At the Defcon safety convention in Las Vegas final weekend, thousands of hackers competed in a red-team challenge to seek out flaws in generative AI chat platforms and assist higher safe these rising programs. Meanwhile, researchers offered findings throughout the convention, together with new discoveries about strategies to bypass a recent addition to Apple’s macOS that’s alleged to flag probably malicious software program in your pc. 

Kids are facing a massive online scam campaign that targets them with faux presents and promotions associated to the favored video video games Fortnite and Roblox. And the racket all traces again to at least one rogue digital advertising and marketing firm. The social media platform X, previously Twitter, has been submitting lawsuits and pursuing a strategic legal offensive to oppose researchers who study hate speech and online harassment utilizing knowledge from the social community.

On Thursday, an innovation company inside the US Department of Health and Human Services announced plans to fund research into digital defenses for health care infrastructure. The aim is to quickly develop new instruments that may shield US medical programs towards ransomware assaults and different threats.

But wait, there’s extra! Each week, we spherical up the tales we didn’t cowl in depth ourselves. Click the headlines to learn the total tales. And keep protected on the market.

A big phishing marketing campaign that’s been energetic since May has been focusing on an array of firms with malicious QR codes in makes an attempt to steal Microsoft account credentials. Notably, researchers from the safety agency Cofense noticed the assaults towards “a major Energy company based in the US.” The marketing campaign additionally focused organizations in different industries, together with finance, insurance coverage, manufacturing, and tech. Malicious QR codes have been utilized in almost a 3rd of the emails reviewed by researchers. QR codes have disadvantages in phishing, since victims should be compelled to scan them for the assault to progress. But they make it tougher for victims to judge the trustworthiness of the URL they’re clicking on, and it’s extra doubtless that emails containing a QR code will attain their goal, as a result of it’s tougher for spam filters to evaluate QR photos included in an attachment like a PDF.

It’s widespread observe for attackers—each prison actors and state-backed hackers—to rip-off or in any other case lure victims from a place to begin of mainstream providers like e-mail, picture sharing, or social media. Now, analysis from the safety agency Recorded Future makes an attempt to categorize the varieties of malware most frequently distributed from these numerous jumping-off factors, and which methods are commonest. The aim was to present defenders deeper perception into the providers they should prioritize securing. The evaluation discovered that cloud platforms are probably the most utilized by attackers, however communication platforms like messaging apps, e-mail, and social media are additionally broadly abused. Pastebin, Google Drive, and Dropbox have been all well-liked amongst attackers, as are Telegram and Discord.

In response to the “Downfall” Intel processor vulnerability disclosed by Google researchers last week, organizations have been releasing tailor-made fixes for the flaw. The bug may very well be exploited by an attacker to seize delicate info like login credentials or encryption keys. Amazon Web Services, Google Cloud, Microsoft Azure, Cisco, Dell, Lenovo, VMWare, Linux distributions, and plenty of others have all launched steerage on responding to the vulnerability. Prior to public disclosure, Intel spent a 12 months growing fixes to distribute throughout the business and coordinating to encourage widespread patch launch from particular person distributors.