A notorious ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself.  The ransomware group known as Alphv/BlackCat has claimed to have breached the systems of MeridianLink, a California-based company that provides digital lending solutions for financial institutions and data verification solutions for consumers.

Researchers from the University of Chicago's Department of Computer Science were recently honored by Samsung for identifying previously unknown vulnerabilities in smart TVs, earning them a place in the Samsung Hall of Fame. The team demonstrated how an attacker could use the audio on Samsung and Apple TVs to guess when a user is typing, the length of the entered information, and the number of cursor movements between selections. Their side-channel attack shows how easily hackers could guess a user's passwords and credit card numbers. One of the researchers, Ph.D.

A research team in China is using quantum physics, mature cryptography, and storage techniques to create a cost-effective cloud storage solution. Shamir's Secret Sharing (SSS) is a known key distribution algorithm involving distributing private information to a group so that the secret can only be revealed when a majority pools their knowledge. Combining Quantum Key Distribution (QKD) and the SSS algorithm is common for secure storage at the highest security level. However, the most secure solutions tend to be costly, especially regarding cloud storage space requirements.

Researchers have discovered new vulnerabilities in Google Workspace, with exploits potentially resulting in ransomware attacks, data exfiltration, and password decryption. According to Bitdefender researchers, the methods could be used to access Google Cloud Platform (GCP) with custom permissions and move from machine to machine. This article continues to discuss the potential exploitation and impact of the Google Workspace vulnerabilities as well as Google's response to them.

Synopsys' security testing service revealed a significant decrease in software vulnerabilities from 2020 to 2022. According to Synopsys, 97 percent of tests on target applications identified severe vulnerabilities in 2020. However, this fell to 95 percent in 2021 and then to 83 percent in 2022. This improvement could be attributed to the increased adoption of practices such as automated testing and code reviews, which have effectively reduced exploitation opportunities for hackers. However, the security company emphasizes that certain areas still pose a higher risk to organizations.

The Federal Communications Commission (FCC) has proposed establishing a "Schools and Libraries Cybersecurity Pilot Program" to allow officials to collect data on the cybersecurity and advanced firewall services that would best help K-12 schools and libraries across the US protect themselves from hackers. Many schools have experienced Internet and phone outages because of cyberattacks such as ransomware attacks since the start of the school year in August, with several having to cancel school days or post notices of stolen data.

According to security researchers at eSentire’s Threat Response Unit (TRU), the notorious ALPHV/BlackCat ransomware has been observed using Google Ads to distribute malware.  In a new advisory published recently, the researchers said it intercepted and thwarted attempts by ALPHV/BlackCat affiliates to breach a law firm, a manufacturer, and a warehouse provider within the past three weeks.  The new tactic the researchers observed involves using Google Ads promoting popular software like Advanced IP Scanner and Slack, leading business professionals to attacker-controlled websites.