The Boeing Company has confirmed that a cyber incident, previously claimed by the LockBit ransomware gang, impacted some operations. The LockBit ransomware group claimed the cyber incident on its leak site on October 27. The company was given a deadline of six days to contact LockBit before the gang would publish all the data it had stolen in the alleged attack. However, Boeing was removed from LockBit's leak page sometime between October 30 and October 31.

Microsoft's decision to add support to Microsoft 365 for the SketchUp 3D Library in June 2022 seems to have resulted in the introduction of many vulnerabilities within its suite of cloud-based collaboration and productivity tools. ZScaler's ThreatLabz recently published a report on the security vendor's identification of up to 117 different vulnerabilities in Microsoft 365 via SketchUp. SketchUp is one of the most used of seven formats available to Microsoft 365 users to insert 3D files into Windows and Mac versions of Word, Excel, Outlook, and PowerPoint.

Threat actors are always finding new ways to deploy malicious packages on public registries for programming languages. They want to execute malware code when those packages are imported and used in projects. In an attack campaign that was recently identified on NuGet Gallery, the repository for .NET packages, malicious actors use the inline tasks feature of the MSBuild code building tool to execute malicious code.

The Forum of Incident Response and Security Teams (FIRST) has released the fourth version of the Common Vulnerability Scoring System (CVSS). CVSS is a standardized framework used to assess the severity of software security vulnerabilities. It is used to assign numerical scores or qualitative representations (e.g., low, medium, high, and critical) to vulnerabilities according to their susceptibility to exploitation, impact on confidentiality, and more.

MITRE ATT&CK v14 is the newest iteration of the popular investigation framework and knowledge base of cyberattackers' tactics and techniques. ATT&CK aims to classify and catalog cyber adversaries' behaviors in real-world attacks. The framework is constantly being modified to consider new behaviors related to attackers’ interactions with devices, systems, and networks.

A senior White House official announced on October 31 that 40 countries in an alliance led by the US plan to sign a pledge to never pay ransom to cybercriminals and to make an effort to eliminate the hackers' funding mechanism. The International Counter Ransomware Initiative is a response to the worldwide increase in ransomware attacks. Anne Neuberger, US deputy national security adviser for cyber and emerging technologies in the Biden administration, highlighted that the US is by far the most impacted with 46 percent of such attacks.

According to researchers at the Pennsylvania State University who crawled millions of websites, online privacy policies may not only be difficult to find but also nonexistent. They discovered that only one-third of online organizations made their privacy policies available for review.

Researchers at the cybersecurity company ESET have observed what they believe to be a dismantling of the Mozi botnet, which has infiltrated over a million Internet of Things (IoT) devices globally. During an investigation of the botnet, the researchers claim to have seen the "sudden demise" of Mozi. Mozi is a peer-to-peer IoT botnet that hijacks home routers and digital video recorders through the abuse of weak telnet passwords and known exploits.

Faculty and Ph.D. students at the Rochester Institute of Technology's (RIT) ESL Global Cybersecurity Institute identified problems regarding generative hate speech in Google's PaLM2 Large Language Model (LLM), which drives Bard. These issues show the fundamental limitations of LLMs. The team pointed out that despite LLMs being deployed for the general population, there are no proper guardrails in place to ensure that they are not used to generate hate speech and other harmful content.

Information Technology (IT) security experts have developed a new method to monitor nuclear disarmament treaties. They created a mechanism that uses radio waves to remotely monitor if any changes are being made in a specific room. The researchers describe the approach's robustness and security in the journal Nature Communications.