Rubrik acquires AI startup Predibase to boost agentic AI offerings 

~ Reporter ~ Leave a comment

Data management company Rubrik announced plans Wednesday to acquire artificial intelligence startup Predibase, a move aimed at accelerating the adoption of agentic AI in enterprise settings and pushing efficient AI deployments from pilot programs into full production.

The terms of the deal were not made public, but sources familiar with the situation told CNBC the sale price may range from $100 million to $500 million. Predibase, which was founded in 2021 by former Google and Uber employees, has received over $28 million in funding.

Rubrik, which went public last year, is known for enterprise data protection and recovery services. The company has reported over $1 billion in annualized revenue and a significant increase in value since its initial public offering. Rubrik’s acquisition of Predibase represents its most substantial step yet toward integrating more advanced AI tools with its existing offerings.

Predibase’s platform allows organizations to fine-tune open-source AI models for specific business use cases, and to operate at production scale without massive infrastructure expenses. The company’s technology stack features a proprietary post-training customization toolkit and an open-source system known as LoRA eXchange for personalized model deployment.

For Rubrik, leveraging Predibase’s technology opens pathways to deliver “radical simplicity” in AI models and data management, according to company executives. The deal aims to address persistent industry bottlenecks such as high infrastructure costs, limited model accuracy, data governance hurdles, and slow transitions from pilot to production.

Rubrik’s acquisition aligns with broader efforts across the AI and cloud industry to streamline and secure the deployment of generative AI applications. The move complements its existing collaborations with Amazon Bedrock, Azure OpenAI, and Google Agentspace.

Predibase counts enterprises such as Checkr, Marsh McLennan, and Qualcomm among its clients. 

The post Rubrik acquires AI startup Predibase to boost agentic AI offerings  appeared first on CyberScoop.

from CyberScoop https://ift.tt/cjECXWo
via IFTTT

Stealth China-linked ORB network gaining footholds in US, East Asia

~ Reporter ~ Leave a comment

A recently discovered operational relay box (ORB) network controlled by a China-linked threat group already exceeds 1,000 devices and is growing across the United States and East Asia, SecurityScorecard said in a threat report released Monday. 

The ORB network, which SecurityScorecard dubbed “LapDogs,” is primarily composed of routers designed for small or home offices but also includes infected IoT devices, virtual servers and IP cameras. 

Earliest nodes detected by researchers date back to September 2023 and the network has gradually grown since, infecting no more than 60 devices at a time, indicating a highly targeted operation focused on specific locations. Researchers have identified 162 distinct intrusion sets, and more devices are added to the ORB with each intrusion campaign. 

“The expansion rate of LapDogs is going up,” Gilad Maizles, security researcher at SecurityScorecard, said in an email. “Campaigns become more frequent, and with greater yield in numbers, which ultimately leads to more devices added than removed from the network.”

More than one-third of the infections are located in the United States, followed by Japan, South Korea, Taiwan and Hong Kong. Active infections span devices and services from Ruckus Wireless, Asus, Buffalo Technology, Cisco-Linksys, D-Link, Microsoft, Panasonic and Synology. More than half of the compromised devices are Ruckus Wireless access points, according to SecurityScorecard.

“Post-infection activity from this network is still unclear,” Maizles said. “Some ORBs used by China-Nexus actors are shared infrastructure and can host and facilitate more than one intrusion set at once. This makes questions regarding APT motivations, TTPs and post-infection activities much harder to answer. This also ultimately demonstrates how harmful and dangerous ORBs are as an emerging threat within the China-Nexus APT landscape.”

ORB networks are more complicated than botnets, allowing threat groups who control them more stealth capabilities typically used for espionage.

Botnets are similar in that they also ride on a large set of internet-facing devices or virtual services, but “ORB networks are more like Swiss Army knives, and can contribute to any stage of the intrusion lifecycle,” SecurityScorecard researchers said in the report. This includes reconnaissance, anonymized browsing, network traffic data collection for port and vulnerability scanning, node reconfiguration and relaying stolen data upstream. 

Mandiant Intelligence previously chronicled China state-sponsored threat groups’ growing use of ORB networks as a low-effort exercise designed to “create a constantly evolving mesh network that can be used to conceal espionage operations.” 

ORB networks chip away at the notion of attacker-controlled architecture and because they cycle through network infrastructure on a monthly basis. Mandiant researchers warn that the elimination of indicators of compromise is accelerating, because these operational characteristics of ORB networks make it harder for threat researchers to spot and attribute unusual activity on infected nodes. 

