Royal Mail has recently revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year.  The British postal service company was hit by a LockBit affiliate in an incident which caused “severe service disruption” for items sent abroad.  The ransomware group was demanding nearly $80m from the firm to prevent it from leaking its stolen data.  Although Royal Mail refused to pay, in line with law enforcement advice, the operational costs associated with the incident are starting to emerge.

Researchers discovered nearly a dozen critical vulnerabilities in the infrastructure used by Artificial Intelligence (AI) models, along with three high- and two medium-severity bugs, which could put companies at risk as they rush to capitalize on AI. The affected platforms host, deploy, and share Large Language Models (LLMs), as well as other Machine Learning (ML) platforms and AIs. They include Ray, MLflow, ModelDB, and H20 version 3. Protect AI, an ML security company, revealed the findings on November 16 as part of its AI-specific bug bounty program.

The Artificial Intelligence (AI) and Cyber for Water and Agriculture (ACWA) lab at Virginia Tech is the world's first to combine cyberbiosecurity and AI automation to research water security. The multidisciplinary lab, led by a team of AI experts, seeks to protect the world's water resources from cyberattacks such as the one faced by a water treatment facility in Oldsmar, Florida, in 2021. During the attack, a sensor that measures the amount of sodium hydroxide in the water was compromised.

Alexis Hancock, who works at the Electronic Frontier Foundation (EFF), discovered that the Dragon Touch KidzPad Y88X, a children's tablet, had security and privacy flaws that could have risked her daughter's and other children's data. According to Hancock, the tablet contains traces of well-known malware, runs a version of Android released five years ago, arrives pre-loaded with other software considered malware, and more. This article continues to discuss findings from the researcher's analysis of the Dragon Touch tablet and responses to her discovery. 

Google is distributing 100,000 more free pieces of security hardware to people in high-risk industries. Google's Titan Security Keys are a "second factor" that can be used after entering passwords. During the Aspen Cyber Summit in New York City, Google rolled out the product and announced plans to distribute 100,000 keys for free to people working in governments worldwide, especially those involved in election administration.

The Medusa ransomware gang claims to have been behind the disruptive cyberattack against Toyota Financial Services (TFS), the Japanese automakers' vehicle financing and leasing subsidiary. Although the company did not specify the nature of the attack, TFS was most likely hit with ransomware because it was listed on the Medusa ransomware gang's dark web website, where the group lists its latest victims.

A cyberattack on the medical transcription service provider Perry Johnson & Associates (PJ&A) compromised the personal and health information of 9 million Americans. The attack, which has yet to be linked to a specific threat actor, was the second-largest breach of health-related data in the US this year. In July, HCA Healthcare reported a breach involving the theft of 11 million patient records.

According to a survey of 450,000 Python projects conducted by the security company GitGuardian, publicly accessible programming code still often contains credentials that can expose access to underlying databases or cloud services. Source code has often been found to house cryptographic keys, passwords, and more, which can lead to major security incidents. GitGuardian's analysis of 450,000 Python projects in the official Python code repository Python Package Index (PyPI) found a total of 4,000 built-in secrets. Around 3,000 projects had at least one embedded secret.

Police in Ukraine and Czechia recently claimed to have disrupted a multimillion-dollar fraud gang that called victims impersonating bank staff, using classic voice phishing (vishing) techniques.  Europol claimed that the group may have made tens of millions of euros by defrauding victims across the region.  It said the cost to Czech victims alone is estimated to be $9m.  Europol noted that ten suspects were arrested in April this year, six in Ukraine and four in Czechia.

According to Sophos, telemetry logs are missing in about 42 percent of the attack cases studied. In order to hide their tracks, cybercriminals have disabled or wiped out the telemetry in 82 percent of these cases. Telemetry gaps lessen essential visibility into organizations' networks and systems, especially as attacker dwell time, which is the time from initial access to detection, continues to decrease, reducing the time defenders have to respond to an incident effectively.