligning with the EU's Digital Markets Act.

Jared Folkins calls up Jack Rhysider. He asks him about his Dad, CactusCon, and if Jack has any advice for job seekers in this difficult job market.

In the news, the Xunlei Accelerator app, deemed a security threat, contains outdated elements leading to potential system breaches. TA4903, disguising as U.S. agencies, uses QR codes in BEC attacks, while compromised WordPress sites spread bruteforcing scripts, indicating strategic shifts. Tycoon and Storm-1575 target U.S. schools with advanced phishing; the Bifrost Trojan attacks Linux users through typosquatting. Cisco, Qualcomm, Microsoft, and Veritas address significant vulnerabilities. The Play ransomware group, JetBrains TeamCity, and Northeast Orthopedics face data breaches, alongside millions of Glosbe and Tesla users. North Korean hackers deploy ToddlerShark malware, and various entities face increased cyber threats. Cybercrime evolves, emphasizing the need for digital protection and global response efforts.

In the news, Chinese state-sponsored hackers executed the Volt Typhoon cyber intrusion, revealing significant U.S. infrastructure vulnerabilities. Fidelity Investments notified customers of a potential data breach due to a LockBit ransomware attack. The EU mandated Apple to fix two critical iOS vulnerabilities. Amidst escalating cyber threats, Canada's FINTRAC and Duvel Moortgat Brewery faced significant cyberattacks. Globally, companies and governments are being urged to enhance cyber defenses and patch vulnerabilities to combat sophisticated cyber-espionage and ransomware campaigns.

Microsoft is engaging in archival storage research for cloud-scale data preservation, focusing on DNA and silica media. Dataplane.org reports a new DNS scanning technique called Destination-Adjacent Source Address Spoofing since August 2023, possibly originating from China. The BlackCat ransomware group appears to have conducted an exit scam. A retired US Army Lieutenant Colonel is charged for allegedly transmitting classified information on a dating app. The RA World ransomware group uses leaked Babuk source code for cyberattacks. Meta Platforms faced a global outage affecting multiple services, with no official explanation provided. QEMU vulnerabilities are being exploited by attackers to create covert network tunnels. Microsoft has patched a Windows zero-day vulnerability exploited by North Korea's Lazarus group. Facebook and Instagram users experienced login issues during a global outage. Details of classified military information were shared on a dating app by a retired U.S. Air Force employee. Android’s "run-as" tool has a vulnerability patched in the March 2024 Security Bulletin. Cybercriminals formed GhostLocker 2.0 ransomware from GhostSec and Stormous groups. Rapid7 criticized JetBrains for improper disclosure handling about TeamCity server vulnerabilities. The European Commission fined Apple €1.8 billion for anti-competitive practices. Hackers exploited Google's AI for bounties during a Bug Bounty event. In Israel, new malware called Morris II targets AI-powered email systems. Security flaws have been reported in RT-Thread OS. A critical flaw in HashiCorp's Vault, CVE-2024-2048, requires urgent patching. A new banking Trojan named CHAVECLOAK targets Brazilian users. Savvy Seahorse cybercrime group manipulates CNAME DNS records in scams. Linux systems face critical vulnerabilities in DNF’s dnf5daemon-server. A cybersecurity expert in Hanoi collected Wi-Fi passwords with a homemade antenna. The "SubdoMailing" phishing operation affects over 8,000 compromised subdomains. RAF fugitive Daniela Klette was identified using facial recognition tools.

The ALPHV/BlackCat ransomware group's site disappeared after claiming an attack on Change Healthcare, which affected prescription services, while Russian operatives recorded a German military Webex conversation about Ukraine's missile strategies, leading to a German investigation. The European Commission fined Apple $1.95 billion for anti-competitive App Store practices, which Apple will contest. WordPress plugin users were alerted to a Godzilla Web Shell exploit, advised to update systems. Hikvision patched two vulnerabilities in HikCentral Professional, recommending software updates.

Georgia Tech researchers developed malware that could attack logic controllers like Stuxnet via web APIs. Ukraine claimed hacking Russia's Ministry of Defense, while researchers created AI worms, Morris II, warning against AI system vulnerabilities. American Express announced a data breach from a third-party source, and South Korean intelligence reported increased cyber espionage by North Korea on semiconductor data. Indian cybercriminals use XHelper app and money mules to launder funds through UPI, with calls for stronger mobile security.

Global calls to ban ransomware payments accompany suggestions for governmental aid frameworks for victims. Cyber incidents include ransomware and data breaches affecting UnitedHealth Group, Cutout.Pro, Lurie Children’s Hospital, Houser LLP, Walmart's Spark delivery, and the espionage operation SPIKEDWINE. Also noted were security gaps in Ivanti and ConnectWise products, Anycubic 3D printer hacking, rising Web API attacks, and Iranian espionage on the aerospace industry.

EU consumer groups accuse Meta of GDPR breaches with excessive data collection, whereas researcher HaxRob discovered GTPDOOR, a Linux backdoor linked to the Light Basin group, aimed at telecommunications and evading antiviruses.