PrivacyTest – What are the best private browsers in 2024?
“Which browsers isolate websites to prevent them from sharing data to track you?“
Médis de Bruxelles – L’Ihecs victime d’une attaque informatique
“L’Ihecs (Institut des hautes études des communications sociales) a été victime d’une attaque informatique de type “ransomware“.”
The Hacker News: Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account
“It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of an old, inactive account. “
VRTNWS: Nog hinder bij CM-zorgwinkelketen Goed na cyberaanval
“Goed, het netwerk van apotheken en thuiszorgwinkels van de CM, ondervindt nog steeds problemen na een cyberaanval. De thuiszorgwinkels en apotheken blijven open, maar betalen met Bancontact is niet altijd mogelijk. Het is nog niet duidelijk of de hackers medische gegevens of andere gevoelige informatie hebben buitgemaakt.”
ZDNET – Don’t tell your AI anything personal, Google warns in new Gemini privacy notice
“What does it all mean? Simply stated, you should definitely heed Google’s warning and never include sensitive information in your Gemini interactions. Ever.“
CNN – Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
“A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.”
Bleepingcomputer – Over 5,300 GitLab servers exposed to zero-click account takeover attacks
“Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism.”
Arstechnica: Microsoft network breached through password-spraying by Russian-state hackers
” A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one.”
ISACA: Post-Quantum Cryptography: Are We Ready for Q Day?
“If we don’t do anything and later post-quantum cryptography becomes essential, then years of critical research time will have been lost. Therefore, it is wiser to research post-quantum cryptography now and be prepared for Q Day.”
BleepingComputer – Ransomware gang files SEC complaint over victim’s undisclosed breach
“The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.”