Botnet attacks using internet of things devices, including water heaters and air conditioners, could overload the power grid and lead to cascading blackouts, Princeton University researchers say. The researchers will attend this week's Usenix Security to present their findings on what would happen if hackers targeted the demand side of the power grid.

Machine learning can make it easier to track security issues, but the new technology can pose challenges for security pros, writes Macy Bayern. Lack of transparency, data of insufficient quality and a shortage of tech talent are among the things that can cause machine learning problems for security experts.

Magic Leap has released the Magic Leap One Creator Edition virtual reality 3D headset, with technology that allows for multitasking with its Lumin OS system and 3D prism apps. While its entertainment uses have drawn attention, Mike Elgan argues the best use of the device may come in corporate boardrooms.

Juniper Research predicts that in 2023 alone, cybercriminals will steal over 33 billion records, a 175% increase over the number of records expected to be compromised this year, and the trend will lead to cumulative losses of over 146 billion records during the next five years. Researchers also expect that by 2023, more than half of all data breaches worldwide will occur in the US.

A design flaw in Android's Sandbox leaves the operating system vulnerable to "man-in-the-disk" attacks, Check Point Research reports. Among the attacks that can be launched is the silent installation of malicious apps that could hijack permissions and give hackers access to microphones, the researchers say.

Russia's effort to attack the US power grid is a complex problem that will require multiple layers of defense, write Manimaran Govindarasu and Adam Hahn. In addition to using hardware and software from only trusted sources and adopting basic cybersecurity protections, utility companies need to implement sustainable cybersecurity to keep up with hackers' sophisticated attacks.

Trustwave has released Social Mapper, an open-source tool that penetration testers can use to help boost training and countermeasures against phishing attacks. However, concerns have been raised about the tool's automated scraping of social media, which could violate policies on sites such as Facebook.

Security flaws were discovered on three in 10 websites of candidates for the US House of Representatives, per research unveiled at the Def Con security conference. Joshua Franklin, formerly of the National Institutes for Standards and Technology, says that a way to contact all affected candidates is being researched; the Department of Homeland Security is offering states and counties aid to secure elections equipment.

Well-financed startups are rolling out scooter rentals across the US, but they're running into more energetic resistance than Uber and Lyft encountered when they launched ride-hailing services before regulations had been written for such services. Some cities have issued cease-and-desist letters to scooter startups, and at least seven cities have impounded scooters.

Members of the Department of Homeland Security attended the Defcon cybersecurity conference to work with hackers to identify security issues in the entire election voting process. Election officials will have two months to fix the identified issues before the November midterm elections.