Welcome reader to your CybersecurityHQ report.

Headlines

Ticketmaster is making dual cybersecurity headlines today. In the first, the company finally contacted customers about a breach exposing the information of 560 million users, including names and contact information—and possibly payment card numbers. The breach was first discovered back in May of this year.

In a second headline, scalpers have found a way to reverse-engineer barcodes for nontransferable digital tickets from Ticketmaster and AXS. The technique was borrowed from work by security researcher Conduition, who in February published technical details about how the electronic tickets are generated.

The US Justice Department claims that it disrupted a Russian social media operation that used AI to spread pro-Kremlin messages in countries around the world. Working with the Netherlands, the US government seized two domain names and searched almost 1,000 social media accounts believed to be connected to the Russian campaign.

Running out of the Netherlands, the alleged operation used AI to create fake social media accounts, many claiming to be from the US, that produced and disseminated content. Attorney General Merrick Garland said, “With these actions, the Justice Department has disrupted a Russian-government backed, AI-enabled propaganda campaign to use a bot farm to spread disinformation in the United States and abroad.”

A coalition of governments (US, UK, Canada, Germany, Japan, New Zealand, and South Korea) support Australia’s claims that Chinese state-sponsored threat actors are behind a recent string of attacks. A new group, Advanced Persistent Threat Actor 40 (APT40), has allegedly targeted both public and private Australian networks.

The hacks begin with reconnaissance operations that discover old and vulnerable devices to exploit, according to recent claims. APT40 finds small and home-office devices that have been grandfathered into otherwise secure networks, gaining access without more common methods like phishing.

Interesting Read

If you ask most people, they want AI to be “safe.” If you ask most politicians, they think something needs to be done to guardrail the technology. The problem? Not enough people actually understand AI well enough to know what any of this would mean or what it would take.

In a new article for SecurityWeek, Kevin Townsend outlines the head-scratching issues at the center of the debate. What would effective regulation mean? What models can we draw from? Is it already too late to regulate? Townsend provides thought-provoking answers and context for these questions.

Employment Tip: Apply for Internships

If you are at the beginning of your career in cybersecurity, internships are a way to get your foot in the door. They get you hands-on experience and begin to develop your professional network—but only if you actively work on these during the internship.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team