The number of devices infected by LapDogs is smaller than other ORBs, but that is likely due to a deliberate decision by the threat group operating the ORB, Maizles said. 

“We speculate that it is an attempt to keep the ORB under the radar and successfully so for the past two years,” he said. “LapDogs could be utilized for long-term, covert and localized operations, which can carry much greater impact on any given organization, rather than widespread infections.”

The post Stealth China-linked ORB network gaining footholds in US, East Asia appeared first on CyberScoop.

from CyberScoop https://ift.tt/wKkRCds
via IFTTT

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

~ Reporter ~ Leave a comment

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud.
The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The

from The Hacker News https://ift.tt/mg3q9ib
via IFTTT

New: Improve Apache Iceberg query performance in Amazon S3 with sort and z-order compaction

~ Reporter ~ Leave a comment

You can now use sort and z-order compaction to improve Apache Iceberg query performance in Amazon S3 Tables and general purpose S3 buckets.

You typically use Iceberg to manage large-scale analytical datasets in Amazon Simple Storage Service (Amazon S3) with AWS Glue Data Catalog or with S3 Tables. Iceberg tables support use cases such as concurrent streaming and batch ingestion, schema evolution, and time travel. When working with high-ingest or frequently updated datasets, data lakes can accumulate many small files that impact the cost and performance of your queries. You’ve shared that optimizing Iceberg data layout is operationally complex and often requires developing and maintaining custom pipelines. Although the default binpack strategy with managed compaction provides notable performance improvements, introducing sort and z-order compaction options for both S3 and S3 Tables delivers even greater gains for queries filtering across one or more dimensions.

Two new compaction strategies: Sort and z-order
To help organize your data more efficiently, Amazon S3 now supports two new compaction strategies: sort and z-order, in addition to the default binpack compaction. These advanced strategies are available for both fully managed S3 Tables and Iceberg tables in general purpose S3 buckets through AWS Glue Data Catalog optimizations.

Sort compaction organizes files based on a user-defined column order. When your tables have a defined sort order, S3 Tables compaction will now use it to cluster similar values together during the compaction process. This improves the efficiency of query execution by reducing the number of files scanned. For example, if your table is organized by sort compaction along state and zip_code, queries that filter on those columns will scan fewer files, improving latency and reducing query engine cost.

Z-order compaction goes a step further by enabling efficient file pruning across multiple dimensions. It interleaves the binary representation of values from multiple columns into a single scalar that can be sorted, making this strategy particularly useful for spatial or multidimensional queries. For example, if your workloads include queries that simultaneously filter by pickup_location, dropoff_location, and fare_amount, z-order compaction can reduce the total number of files scanned compared to traditional sort-based layouts.

S3 Tables use your Iceberg table metadata to determine the current sort order. If a table has a defined sort order, no additional configuration is needed to activate sort compaction—it’s automatically applied during ongoing maintenance. To use z-order, you need to update the table maintenance configuration using the S3 Tables API and set the strategy to z-order. For Iceberg tables in general purpose S3 buckets, you can configure AWS Glue Data Catalog to use sort or z-order compaction during optimization by updating the compaction settings.

Only new data written after enabling sort or z-order will be affected. Existing compacted files will remain unchanged unless you explicitly rewrite them by increasing the target file size in table maintenance settings or rewriting data using standard Iceberg tools. This behavior is designed to give you control over when and how much data is reorganized, balancing cost and performance.

Let’s see it in action
I’ll walk you through a simplified example using Apache Spark and the AWS Command Line Interface (AWS CLI). I have a Spark cluster installed and an S3 table bucket. I have a table named testtable in a testnamespace. I temporarily disabled compaction, the time for me to add data into the table.

