De Tijd – Hacking beurswaakhond SEC gebeurde door sim-swap
“De SEC zei ook dat de multifactorauthenticatie van zijn X-account afgelopen juli was uitgeschakeld en pas na het incident weer werd ingeschakeld. De multifactorauthenticatie is nu ingeschakeld op alle sociale media van de SEC, zegt de toezichthouder. “
Arstechnica: Microsoft network breached through password-spraying by Russian-state hackers
” A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one.”
De Tijd: Verbod op samenwerking met zeven risicovolle Chinese universiteiten
“Vlaanderen verbiedt de samenwerking van kennisinstellingen en universiteiten met zeven Chinese universiteiten, uit vrees dat ze gedeelde kennis inzetten voor militaire ontwikkelingen. “
Bleepingcomputer: TeamViewer abused to breach networks in new ransomware attacks
“Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.”
ISACA: Post-Quantum Cryptography: Are We Ready for Q Day?
“If we don’t do anything and later post-quantum cryptography becomes essential, then years of critical research time will have been lost. Therefore, it is wiser to research post-quantum cryptography now and be prepared for Q Day.”
BleepingComputer – Open AI rolls out imperfect fix for ChatGPT data leak flaw
“According to the researcher who discovered the flaw, the mitigation isn’t perfect, so attackers can still exploit it under certain conditions.” … “It is also mentioned that the client-side validation call has yet to be implemented on the iOS mobile app, so the attack remains 100% unmitigated there.”
CNBC – Can an AI chatbot be convicted of an illegal wiretap? A case against Gap’s Old Navy may answer that
“Old Navy is facing a lawsuit in the Central District of California alleging that its AI chatbot participates in illegal wiretapping by logging, recording and storing conversations. “
BleepingComputer – Ransomware gang files SEC complaint over victim’s undisclosed breach
“The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.”
Bankinfosecurity – Denmark Hit With Largest Cyberattack on Record
“Most of the attacks were possible because the companies had not updated their firewalls, said SektorCERT. It said several companies opted out of the software update because there was a charge for installation. Some companies mistakenly assumed the relatively new Zyxel firewalls already featured the latest updates, and others wrongly believed the vendor was responsible […]
Securityweek – Operations at Major Australian Ports Significantly Disrupted by Cyberattack
“It’s worth pointing out that organizations may say a cyberattack is not a ransomware attack if it does not involve file-encrypting malware. Several major ransomware operations now only steal valuable data from victims to convince them to pay a ransom.”