README_

In the latest edition of the Changelog newsletter, README senior editor Nathaniel Mott examines U.S. and Japanese agencies' warning that Chinese hackers are targeting routers, the latest in the Storm-0558 hack and 40 years of the GNU Project: hubs.ly/Q023SShH0

README has introduced a new series called Commit to bring you the latest #cybersecurity news every Monday and Tuesday. Check out the first Commit here hubs.ly/Q022Rvkj0 and the second one here hubs.ly/Q022RzH60 then keep an eye out for more next week!

This week in README, @roblemos reported on the ongoing dangers caused by cyberattacks on the medical industry. "Until healthcare facilities are well protected," Lemos wrote, "their systems — and human lives — will continue to be at risk." hubs.ly/Q022qyr-0

In case you missed it, @msbrumfield reported from the Billington Cyber Summit last week, where many of the attendees had both the offensive and defensive possibilities for generative AI on their minds: hubs.ly/Q021Yj_x0

Costly business email compromise scams are getting an #AI boost. Don’t miss @RobLemos’s breakdown of how AI #technology and deep neural networks are upending the cyberthreat landscape: hubs.ly/Q020Y0_L0

London’s Metropolitan Police Service has suffered a “staggering” security breach involving a third-party supplier that had access to names and pay scales of staff and officers, among other sensitive information, as @guardian reported: hubs.ly/Q020yY5b0

From "spy chips" in weather equipment to a cyberespionage campaign targeting Taiwan, it's been another busy week for #hacking news linked to China. Don't miss the latest installment of @NathanielMott's Changelog #cybersecurity newsletter 🗞️: hubs.ly/Q020pytZ0

For more on QR code security, check out @nathanielmott's report from last February, when Coinbase's Super Bowl ad prompted dire warnings about the dangers of scanning these ubiquitous squares: readme.synack.com/crying-wolf-ov…

But QR codes can be used to evade common security measures, especially when scanned with personal devices rather than enterprise-protected systems, and Cofense said this campaign "may indicate that malicious actors are testing the efficacy of QR codes as a viable attack vector."

Someone has finally used malicious QR codes in real-world attacks. Cofense revealed on Aug. 16 that it "observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries." cofense.com/blog/major-ene…

@msbrumfield @nathanielmott And, to top it all off, you can also check us out on @LinkedIn. (Don't worry: We'll continue to post on the social platform we all still know as Twitter.) linkedin.com/feed/update/ur…

We've also published @msbrumfield's report on Dark Caracal, a surprisingly inept yet curiously effective cyber mercenary group: readme.synack.com/dark-caracal-a… And, of course, we recapped the week's news in the most recent Changelog newsletter via @nathanielmott: readme.synack.com/u.s.-cyber-boa…

🗞️ README has moved to a new site, boasting an updated design and the same committed #cybersecurity coverage you've come to expect! If you've recovered from Hacker Summer Camp, don't miss our reporting on this year's #BHUSA and #DEFCON31 conferences ✍️: hubs.ly/Q01_dGwc0

This report follows the claim that the U.S. hacked an earthquake monitoring center in Wuhan in late July, though it's unclear what the Chinese government believes would have motivated that hack, or how it could further U.S. interests. reuters.com/world/china/ch…

China's state-run news outlet Global Times said today "Chinese authorities will publicly disclose a highly secretive global reconnaissance system of the US government, which poses a serious security threat to China's national security and world peace." globaltimes.cn/page/202308/12…

The CSRB, meanwhile, was founded in response to the SolarWinds hack of 2020. (Although the group has yet to study that particular campaign bloomberg.com/news/newslette….) Its first report was on the expected fallout of the Log4Shell vulnerabilities in Log4j: readme.security/once-in-a-gene…

Lapsus$ was a prolific hacking group that compromised tech giants like Microsoft, Nvidia, Samsung and T-Mobile throughout 2021 and 2022: readme.security/lapsus-breaks-…

The Cyber Safety Review Board today released its second report, "Review Of The Attacks Associated with Lapsus$ And Related Threat Groups," which the Department of Homeland Security-backed group started to study in December 2022: cisa.gov/resources-tool…

These efforts will be organized as The AI Cyber Challenge (AIxCC) by DARPA and its partners: Anthropic, Google, Microsoft, OpenAI, the Open Source Security Foundation, Black Hat USA and DEF CON. Details on AIxCC's schedule and payouts can be found here: aicyberchallenge.com

The White House said today it will "challenge competitors across the [U.S.] to identify and fix software vulnerabilities using AI" to "protect the [U.S.'] most important software, such as code that helps run the internet and our critical infrastructure." whitehouse.gov/briefing-room/…