May 3, 2024 at 10:29AM
SecurityWeek offers a weekly roundup of cybersecurity news, highlighting significant developments from the latest vulnerability discoveries to industry reports. This week’s stories cover a former NSA employee’s prison sentence, a fundraising by Bricklayer AI, Chinese keyboard app vulnerabilities, NVIDIA and USPS phishing campaigns, a Los Angeles County data breach, and more.
From the meeting notes provided, here are the main takeaways:
1. Former NSA Employee Sentenced: Jareh Sebastian Dalke, a former NSA employee, has been sentenced to over 21 years in prison for attempting to sell classified national defense information to Russia.
2. Bricklayer AI’s Investment: Bricklayer AI has received a pre-seed investment of $2.5 million to advance the development of its autonomous AI security analyst solution.
3. Vulnerabilities in Chinese Keyboard Apps: Citizen Lab researchers have identified critical vulnerabilities in Chinese keyboard apps from nine vendors, which could lead to the leakage of users’ keystrokes.
4. NVIDIA Patches Vulnerabilities: NVIDIA has addressed critical and high-severity vulnerabilities in its Triton Inference Server and ChatRTX product.
5. USPS Phishing Campaign: Akamai has uncovered a phishing campaign targeting United States Postal Service (USPS) customers.
6. Los Angeles County Phishing Attack: The Los Angeles County Department of Health Services was targeted in a phishing attack, leading to a data breach involving personal and health information.
7. Former CEO’s Charges: Jack Blount, the former CEO of security firm Intrusion, has settled SEC charges regarding false and misleading statements about the company’s products and his work experience.
8. Locked Shields 2024 Cyber Defense Exercise: The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) hosted the Locked Shields 2024 cyber defense exercise, involving roughly 4,000 experts from over 40 countries.
9. BMC Vulnerability: CERT/CC warned about a new BMC vulnerability that allows session hijacking and command execution.
10. JP Morgan’s Data Exposure: JP Morgan reported a security incident that exposed information belonging to more than 450,000 individuals due to a software issue.
11. Qantas App Patch: Qantas fixed a bug in its app that allowed customers to view the details of other passengers.
These are the key highlights from this week’s cybersecurity news roundup.