Google is distributing 100,000 more free pieces of security hardware to people in high-risk industries. Google's Titan Security Keys are a "second factor" that can be used after entering passwords. During the Aspen Cyber Summit in New York City, Google rolled out the product and announced plans to distribute 100,000 keys for free to people working in governments worldwide, especially those involved in election administration.

The Medusa ransomware gang claims to have been behind the disruptive cyberattack against Toyota Financial Services (TFS), the Japanese automakers' vehicle financing and leasing subsidiary. Although the company did not specify the nature of the attack, TFS was most likely hit with ransomware because it was listed on the Medusa ransomware gang's dark web website, where the group lists its latest victims.

A cyberattack on the medical transcription service provider Perry Johnson & Associates (PJ&A) compromised the personal and health information of 9 million Americans. The attack, which has yet to be linked to a specific threat actor, was the second-largest breach of health-related data in the US this year. In July, HCA Healthcare reported a breach involving the theft of 11 million patient records.

According to a survey of 450,000 Python projects conducted by the security company GitGuardian, publicly accessible programming code still often contains credentials that can expose access to underlying databases or cloud services. Source code has often been found to house cryptographic keys, passwords, and more, which can lead to major security incidents. GitGuardian's analysis of 450,000 Python projects in the official Python code repository Python Package Index (PyPI) found a total of 4,000 built-in secrets. Around 3,000 projects had at least one embedded secret.

Police in Ukraine and Czechia recently claimed to have disrupted a multimillion-dollar fraud gang that called victims impersonating bank staff, using classic voice phishing (vishing) techniques.  Europol claimed that the group may have made tens of millions of euros by defrauding victims across the region.  It said the cost to Czech victims alone is estimated to be $9m.  Europol noted that ten suspects were arrested in April this year, six in Ukraine and four in Czechia.

According to Sophos, telemetry logs are missing in about 42 percent of the attack cases studied. In order to hide their tracks, cybercriminals have disabled or wiped out the telemetry in 82 percent of these cases. Telemetry gaps lessen essential visibility into organizations' networks and systems, especially as attacker dwell time, which is the time from initial access to detection, continues to decrease, reducing the time defenders have to respond to an incident effectively.

According to financial disclosures filed over the past year, Rackspace Technology has continued to face expenses and losses in the aftermath of last year's December ransomware attack on one of its hosted Microsoft Exchange servers. Rackspace is a cloud computing services provider based in Texas that primarily serves small and medium-sized businesses (SMBs). A ransomware attack disrupted email services for thousands of its SMB customers on December 2, 2022, through the ProxyLogOn zero-day vulnerability, which it had not patched because of operational concerns with the update.

According to security researchers at WithSecure almost half (29) of the 60 ransomware groups tracked by them in 2023 began operations this year.  The researchers found that although more established groups (8Base, Alphv/BlackCat, Clop, LockBit and Play) accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants is having an impact on the market.  The researchers claimed that the groups that began operating in 2023 accounted for 25% of data leaks in the period, helping to drive a 50% year-on-year (YoY) increase in data leaks.

In an ongoing campaign on X, formerly called Twitter, multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies promote phishing pages to drain cryptocurrency wallets. The scammers use a breach on major cryptocurrency exchange platforms to lure victims as the scenario causes users to act quickly to protect their digital assets from theft.

The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an advisory on the threat actors behind the Rhysida ransomware conducting attacks on organizations in various industries. Rhysida actors have compromised organizations in the education, manufacturing, Information Technology (IT), and government sectors, and any ransom paid is divided between the group and affiliates, according to the agencies.