The US Treasury Department sanctioned three Chinese nationals and three Thailand-based companies linked to a botnet controlling a residential proxy service called "911 S5." About two years ago, researchers at the Canadian University of Sherbrooke discovered that this illegitimate residential proxy service offered free Virtual Private Network (VPN) services as a lure to install malware that adds potential victims' IP addresses to the 911 S5 botnet.

Over the past three months, the "CatDDoS" malware botnet has exploited over 80 software security flaws to infiltrate vulnerable devices and bring them into a botnet for Distributed Denial-of-Service (DDoS) attacks. According to QiAnXin XLab, CatDDoS-related gangs' samples have used many known vulnerabilities. The flaws affect routers, networking gear, and other devices from Apache, Cacti, Cisco, D-Link, DrayTek, FreePBX, GitLab, and more. This article continues to discuss findings regarding the CatDDoS malware botnet and the attack technique dubbed "DNSBomb."

Although Information Technology (IT) and security professionals share goals and challenges, according to Ivanti, 72 percent of them report that their organization siloed security and IT data, causing corporate misalignment and increased security risk. Sixty-three percent say siloed data slows security response times due to insufficient data. Fifty-four percent say siloed data weakens security, and 41 percent struggle to collaborate on cybersecurity. This article continues to discuss key findings from Ivanti's 2024 State of Cybersecurity Report.

Dutch bank ABN Amro recently announced that client data may have been compromised in a ransomware attack at third-party services provider AddComm.  ABN Amro noted that AddComm distributes physical and digital documents and tokens to its clients and employees.  For the time being, ABN Amro has stopped using AddComm’s services.  ABN Amro said that its systems were not affected by the ransomware attack and that its clients should not worry about their money being at risk.

Zscaler has observed the growing use of sophisticated "TeaBot" Android malware to infect mobile phones. According to Zscaler ThreatLabz, there has been an increase in activity involving TeaBot, an Android banking Trojan also known as "Anatsa." TeaBot has been used to target apps from over 650 financial institutions. The threat actors mostly target users in Europe, the US, South Korea, and Singapore. This article continues to discuss findings regarding recent TeaBot activity.

According to Check Point, threat actors have been targeting Virtual Private Networks (VPNs) from various cybersecurity vendors. While monitoring attempts to gain access to customers' VPNs, the company found "a small number of login attempts" involving old VPN local accounts with password-only authentication. The attacks do not seem to exploit software vulnerabilities. This article continues to discuss Check Point's warning regarding threat actors targeting insecure VPN instances for initial access to enterprise networks.

Pharmacy prescription services provider A&A Services, which operates as Sav-Rx, has started notifying roughly 2.8 million individuals that their personal information was compromised in a cyberattack.  The company said the cyberattack occurred on October 8, 2023.  The company noted that the attackers accessed non-clinical systems containing personal information and exfiltrated their data.  The compromised information includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, eligibility data, and insurance identification numbers.

Ransomware attacks on VMware ESXi infrastructure follow a pattern regardless of the malware used. According to researchers at Sygnia, virtualization platforms are essential to organizational Information Technology (IT) infrastructure but often have misconfigurations and vulnerabilities, making them lucrative and effective targets for threat actors.

A team of Towson University and University of Maryland researchers is trying to identify every possible way to breach voting machines in order to uncover vulnerabilities and help election officials fix them. Questions regarding voting machines, such as whether a sophisticated cyberattack on a machine could go undetected, remain. The researchers hope their preliminary analysis will reassure voters by assessing the likelihood of such scenarios. This project considers cyber, physical, and insider threats.

Cyberhaven found that employees are increasingly entering sensitive data into Artificial Intelligence (AI)-driven chatbots such as ChatGPT and Gemini. The company's "AI Adoption and Risk Report," also noted a rise in "Shadow AI," which is the workplace use of AI tools on personal accounts without corporate safeguards. Due to the lack of visibility and control over employee use of Shadow AI, organizations may be unable to protect confidential employee, customer, and business data. This article continues to discuss key findings regarding