Arstechnica: Microsoft network breached through password-spraying by Russian-state hackers
” A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one.”
ISACA: Post-Quantum Cryptography: Are We Ready for Q Day?
“If we don’t do anything and later post-quantum cryptography becomes essential, then years of critical research time will have been lost. Therefore, it is wiser to research post-quantum cryptography now and be prepared for Q Day.”
BleepingComputer – Ransomware gang files SEC complaint over victim’s undisclosed breach
“The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.”
Bankinfosecurity – Denmark Hit With Largest Cyberattack on Record
“Most of the attacks were possible because the companies had not updated their firewalls, said SektorCERT. It said several companies opted out of the software update because there was a charge for installation. Some companies mistakenly assumed the relatively new Zyxel firewalls already featured the latest updates, and others wrongly believed the vendor was responsible […]
Securityweek – Operations at Major Australian Ports Significantly Disrupted by Cyberattack
“It’s worth pointing out that organizations may say a cyberattack is not a ransomware attack if it does not involve file-encrypting malware. Several major ransomware operations now only steal valuable data from victims to convince them to pay a ransom.”
The Register – Janet Jackson music video declared a cybersecurity exploit
“The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.”
StackDiary – Zoom’s Updated Terms of Service Permit Training AI on User Content Without Opt-Out
“What raises alarm is the explicit mention of the company’s right to use this data for machine learning and artificial intelligence, including training and tuning of algorithms and models. “
MUO – 6 Ways to Protect Your Privacy in the Era of AI
“Artificial intelligence (AI) has slowly but steadily permeated almost every aspect of our digital lives, opening us up to one of the most potent privacy concerns since the rise of social media. But how can we deal with this new threat?”
CP24 – Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security
“Instead of weaseling their way into systems and requesting cash just to give back control, Khoury’s found many attackers are now focused on stealing data and other sensitive information they can threaten to release or sell.”
Bleepingcomputer – University of Manchester confirms data theft in recent cyberattack
“The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alums and current students.”