README_

Someone has finally used malicious QR codes in real-world attacks. Cofense revealed on Aug. 16 that it "observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries." https://t.co/YnmeMyyAyS

But QR codes can be used to evade common security measures, especially when scanned with personal devices rather than enterprise-protected systems, and Cofense said this campaign "may indicate that malicious actors are testing the efficacy of QR codes as a viable attack vector."

This report follows the claim that the U.S. hacked an earthquake monitoring center in Wuhan in late July, though it's unclear what the Chinese government believes would have motivated that hack, or how it could further U.S. interests. https://t.co/KCiViZ1czH

China's state-run news outlet Global Times said today "Chinese authorities will publicly disclose a highly secretive global reconnaissance system of the US government, which poses a serious security threat to China's national security and world peace." https://t.co/awExCXAoc4

The CSRB, meanwhile, was founded in response to the SolarWinds hack of 2020. (Although the group has yet to study that particular campaign https://t.co/5YDKUsGdjz.) Its first report was on the expected fallout of the Log4Shell vulnerabilities in Log4j: https://t.co/LPLiMpHA1r

The Cyber Safety Review Board today released its second report, "Review Of The Attacks Associated with Lapsus$ And Related Threat Groups," which the Department of Homeland Security-backed group started to study in December 2022: https://t.co/zkJn8zP0N3

Lapsus$ was a prolific hacking group that compromised tech giants like Microsoft, Nvidia, Samsung and T-Mobile throughout 2021 and 2022: https://t.co/scfPkMFFAq

These efforts will be organized as The AI Cyber Challenge (AIxCC) by DARPA and its partners: Anthropic, Google, Microsoft, OpenAI, the Open Source Security Foundation, Black Hat USA and DEF CON. Details on AIxCC's schedule and payouts can be found here: https://t.co/opqzRXvOtu

The White House said today it will "challenge competitors across the [U.S.] to identify and fix software vulnerabilities using AI" to "protect the [U.S.'] most important software, such as code that helps run the internet and our critical infrastructure." https://t.co/UmU59X7CMi