After adding data, I check the file structure of the table.

spark.sql("""
  SELECT 
    substring_index(file_path, '/', -1) as file_name,
    record_count,
    file_size_in_bytes,
    CAST(UNHEX(hex(lower_bounds[2])) AS STRING) as lower_bound_name,
    CAST(UNHEX(hex(upper_bounds[2])) AS STRING) as upper_bound_name
  FROM ice_catalog.testnamespace.testtable.files
  ORDER BY file_name
""").show(20, false)
+--------------------------------------------------------------+------------+------------------+----------------+----------------+
|file_name                                                     |record_count|file_size_in_bytes|lower_bound_name|upper_bound_name|
+--------------------------------------------------------------+------------+------------------+----------------+----------------+
|00000-0-66a9c843-5a5c-407f-8da4-4da91c7f6ae2-0-00001.parquet  |1           |837               |Quinn           |Quinn           |
|00000-1-b7fa2021-7f75-4aaf-9a24-9bdbb5dc08c9-0-00001.parquet  |1           |824               |Tom             |Tom             |
|00000-10-00a96923-a8f4-41ba-a683-576490518561-0-00001.parquet |1           |838               |Ilene           |Ilene           |
|00000-104-2db9509d-245c-44d6-9055-8e97d4e44b01-0-00001.parquet|1000000     |4031668           |Anjali          |Tom             |
|00000-11-27f76097-28b2-42bc-b746-4359df83d8a1-0-00001.parquet |1           |838               |Henry           |Henry           |
|00000-114-6ff661ca-ba93-4238-8eab-7c5259c9ca08-0-00001.parquet|1000000     |4031788           |Anjali          |Tom             |
|00000-12-fd6798c0-9b5b-424f-af70-11775bf2a452-0-00001.parquet |1           |852               |Georgie         |Georgie         |
|00000-124-76090ac6-ae6b-4f4e-9284-b8a09f849360-0-00001.parquet|1000000     |4031740           |Anjali          |Tom             |
|00000-13-cb0dd5d0-4e28-47f5-9cc3-b8d2a71f5292-0-00001.parquet |1           |845               |Olivia          |Olivia          |
|00000-134-bf6ea649-7a0b-4833-8448-60faa5ebfdcd-0-00001.parquet|1000000     |4031718           |Anjali          |Tom             |
|00000-14-c7a02039-fc93-42e3-87b4-2dd5676d5b09-0-00001.parquet |1           |838               |Sarah           |Sarah           |
|00000-144-9b6d00c0-d4cf-4835-8286-ebfe2401e47a-0-00001.parquet|1000000     |4031663           |Anjali          |Tom             |
|00000-15-8138298d-923b-44f7-9bd6-90d9c0e9e4ed-0-00001.parquet |1           |831               |Brad            |Brad            |
|00000-155-9dea2d4f-fc98-418d-a504-6226eb0a5135-0-00001.parquet|1000000     |4031676           |Anjali          |Tom             |
|00000-16-ed37cf2d-4306-4036-98de-727c1fe4e0f9-0-00001.parquet |1           |830               |Brad            |Brad            |
|00000-166-b67929dc-f9c1-4579-b955-0d6ef6c604b2-0-00001.parquet|1000000     |4031729           |Anjali          |Tom             |
|00000-17-1011820e-ee25-4f7a-bd73-2843fb1c3150-0-00001.parquet |1           |830               |Noah            |Noah            |
|00000-177-14a9db71-56bb-4325-93b6-737136f5118d-0-00001.parquet|1000000     |4031778           |Anjali          |Tom             |
|00000-18-89cbb849-876a-441a-9ab0-8535b05cd222-0-00001.parquet |1           |838               |David           |David           |
|00000-188-6dc3dcca-ddc0-405e-aa0f-7de8637f993b-0-00001.parquet|1000000     |4031727           |Anjali          |Tom             |
+--------------------------------------------------------------+------------+------------------+----------------+----------------+
only showing top 20 rows

I observe the table is made of multiple small files and that the upper and lower bounds for the new files have overlap–the data is certainly unsorted.

I set the table sort order.

spark.sql("ALTER TABLE ice_catalog.testnamespace.testtable WRITE ORDERED BY name ASC")

I enable table compaction (it’s enabled by default; I disabled it at the start of this demo)

aws s3tables put-table-maintenance-configuration --table-bucket-arn ${S3TABLE_BUCKET_ARN} --namespace testnamespace --name testtable --type icebergCompaction --value "status=enabled,settings={icebergCompaction={strategy=sort}}"

Then, I wait for the next compaction job to trigger. These run throughout the day, when there are enough small files. I can check the compaction status with the following command.

aws s3tables get-table-maintenance-job-status --table-bucket-arn ${S3TABLE_BUCKET_ARN} --namespace testnamespace --name testtable

When the compaction is done, I inspect the files that make up my table one more time. I see that the data was compacted to two files, and the upper and lower bounds show that the data was sorted across these two files.

