Research has been done on applying blockchain-based federated Machine Learning (ML) to improve the privacy and security of users and their sensitive data. The method could be used to protect driver data. Data collection in cars is a potential privacy nightmare because the information gathered can reveal the driver's identity, driving habits, how safely they drive, where they have been, and where they regularly go. According to a report by the Mozilla Foundation, a nonprofit technology research and advocacy organization, carmakers' privacy policies are incredibly lax.

According to the first study of privacy practices and challenges in public libraries led by University of Illinois Urbana-Champaign information sciences professor and cybersecurity expert Masooda Bashir, librarians have historically taken a firm stand on protecting their patrons' privacy, but how well they do this varies based on certain factors. Bashir and her research group conducted an online survey of public library employees across the US, asking about employee training, secure storage methods, how data breaches were handled, and more.

According to a data breach report commissioned by Apple, hackers stole 2.6 billion records between 2021 and 2022. The report by MIT Professor of Information Technology (IT) Stuart Madnick reveals that breaches increased by 20 percent in the first three quarters of 2023 compared to all of 2022. According to the report, increasingly sophisticated ransomware attacks and attacks on third-party vendors significantly contribute to the growing scope of data breaches. Cloud security was cited as becoming increasingly important, with 80 percent of breaches involving cloud-stored data.

The SafeBreach Labs team looked into the viability of using Windows thread pools as a novel attack vector for process injection. They discovered eight new process injection techniques dubbed Pool Party variants, which were capable of triggering malicious execution due to a legitimate action. The techniques could work across all processes without limitations, making them more adaptable than existing process injection techniques. When tested against five leading Endpoint Detection and Response (EDR) solutions, the techniques were found to be completely undetectable.

According to security researchers at Metomic, 40.2% of files stored on Google Drive contain sensitive data.  The researchers analyzed roughly 6.5 million Google Drive files.  The researchers also found that 34.2% of the scrutinized files were shared with external contacts outside the company’s domain.  Equally concerning, the researchers noted that over 350,000 files (0.5%) were publicly accessible, allowing unrestricted entry to anyone possessing the document link.

Threat actors could use a critical Bluetooth security flaw to take control of Android, Linux, macOS, and iOS devices. The vulnerability, tracked as CVE-2023-45866, is a case of authentication bypass that allows attackers to connect to vulnerable devices and inject keystrokes to conduct code execution as the victim. According to security researcher Marc Newlin, who disclosed the issue to software vendors in August 2023, multiple Bluetooth stacks have authentication bypass flaws that enable attackers to connect to a discoverable host without user confirmation as well as inject keystrokes.

Researchers have shown that most popular password managers can leak credentials from Android devices when using the mobile operating system's WebView autofill function with malicious apps. Ankit Gangwal of the International Institute of Information Technology (IIIT) demonstrated how mobile apps that use WebView controls can leak passwords from many password managers. In a paper, Gangwal and his students Shubham Singh and Abhijeet Srivastava detail the "AutoSpill" credential-leaking vulnerability.

Artificial Intelligence (AI) security researchers from Robust Intelligence and Yale University have developed a Machine Learning (ML) method that can quickly jailbreak Large Language Models (LLMs) and do so in an automated way. According to Robust Intelligence researchers, the Tree of Attacks with Pruning (TAP) method can be used to induce sophisticated models such as GPT-4 and Llama-2 to generate hundreds of harmful responses to a user query in minutes. Their findings imply that this vulnerability is widespread in LLM technology, but they do not see an obvious solution.

Cybersecurity data breaches present unique risks for victim-survivors of domestic violence. For example, the UK Information Commissioner reported earlier this year that it had reprimanded seven organizations for privacy breaches involving victims of domestic abuse. These included organizations revealing the victims' safe addresses to their alleged abusers. In one case, a family had to be relocated to emergency housing immediately. In another case, an organization revealed two children's home address to their abusive birth father.

According to security researchers at SecurityScorecard, almost all (90%) of the world’s 48 biggest energy companies have suffered a supply chain data breach in the past 12 months.  The researchers analyzed the cybersecurity posture of the largest coal, oil, natural gas, and electricity companies in the US, UK, France, Germany, and Italy, as well as their suppliers,  covering 21,000 domains.  The researchers identified 264 breach incidents related to third-party compromises in the past 90 days alone.  The researchers noted that some countries fared better than others.