Popular messaging and calling apps may reveal a user's IP address to the person on the other end of a call. Most chat apps use peer-to-peer connections by default, which means the user and the person they are talking to connect directly to each other in order to improve call quality. This is not necessarily a significant risk, but experts say it is unclear whether users are aware of this potential privacy issue or how calls over popular messaging apps like Telegram, Signal, WhatsApp, Facebook Messenger, Apple's FaceTime, Viber, Snapchat, and Threema work.

Many cyberattacks on the transportation industry have resulted in the theft of personal data from companies such as Ferrari, Toyota, and Tesla. According to an Upstream 2023 report, data breaches account for 37 percent of cybersecurity automotive incidents, with backend server attacks accounting for 40 percent of incidents. Transportation industry leaders must respond to these trends by conducting internal assessments of existing cybersecurity strategies to ensure preparedness and quick recovery times in the event of a breach.

The BlackCat/ALPHV ransomware gang claims to have breached Henry Schein's network and stolen data, including payroll and shareholder information. Henry Schein is a healthcare solutions provider with operations and affiliates in 32 countries and an estimated revenue of more than $12 billion. On October 15, the company disclosed that it was forced to take some systems offline in order to contain a cyberattack that had impacted its manufacturing and distribution businesses the day before.

Security researchers at Zscaler ThreatLabz recently discovered the malware BunnyLoader. Hackers record keyboard activity and take over the clipboard on devices where the malware is launched. It can steal browser data and system information, with cryptocurrency wallets also being at risk. All the information collected by the malware in the background is delivered to the hackers via a ZIP archive. Stolen information can be related to credit card data, passwords, downloads, credentials from Virtual Private Network (VPN) services, chat apps, and cryptocurrency wallets.

Attackers are distributing spyware that stealthily collects private data from WhatsApp users on Android devices through the same mods previously discovered for the Telegram service. They counted 340,000 attempts to distribute the spyware via the WhatsApp mod. They believe the actual number of attempted attacks is higher due to the nature of the distribution channel. Although the attack affected users globally, Azerbaijan accounted for 46 percent of the victims. Other countries with a high number of victims include Yemen, Saudi Arabia, Egypt, and Turkey.

Fully Homomorphic Encryption (FHE) enables computation on encrypted data, or ciphertext, to maintain data protection at all times. It allows the use of untrusted networks and improves data privacy. FHE is a sophisticated cryptographic method considered the "holy grail of encryption," as it allows users to process encrypted data while the data or models remain encrypted, guaranteeing data privacy throughout the data computation process.

The US Department of Commerce's National Institute of Standards and Technology (NIST) is seeking participants in a new consortium to support the development of innovative methods for assessing Artificial Intelligence (AI) systems in order to improve the safety and trustworthiness of the technology. This consortium is a key component of the new NIST-led US AI Safety Institute.

Rapid7 cybersecurity researchers have issued a warning regarding the potential exploitation of a recently disclosed critical vulnerability in the Apache ActiveMQ, tracked as CVE-2023-46604, to launch the HelloKitty ransomware. Apache ActiveMQ is a Java-written open-source message broker software serving as a Message-Oriented Middleware (MOM) platform. ActiveMQ facilitates asynchronous communication and data exchange among various applications by providing messaging and communication capabilities.

New research on popular Artificial Intelligence (AI) image generators reveals that they could be hacked to create inappropriate and potentially harmful content. Although most online art generators claim to block violent, pornographic, and other forms of inappropriate content, Johns Hopkins University researchers were able to manipulate two of the most well-known systems to generate the type of images that the products' safeguards are supposed to prevent.

Non-privileged threat actors could exploit 34 different vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers in order to gain complete control of the devices and run arbitrary code on the underlying systems. According to Takahiro Haruyama, a senior threat researcher at VMware Carbon Black, a threat actor without privilege can erase or modify firmware and elevate operating system privileges by exploiting the drivers.