Japanese electronics manufacturer Japan Aviation Electronics is recovering from a cyberattack for which the Alphv/BlackCat ransomware group has claimed responsibility.  The company was founded in 1953 and headquartered in Shibuya, Tokyo.  Japan Aviation Electronics manufactures electrical connectors, aerospace electronics, and user interface related devices.  The company noted that the incident occurred on November 2 and involved some of its servers being accessed by an unauthorized external party.

Researchers at the University of North Dakota (UND) will use an award from the US Department of Energy (DOE) to develop algorithms for a cybersecurity software tool that will help Distributed Energy Resources (DERs) securely participate in energy markets. Examples of DERs include solar and wind power generation methods and devices such as electric vehicle chargers. As these devices, which are typically connected to the Internet, are increasingly being added to power grids across the US, additional cybersecurity measures are required.

Although smart speakers such as Alexa offer convenience, they have raised some privacy concerns. As Columbia University researchers have pointed out, companies have developed technology that poses even greater threats to privacy: Artificial Intelligence (AI) and Machine Learning (ML) capable of determining a user's emotional state or mood based on their voice. Many researchers have been working on using voice data to infer emotions, mood, or even mental health, according to Asif Salekin, assistant professor of electrical engineering and computer science at Columbia University.

Experts at a recent virtual conference by R Street, a non-profit think tank, discussed the issues of data privacy and data security. Lack of regulation passed by congress leaves many companies amassing large data on users, customers, and consumers. with no requirements on how to safeguard and manage the information. Several bills have been introduced by congress, but as yet nothing has made it into law.

A recent threat intelligence assessment released by Microsoft’s Threat Analysis Center (MTAC) has warned of potential unprecedented challenges to the security of elections over the next year.  Microsoft suggested that authoritarian nation states may attempt to interfere with electoral processes using a combination of traditional methods and emerging technologies, including AI.  Microsoft stated that there is a need for governments, technology companies, businesses, and civil society to collaborate and take proactive steps to safeguard elections.

Formal systems verification is a relatively new technology that mathematically proves code is secure. Traditional software testing techniques are becoming less effective as software becomes more complex. Making software correct, safe, and secure is becoming increasingly important as the use of generative Artificial Intelligence (AI) techniques to automatically write programs rises.

Cybersecurity researchers have developed the first fully undetectable cloud-based cryptocurrency miner that uses the Microsoft Azure Automation service. The cybersecurity company SafeBreach discovered three different ways to run the miner, including one that can be executed on a victim's environment without drawing attention. Although this research is significant due to its potential impact on cryptocurrency mining, researchers believe it has far-reaching consequences in other areas, as the techniques could be applied to any task that requires code execution on Azure.

Farnetwork, the threat actor behind the Nokoyawa Ransomware-as-a-Service (RaaS), gained experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management. A report from the cybersecurity company Group-IB delves into Farnetwork's activity and how they became a highly active player in the ransomware business. Farnetwork shared details with threat intelligence analysts that link them to ransomware operations dating back to 2019 and a botnet with access to multiple corporate networks.

According to security researchers at Sophos, the share of global retailers hit by a serious ransomware breach over the past 12 months fell nearly 10 percentage points year-on-year (YoY), but just 26% were able to disrupt an attack before data was encrypted.  The researchers polled 355 IT and cybersecurity leaders in retail organizations with between 100 and 5000 employees.

The FBI warns of a callback phishing scam by the Silent Ransom Group to gain initial access to organizations targeted in a recent ransomware campaign. In callback phishing attacks, threat actors email employees at a target company, demanding payment for a fake account and instructing them to call the gang's call center to resolve the problem. Once the victim calls, the threat actors use social engineering techniques to trick them into installing malware on their computer, granting the group initial access to the target organization.