spark.sql("""
  SELECT 
    substring_index(file_path, '/', -1) as file_name,
    record_count,
    file_size_in_bytes,
    CAST(UNHEX(hex(lower_bounds[2])) AS STRING) as lower_bound_name,
    CAST(UNHEX(hex(upper_bounds[2])) AS STRING) as upper_bound_name
  FROM ice_catalog.testnamespace.testtable.files
  ORDER BY file_name
""").show(20, false)
+------------------------------------------------------------+------------+------------------+----------------+----------------+
|file_name                                                   |record_count|file_size_in_bytes|lower_bound_name|upper_bound_name|
+------------------------------------------------------------+------------+------------------+----------------+----------------+
|00000-4-51c7a4a8-194b-45c5-a815-a8c0e16e2115-0-00001.parquet|13195713    |50034921          |Anjali          |Kelly           |
|00001-5-51c7a4a8-194b-45c5-a815-a8c0e16e2115-0-00001.parquet|10804307    |40964156          |Liza            |Tom             |
+------------------------------------------------------------+------------+------------------+----------------+----------------+

There are fewer files, they have larger sizes, and there is a better clustering across the specified sort column.

To use z-order, I follow the same steps, but I set strategy=z-order in the maintenance configuration.

Regional availability
Sort and z-order compaction are now available in all AWS Regions where Amazon S3 Tables are supported and for general purpose S3 buckets where optimization with AWS Glue Data Catalog is available. There is no additional charge for S3 Tables beyond existing usage and maintenance fees. For Data Catalog optimizations, compute charges apply during compaction.

With these changes, queries that filter on the sort or z-order columns benefit from faster scan times and reduced engine costs. In my experience, depending on my data layout and query patterns, I observed performance improvements of threefold or more when switching from binpack to sort or z-order. Tell us how much your gains are on your actual data.

To learn more, visit the Amazon S3 Tables product page or review the S3 Tables maintenance documentation. You can also start testing the new strategies on your own tables today using the S3 Tables API or AWS Glue optimizations.

— seb

from AWS News Blog https://ift.tt/zxWgk3I
via IFTTT

AWS Weekly Roundup: re:Inforce re:Cap, Valkey GLIDE 2.0, Avro and Protobuf or MCP Servers on Lambda, and more (June 23, 2025)

~ Reporter ~ Leave a comment

Last week’s hallmark event was the security-focused AWS re:Inforce conference.


AWS re:Inforce 2025
AWS re:Inforce 2025

Now a tradition, the blog team wrote a re:Cap post to summarize the announcements and link to some of the top blog posts.

To further summarize, several new security innovations were announced, including enhanced IAM Access Analyzer capabilities, MFA enforcement for root users, and threat intelligence integration with AWS Network Firewall. Other notable updates include exportable public SSL/TLS certificates from AWS Certificate Manager, a simplified AWS WAF console experience, and a new AWS Shield feature for proactive network security (in preview). Additionally, AWS Security Hub has been enhanced for risk prioritization (Preview), and Amazon GuardDuty now supports Amazon EKS clusters.

But my favorite announcement came from the Amazon Verified Permissions team. They released an open source package for Express.js, enabling developers to implement external fine-grained authorization for web application APIs. This simplifies authorization integration, reducing code complexity and improving application security.

The team also published a blog post that outlines how to create a Verified Permissions policy store, add Cedar and Verified Permissions authorisation middleware to your app, create and deploy a Cedar schema, and create and deploy Cedar policies. The Cedar schema is generated from an OpenAPI specification and formatted for use with the AWS Command Line Interface (CLI).

Let’s look at last week’s other new announcements.

Last week’s launches
Apart from re:Inforce, here are the launches that got my attention.

Kafka customers use Avro and Protobuf formats for efficient data storage, fast serialization and deserialization, schema evolution support, and interoperability between different programming languages. They utilize schema registries to manage, evolve, and validate schemas before data enters processing pipelines. Previously, you were required to write custom code within your Lambda function to validate, deserialize, and filter events when using these data formats. With this launch, Lambda natively supports Avro and Protobuf, as well as integration with GSR, CCSR, and SCSR. This enables you to process your Kafka events using these data formats without writing custom code. Additionally, you can optimize costs through event filtering to prevent unnecessary function invocations.

