A leading genetics testing firm recently confirmed that threat actors accessed customers’ profile information following a credential stuffing campaign.  San Francisco-headquartered 23andMe offers DNA testing, ancestry information, and personalized health insights for millions of customers.  A threat actor known as “Golem” posted an ad to BreachForums last week, offering “raw data profiles,” “tailored ethnic groupings,” “individualized data sets,” and much more to online buyers.  Prices start at $1,000 for 100 profiles and max out at $100,000 for 100,000 profiles.

Google has recently announced the expansion of its vulnerability rewards program with two events focused on Chrome’s V8 JavaScript rendering engine and on Kernel-based Virtual Machine (KVM).  The v8CTF, which has already started, allows security researchers to earn monetary rewards for successfully exploiting a V8 version running on Google’s infrastructure.  According to the program’s rules, security researchers submitting valid exploits are eligible for a reward of $10,000.  The kvmCTF is set to be launched later this year.

The District of Columbia Board of Elections (DCBOE) recently confirmed that voter records were compromised in a data breach at a third-party services provider.  An independent agency of the District of Columbia Government, the DCBOE is responsible for the administration of ballot access, elections, and voter registration.  The agency stated that on 10/5, it became aware of a cybersecurity incident involving DC voter records.  While the incident remains under investigation, DCBOE’s internal databases and servers were not compromised.

A team of researchers led by the University of North Carolina at Charlotte is working to develop a more secure and reliable power grid. The team will build advanced cybersecurity research capacity in order to better understand how to protect and optimize the energy grid as clean energy sources and production continue to evolve globally.

The invasion of Ukraine by Russia prompted an unprecedented number of individuals to join patriotic cyber gangs. Therefore, to protect civilians, the International Committee of the Red Cross (ICRC) has published rules of engagement for civilian hackers involved in conflicts. According to the ICRC, this is not the first time civilian hackers have operated in an armed conflict, nor will it be the last.

The Rochester Institute of Technology (RIT) will use the $500,000 funding from the Google Cybersecurity Clinics Fund to train new cybersecurity professionals and provide public services. The funding from Google[.]org, the company's philanthropic arm, is part of a $20 million partnership with the Consortium of Cybersecurity Clinics announced by Google's CEO, Sundar Pichai, in June. RIT's cybersecurity clinic will deploy student teams to provide free cyber assessment services and resources to community groups, including nonprofits, small businesses, municipal organizations, and schools.

In a recent experimental breakthrough in secure quantum communication, researchers at the Indian Institute of Technology (IIT) Delhi have achieved a trusted-node-free Quantum Key Distribution (QKD) up to 380 kilometers in standard telecom fiber with a low Quantum Bit Error Rate (QBER). Low QBER enables the Differential Phase Shift (DPS) QKD scheme to be resistant to collective and individual attacks. This article continues to discuss IIT Delhi's experimental breakthrough in secure quantum communication.

Oospy, a short-lived spyware operation that emerged earlier this year after its predecessor Spyhide was compromised, has ceased operations. In July, Oospy appeared online as a rebranding of the phone monitoring app called Spyhide, which enabled the surveillance of tens of thousands of Android device owners. After a security breach exposed the operation and its administrators, Spyhide was shut down.

A cybersecurity program at Boise State University in Idaho called the Cyberdome is extending its services to rural schools and governments. The program aims to help address technology workforce challenges by training the next generation of cyber professionals. It is a partnership with Steller Cyber's Open XDR platform, a threat detection software powered by Artificial Intelligence (AI).

According to a PwC survey, as cybersecurity threats increase, organizations are eager to use Artificial Intelligence (AI) for revenue growth and productivity efforts. However, threat actors are scaling up generative AI-powered attacks. Almost three-quarters of organizations plan to use generative AI for cybersecurity defense within the next year. At the same time, most respondents (52 percent) believe that generative AI will contribute to "catastrophic cyberattacks" within the next 12 months.