Bleepingcomputer: TeamViewer abused to breach networks in new ransomware attacks
“Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.”
ISACA: Post-Quantum Cryptography: Are We Ready for Q Day?
“If we don’t do anything and later post-quantum cryptography becomes essential, then years of critical research time will have been lost. Therefore, it is wiser to research post-quantum cryptography now and be prepared for Q Day.”
BleepingComputer – Open AI rolls out imperfect fix for ChatGPT data leak flaw
“According to the researcher who discovered the flaw, the mitigation isn’t perfect, so attackers can still exploit it under certain conditions.” … “It is also mentioned that the client-side validation call has yet to be implemented on the iOS mobile app, so the attack remains 100% unmitigated there.”
CNBC – Can an AI chatbot be convicted of an illegal wiretap? A case against Gap’s Old Navy may answer that
“Old Navy is facing a lawsuit in the Central District of California alleging that its AI chatbot participates in illegal wiretapping by logging, recording and storing conversations. “
BleepingComputer – Ransomware gang files SEC complaint over victim’s undisclosed breach
“The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.”
Bankinfosecurity – Denmark Hit With Largest Cyberattack on Record
“Most of the attacks were possible because the companies had not updated their firewalls, said SektorCERT. It said several companies opted out of the software update because there was a charge for installation. Some companies mistakenly assumed the relatively new Zyxel firewalls already featured the latest updates, and others wrongly believed the vendor was responsible […]
Securityweek – Operations at Major Australian Ports Significantly Disrupted by Cyberattack
“It’s worth pointing out that organizations may say a cyberattack is not a ransomware attack if it does not involve file-encrypting malware. Several major ransomware operations now only steal valuable data from victims to convince them to pay a ransom.”
Forbes – Why Enterprise Storage Should Be A Key Cybersecurity Focus
“It’s no laughing matter that cybercriminals are increasingly hacking into the storage infrastructure of enterprises across the world because of the lack of cyber resilience.”
Help Net Security – Ransomware dwell time hits new low
“Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos. In 2022, the median dwell time decreased from 15 to 10 days.”
FoxNews – Six privacy and security questions and answers to clear up once and for all
“If you’re tossing your hair back, saying, “Well, I don’t have anything a hacker would want,” think again. Hackers aren’t picky eaters.”