According to Sophos, telemetry logs are missing in about 42 percent of the attack cases studied. In order to hide their tracks, cybercriminals have disabled or wiped out the telemetry in 82 percent of these cases. Telemetry gaps lessen essential visibility into organizations' networks and systems, especially as attacker dwell time, which is the time from initial access to detection, continues to decrease, reducing the time defenders have to respond to an incident effectively.

According to financial disclosures filed over the past year, Rackspace Technology has continued to face expenses and losses in the aftermath of last year's December ransomware attack on one of its hosted Microsoft Exchange servers. Rackspace is a cloud computing services provider based in Texas that primarily serves small and medium-sized businesses (SMBs). A ransomware attack disrupted email services for thousands of its SMB customers on December 2, 2022, through the ProxyLogOn zero-day vulnerability, which it had not patched because of operational concerns with the update.

According to security researchers at WithSecure almost half (29) of the 60 ransomware groups tracked by them in 2023 began operations this year.  The researchers found that although more established groups (8Base, Alphv/BlackCat, Clop, LockBit and Play) accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants is having an impact on the market.  The researchers claimed that the groups that began operating in 2023 accounted for 25% of data leaks in the period, helping to drive a 50% year-on-year (YoY) increase in data leaks.

In an ongoing campaign on X, formerly called Twitter, multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies promote phishing pages to drain cryptocurrency wallets. The scammers use a breach on major cryptocurrency exchange platforms to lure victims as the scenario causes users to act quickly to protect their digital assets from theft.

The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an advisory on the threat actors behind the Rhysida ransomware conducting attacks on organizations in various industries. Rhysida actors have compromised organizations in the education, manufacturing, Information Technology (IT), and government sectors, and any ransom paid is divided between the group and affiliates, according to the agencies.

A notorious ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself.  The ransomware group known as Alphv/BlackCat has claimed to have breached the systems of MeridianLink, a California-based company that provides digital lending solutions for financial institutions and data verification solutions for consumers.

Researchers from the University of Chicago's Department of Computer Science were recently honored by Samsung for identifying previously unknown vulnerabilities in smart TVs, earning them a place in the Samsung Hall of Fame. The team demonstrated how an attacker could use the audio on Samsung and Apple TVs to guess when a user is typing, the length of the entered information, and the number of cursor movements between selections. Their side-channel attack shows how easily hackers could guess a user's passwords and credit card numbers. One of the researchers, Ph.D.

A research team in China is using quantum physics, mature cryptography, and storage techniques to create a cost-effective cloud storage solution. Shamir's Secret Sharing (SSS) is a known key distribution algorithm involving distributing private information to a group so that the secret can only be revealed when a majority pools their knowledge. Combining Quantum Key Distribution (QKD) and the SSS algorithm is common for secure storage at the highest security level. However, the most secure solutions tend to be costly, especially regarding cloud storage space requirements.

Researchers have discovered new vulnerabilities in Google Workspace, with exploits potentially resulting in ransomware attacks, data exfiltration, and password decryption. According to Bitdefender researchers, the methods could be used to access Google Cloud Platform (GCP) with custom permissions and move from machine to machine. This article continues to discuss the potential exploitation and impact of the Google Workspace vulnerabilities as well as Google's response to them.

Synopsys' security testing service revealed a significant decrease in software vulnerabilities from 2020 to 2022. According to Synopsys, 97 percent of tests on target applications identified severe vulnerabilities in 2020. However, this fell to 95 percent in 2021 and then to 83 percent in 2022. This improvement could be attributed to the increased adoption of practices such as automated testing and code reviews, which have effectively reduced exploitation opportunities for hackers. However, the security company emphasizes that certain areas still pose a higher risk to organizations.