FlagThis

The Russian threat actor Star Blizzard has shifted its tactics, now targeting WhatsApp accounts via spear-phishing. The campaign involves messages that prompt victims to join a WhatsApp group, where their credentials can be harvested. This marks a departure from their previous methods, likely to evade detection. The primary targets are individuals involved in government, diplomacy, defense, and international relations, indicating an espionage-focused campaign. The use of social engineering via WhatsApp is a notable shift for this APT group.

Aptos network has integrated Chainlink data oracles, allowing developers to access trusted off-chain data for building decentralized applications and enhance web3 development. The move improves scalability and security of Aptos-based applications by leveraging Chainlink’s tamper-proof and reliable data feeds. This integration aims to support the creation of secure and efficient applications.

A critical race condition vulnerability in Apache Tomcat web server has been disclosed which can lead to remote code execution (RCE). The vulnerability, identified as CVE-2024-50379, stems from a Time-of-Check to Time-of-Use (TOCTOU) issue in JSP compilation. This allows an unauthenticated attacker to execute arbitrary code remotely, which could lead to a full system compromise. This vulnerability emphasizes the importance of promptly applying security patches to web servers, as these are popular targets for malicious actors.

The White House has launched the Cyber Trust Mark program, a labeling scheme for IoT devices. This program informs consumers that applicable household products meet certain government-vetted cybersecurity standards. The Cyber Trust Mark aims to certify devices’ security, similar to the Energy Star label for energy efficiency. The initiative, coordinated with NIST and FCC, is set to have labeled products on shelves in 2025. This could encourage manufacturers to focus more on cybersecurity, and also help consumers pick safer devices.

This cluster details the latest research in cryptography, particularly focusing on post-quantum privacy and one-shot signatures using quantum methods. It discusses the creation of a Traceable Receipt-free Encryption (TREnc) scheme that resists quantum adversaries, addressing a critical limitation of existing mechanisms. Also it explains the use of quantum methods for unclonable private keys and the application of cryptography to protect personal data. The discussion also delves into the use of Verifiable Delay Functions (VDFs) to enhance blockchain technology. This cluster highlights recent breakthroughs in cryptographic protocols that aim to be resilient to quantum computing attacks.