According to a new report from researchers at Duke University's Sanford School of Public Policy, data brokers are selling large amounts of highly sensitive data on American military service members. The study delves into the data broker industry, which collects personal information on individual consumers before selling it to marketers. The industry has grown rapidly in recent years, prompting California to enact a law that lets consumers prevent data brokers from gathering and selling their information with the click of a button.

The recent Okta Support system breach occurred because of the compromise of a service account with access to view and update customer support cases. Okta Security discovered that an employee had signed in to their personal Google profile on their Okta-managed laptop's Chrome browser. According to David Bradbury, Chief Security Officer at Okta, the service account's username and password were saved into the employee's personal Google account. The compromise of the employee's personal Google account or device is what most likely exposed this credential.

Ashish Venkat, an assistant professor of computer science and cybersecurity expert at the University of Virginia (UVA), has received a CAREER Award from the National Science Foundation (NSF) to develop a hardware and software system that enables rapid and secure mitigation of cyberattacks, including zero-day events.

A scientist claims to have created a low-cost system for using quantum computing to crack RSA, the world's most commonly used public key algorithm. However, multiple cryptographers and security experts have expressed skepticism regarding the claim. The scientist making the claim is Ed Gerck, who, according to his LinkedIn profile, is a quantum computing developer at Planalto Research, a company he founded.

The UK National Cyber Security Centre (NCSC) has updated its guidance to help in the migration to Post-Quantum Cryptography (PQC). The updated guidance builds on the NCSC 2020 white paper titled "Preparing for Quantum-Safe Cryptography." It includes advice on algorithm choices and protocol considerations following the availability of draft standards from the US National Institute of Standards and Technology (NIST). The "Q-Day" point, when quantum computers can break existing cryptographic algorithms such as Public-Key Cryptography (PKC), is coming.

Microsoft has launched the Secure Future Initiative to improve the overall security of its products and users. According to Brad Smith, Vice Chair and President of Microsoft, the growing speed, scale, and sophistication of cyberattacks requires a new response. He emphasized that ransomware attempts have increased by 200 percent since September 2022. Nation-state actors' cyber operations have become more advanced, and the most resourced attackers are quickly innovating.

In recent weeks, Apple has alerted people in Armenia about their phones being targeted by state-sponsored hackers, with several cybersecurity experts pointing at the Pegasus spyware. The number of spyware infections in Armenia has been steadily increasing over the last two years, according to CyberHUB, an Armenian digital rights organization investigating the incidents. Many infections are linked to Azerbaijan's government, which has a history of conflict with Armenia, particularly over the disputed Nagorno-Karabakh region.

Umar Iqbal, an assistant professor of computer science and engineering at Washington University in St. Louis, and his collaborators want to provide visibility into what information smart speakers capture, how it is shared with other parties, and how such parties use it. Consumers need to understand these devices' privacy risks and the impact of data sharing on people's online experiences.

Threat actors are using compromised Facebook business accounts to run malicious ads that involve inappropriate images as lures to trick victims into downloading an updated version of NodeStealer malware. Clicking on the ads downloads an archive containing a malicious .exe 'Photo Album' file that drops a second executable written in .NET. According to Bitdefender, this payload steals browser cookies and passwords. Meta first disclosed NodeStealer in May 2023 as a JavaScript malware designed to facilitate the hijacking of Facebook accounts.

Popular messaging and calling apps may reveal a user's IP address to the person on the other end of a call. Most chat apps use peer-to-peer connections by default, which means the user and the person they are talking to connect directly to each other in order to improve call quality. This is not necessarily a significant risk, but experts say it is unclear whether users are aware of this potential privacy issue or how calls over popular messaging apps like Telegram, Signal, WhatsApp, Facebook Messenger, Apple's FaceTime, Viber, Snapchat, and Threema work.