  • Amazon S3 Express One Zone now supports atomic renaming of objects with a single API call – The RenameObject API simplifies data management in S3 directory buckets by transforming a multi-step rename operation into a single API call. This means you can now rename objects in S3 Express One Zone by specifying an existing object’s name as the source and the new name as the destination within the same S3 directory bucket. With no data movement involved, this capability accelerates applications like log file management, media processing, and data analytics, while also lowering costs. For instance, renaming a 1-terabyte log file can now complete in milliseconds, instead of hours, significantly accelerating applications and reducing costs.
  • Valkey introduces GLIDE 2.0 with support for Go, OpenTelemetry, and pipeline batching – AWS, in partnership with Google and the Valkey community, announces the general availability of General Language Independent Driver for the Enterprise (GLIDE) 2.0. This is the latest release of one of AWS’s official open-source Valkey client libraries. Valkey, the most permissive open-source alternative to Redis, is stewarded by the Linux Foundation and will always remain open-source. Valkey GLIDE is a reliable, high-performance, multi-language client that supports all Valkey commands

GLIDE 2.0 introduces new capabilities that expand developer support, improve observability, and optimise performance for high-throughput workloads. Valkey GLIDE 2.0 extends its multi-language support to Go (contributed by Google), joining Java, Python, and Node.js to provide a consistent, fully compatible API experience across all four languages. More language support is on the way. With this release, Valkey GLIDE now supports OpenTelemetry, an open-source, vendor-neutral framework that enables developers to generate, collect, and export telemetry data and critical client-side performance insights. Additionally, GLIDE 2.0 introduces batching capabilities, reducing network overhead and latency for high-frequency use cases by allowing multiple commands to be grouped and executed as a single operation.

You can discover more about Valkey GLIDE in this recent episode of the AWS Developers Podcast: Inside Valkey GLIDE: building a next-gen Valkey client library with Rust.

 Podcast episode on Valkey Glide

For a full list of AWS announcements, be sure to keep an eye on the What’s New at AWS page.

Some other reading
My Belgian compatriot Alexis has written the first article of a two-part series explaining how to develop an MCP Tool server with a streamable HTTP transport and deploy it on Lambda and API Gateway. This is a must-read for anyone implementing MCP servers on AWS. I’m eagerly looking forward to the second part, where Alexis will discuss authentication and authorization for remote MCP servers.

Other AWS events
Check your calendar and sign up for upcoming AWS events.

AWS GenAI Lofts are collaborative spaces and immersive experiences that showcase AWS expertise in cloud computing and AI. They provide startups and developers with hands-on access to AI products and services, exclusive sessions with industry leaders, and valuable networking opportunities with investors and peers. Find a GenAI Loft location near you and don’t forget to register.

AWS Summits are free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Register in your nearest city: Japan (this week June 25 – 26), Online in India (June 26), New-York City (July 16).

Save the date for these upcoming Summits in July and August: Taipei (July 29), Jakarta (August 7), Mexico (August 8), São Paulo (August 13), and Johannesburg (August 20) (and more to come in September and October).

Browse all upcoming AWS led in-person and virtual events here.

That’s all for this week. Check back next Monday for another Weekly Roundup!

— seb

This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS!

from AWS News Blog https://ift.tt/CMYjd3b
via IFTTT

Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers

~ Reporter ~ Leave a comment

The hackers targeting prominent researcher and Russian military expert Keir Giles were different this time. 

The attackers, suspected to be working on behalf of the Russian government, had ginned up the May solicitation email for a consultation with a state.gov address, one that didn’t get a bounceback message when Giles replied. They spoke convincing English, and delivered their message during East Coast business hours. He said they created a realistic domain name to direct him to, rather than using a random string of text. They weren’t in a hurry, pressuring him to respond the way hackers usually do.

“Unlike any of the previous times when they’ve had a go at me, I haven’t actually seen anywhere they’ve put a foot wrong and done something which is implausible,” Giles, who is also a senior consulting fellow for the Russia and Eurasia program at the British think tank Chatham House, told CyberScoop. “It was totally straight up and very well-constructed from beginning to end.”

A report out Wednesday from the University of Toronto’s Citizen Lab that calls the targeting of Giles a “highly sophisticated attack” also details a “novel method” the hackers used to bypass one of the most well-regarded cyber defense tools, multi-factor authentication (MFA).

As Citizen Lab is publishing its forensic analysis of what happened with Giles, Google’s Threat Intelligence Group is also releasing a related blog post on who is behind the compromise of Giles’ accounts, and how he’s not the only one they’ve targeted with that specific technical attack method.

