Articles of interest from the week of October 14, 2024

Chinese Researchers Break RSA Encryption With a Quantum Computer

The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA. (CSO)

“It should be noted that they have specifically factored a 22-bit RSA integer. This does not mean that the whole of RSA encryption is broken, but it certainly insinuates that the timeline for them being capable of breaking larger keys, such as 2048-bit and 4096-bit, may be much closer than we realize.    Currently, there are several models that have been approved by NIST that are quantum resistant. Those include CRYSTALS-Kyber (AKA ML-KEM), CRYSTALS-Dilithium (AKA ML-DSA), Sphincs+ (AKA SLH-DSA), and FALCON (AKA FN-DSA).    Mark Horvath with Gartner however, makes it very clear that this switch must occur, but it will be far from simple and if you haven't started planning now may be the time: "To resist attacks from both classical and quantum computers, organizations must transition to post-quantum cryptography (PQC). But that's hardly a simple switch. It will require more work than preparing for Y2K, and failure could have dangerous consequences. Further, many organizations haven't yet planned or budgeted for this shift.” – Craig Flynn, SOC Manager at Ingalls Information Security

New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed

Google has implemented increasingly sophisticated protections against those who would compromise your Gmail account—but hackers using AI-driven attacks are also evolving. According to Google’s own figures, there are currently more than 2.5 billion users of the Gmail service. No wonder, then, that it is such a target for hackers and scammers. Here’s what you need to know. (Forbes)

OpenAI Confirms Threat Actors Use ChatGPT To Write Malware

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. (BleepingComputer)

Microsoft Confirms Exploited Zero-Day in Windows Management Console

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. (SecurityWeek)

Internet Archive hacked, data breach impacts 31 million users

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. (BleepingComputer)

Phishing Guidance: Stopping the Attack Cycle at Phase One

This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. (CISA)

DOJ Seizes 41 Russian-Controlled Domains in Cyber-Espionage Crackdown

US authorities and Microsoft collaborate to disrupt Russian cyber-espionage operations, targeting hackers who stole sensitive information from American organizations and government agencies. (CSO)

Stealthy ‘Perfctl’ Malware Infects Thousands of Linux Servers

Researchers are raising the alarm for a newly discovered malware family targeting Linux systems to establish persistent access and hijack resources for cryptocurrency mining. The malware, called perfctl, appears to exploit over 20,000 types of misconfigurations and known vulnerabilities and has been active for more than three years. (SecurityWeek)

A UK Man Allegedly Used Genealogy Sites To Hack Execs’ Email Accounts and Make Millions on Stock Trades

Authorities charged Robert Westbrook recently with multiple counts of fraud after evidence showed he allegedly hacked the emails of senior executives from at least five U.S.-based companies and read their inboxes. Westbrook, 39, is accused of then trading ahead of the companies’ earnings results, reaping millions in illicit profits. (Yahoo Finance)