US restaurant chain Golden Corral recently announced that personal information was stolen in a data breach.  The incident, the company says, was identified on August 15, 2023, and led to the disruption of certain corporate operations.  The company noted that the investigation that ensued determined that a threat actor accessed certain systems and “acquired certain data relating to current and former employees and beneficiaries between August 11, 2023, until August 15, 2023”.

Researchers at the Georgia Institute of Technology have discovered a way to take over computers that control infrastructure and industrial systems. Programmable Logic Controllers (PLCs) increasingly include embedded web servers and can be accessed on-site using web browsers. Attackers can use this method to gain complete access to the system. Such access could allow them to make motors spin out of control, turn off power relays or water pumps, disrupt Internet or telephone communication, or steal sensitive information. They could also launch or disrupt weapons.

A new report from Synopsys reveals an alarming increase in high-risk vulnerabilities in commercial codebases, raising the risk of hacking and data theft. Although the percentage of codebases with at least one open-source vulnerability remained consistent year-over-year at 84 percent, significantly more codebases had high-risk vulnerabilities in 2023. The percentage of codebases with high-risk open-source vulnerabilities increased from 48 percent in 2022 to 74 percent in 2023.

Consumer Reports detailed a security flaw in several Internet-connected doorbell cameras that allows hackers to hijack them. The organization published research on four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China. According to Consumer Reports, the most significant issue is that if someone is near an EKEN doorbell camera, they can take control of it by downloading its official app, Aiwit, and pairing the camera by holding down the doorbell's button for eight seconds.

The National Institute of Standards and Technology's (NIST) Artificial Intelligence (AI) Bug Finder is a detection technology that identifies errors in code without executing the code itself and serves as a testbed. NIST's Information Technology Laboratory received a Department of Homeland Security (DHS) Commercialization Accelerator Program (CAP) grant in 2022 to support its AI Bug Finder project, and the research behind it continues. It has the advantage of being a modular program that enables the comparison of various AI-based techniques and datasets.

European discount retailer Pepco Group recently revealed that its Hungarian business has lost a significant amount of money to cybercriminals.  The UK-based company reported losing roughly $16.8 million in cash due to a "sophisticated fraudulent phishing attack." The company noted that an investigation has been launched and is working with banks and the police to recover the money.  Still, the company says it needs to determine whether the funds can be recovered.

The Federal Bureau of Investigation (FBI) and international law enforcement agencies disrupted some of the BlackCat ransomware group's operations two months ago, but elements of the group remain active, primarily targeting healthcare organizations. The FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) released a new advisory on the group's activities, warning that BlackCat, also known as ALPHV, continues to operate despite law enforcement disruption and the release of a decryption tool for victims.

According to Enea, 76 percent of companies lack adequate voice and messaging fraud protection as Artificial Intelligence (AI)-powered voice phishing (vishing) and SMS phishing (smishing) increased after ChatGPT was launched. Sixty-one percent of businesses continue to suffer significant losses due to mobile fraud, with smishing and vishing being the most common and costly. Companies make up a sizable number of Communication Service Provider (CSP) subscribers.