Giles warned over the weekend in a LinkedIn post about the State Department impersonators who had compromised his account, promising “more on the how, what and when later.” 

The “how” involved the credible social engineering aspects that he and Citizen Lab have revealed. On the technical side, the final step was convincing Giles to create and share a screenshot of an app-specific password (ASP), a tool that can be used to give third parties access to users’ accounts that don’t support multi-factor authentication. ASPs are meant to be a convenience and security aid when using third parties without MFA, but in this case the hackers leveraged them to compromise Giles’ Google accounts.

Google picked up on what was happening, then sent Giles a security alert and locked his accounts.

“The days of just tricking someone to hand over a password are over,” John Scott-Railton, senior researcher at Citizen Lab, told CyberScoop. “Companies are getting smarter about detecting hacking, and have given users a lot of new security features, like muti-factor authentication. Users have also gotten wiser to what classic phishing looks like.

“So the more sophisticated hacking groups are constantly innovating and trying to spot new technical and psychological tricks to get access to accounts,” he continued. “This means that they are also probing other ways of gaining access, like tokens and app-specific passwords.”

The Google Threat Intelligence Group (GTIG) assessment is that the hackers in this case, which they’ve dubbed UNC6293, are potentially connected to a unit tied to Russia’s Foreign Intelligence Service, known by names such as APT29, Cozy Bear or ICECAP. The attacks on Giles aren’t the only slow-roll, ASP-based ones GTIG researchers have seen on academics and Russia critics from April through earlier this month, although they couldn’t give precise numbers.

It’s not, though, “widespread” by any means, said Wesley Shields, a security engineer with GTIG. Because the process is so time-consuming, it would be difficult to repeat on a larger scale, said Shields and Gabriella Roncone, Russia and Eastern European tech lead at GTIG.

“Normally we see APT29 or ICECAP targeting larger diplomatic organizations, NGOs — really going after corporate entities or large organizations,” Roncone said. “Whereas in this case, we’re seeing only individuals being targeted, and not only that, but individuals being targeted in a very specific and patient way.”

That patience was a standout feature to Scott-Railton as well.

“What impresses me about this attack is how patient the attackers were, slowly unfolding their deception over a period of weeks. It’s as if they knew everything we’d been taught to expect from Russian hackers, and then did the opposite,” Scott-Railton said.

The deception required a lot of effort and knowledge. For instance, the attackers were likely aware that the State Department’s email server is set up to accept all messages, and that it doesn’t send a bounceback message for non-existent addresses, according to the Citizen Lab report. The email’s authentic-sounding English might have been improved with the use of a large language model.

“There was not something about it, which, as so often happens, it gets your Spidey sense going, because something is off,” Giles said. “That was completely absent.”

Giles presumes a leak of any information the hackers obtained, with a mix of phony and altered data, is forthcoming. He quipped that if their goal was espionage, “they would have very quickly got very disappointed.” He was still hearing from the attackers even after he posted about it on social media, with the account he’d interacted with “complaining of technical difficulties and saying, ‘Bear with us a bit longer.’” 

Giles said he was frustrated that he didn’t get an alert from Google about the risks of ASPs, and believed that since Google Workspace was a paid-for service, he would’ve gotten an explanation or more support from the company as opposed to shutting the account and saying it had been closed for security violations.

Google’s blog post said it does send such alerts about ASPs. It also encouraged users who could be at great risk of being hacked to sign up for its Advanced Protection Program, which forbids the use of ASPs.

Scott-Railton praised Giles, potentially the “patient zero” for this kind of attack, for speaking up about it.

Giles said he was “fairly relaxed” about being victimized.

“Nobody’s invulnerable, and they had been trying so very hard for so very long that it was bound to get through eventually,” he said.

During a round of cyberattacks last year, Giles said, “One of the really frustrating things was the people who had been infected and whose accounts were being leveraged to target me then, who were absolutely unwilling to talk about it because they were too embarrassed… they really limited what you could do with some of this stuff.

“So I’m not inclined to cover up the way in which they succeeded in outwitting me,” he said. “I guess if they’re spending this much effort on me, there are other more important targets that are getting less attention as a result. So that’s not such a bad thing.”

The post Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers appeared first on CyberScoop.

from CyberScoop https://ift.tt/74wFvH9
via IFTTT