Chinese Advanced Persistent Threats (APTs) have been known to be sophisticated, but the ToddyCat group is defying this trend by compromising telecommunications organizations in Central and Southeast Asia with a constantly evolving arsenal of custom but basic backdoors and loaders. ToddyCat was discovered in 2022, but has been active since at least 2020. According to Check Point, it has been involved in Chinese espionage operations. Check Point's researchers say the group stays active by quickly deploying and discarding inexpensive malware used to deliver its payloads.

According to Entelgy, there is potential for human bodies to be hacked because anyone can implant a chip under their skin, and these devices do not typically use secure technologies. Even though biohacking has been discussed for more than a decade, implantable technologies are still considered primitive. Therefore, a potential cyberattack against them should not have significant effects. However, this is not the case with implantable medical devices, where a breach can cause severe harm to a patient's health.

The U.S. Space Force has recently paused using web-based generative artificial intelligence tools like ChatGPT for its workforce over data security concerns.  A recent memo dated September 29 said that the Space Force prohibits personnel from using such AI tools, including large-language models, on government computers until they receive formal approval from the force's Chief Technology and Innovation Office.

A recently announced study will focus on the future challenges associated with autonomous vehicles (AVs) regarding cybersecurity and more. The ASIS Foundation awarded funding to the University of Portsmouth and the University of West London to study AV security and regulations. The project seeks to answer important questions about the effectiveness of existing regulatory frameworks and standards governing the secure and safe expansion of AV use. In addition, it will analyze how these regulations address threats, risks, and opportunities in the security sector.

The Food and Agriculture Risk Modeling (FARM) project, led by Mary Lancaster, a Pacific Northwest National Laboratory (PNNL) epidemiologist and data scientist, and PNNL researchers, is the first exploration of the cybersecurity vulnerabilities of an increasingly smart food and agriculture sector for the Department of Homeland Security (DHS). Advanced technology is the future of agriculture, and there are already numerous examples of technologies controlled by smart devices and computer systems.

Prasad Calyam, cybersecurity professor and director of the Mizzou Center for Cyber Education, Research, and Infrastructure, is leading the project to establish a new cybersecurity approach that better protects classified information and battlefield communications. His team is exploring the design and implementation of zero trust security in relation to military operations.

Microsoft has recently fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively exploited in the wild.  October’s Patch Tuesday fixed 104 vulnerabilities, only 12 of which were labeled “Critical.” The first zero-day bug, CVE-2023-41763, is an elevation of privilege vulnerability in Skype, which allows an attacker to send a specially crafted network call to a target Skype for Business server.  The second zero-day is CVE-2023-36563, an information disclosure vulnerability in WordPad that allows disclosure of NTLM hashes.

Threat actors continue to exploit a critical vulnerability in unpatched NetScaler Gateways, inserting malicious scripts into the HTML content of the authentication web page in order to steal user credentials. The vulnerability, tracked as CVE-2023-3519, was reported in July when the Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its catalog of Known Exploited Vulnerabilities (KEV).

Researchers at Cybernews have further revealed the intrusive nature of Android apps. According to Statista, Android dominates the global mobile operating system (OS) market with a 70.5 percent share. However, while this popular OS provides app developers with a great deal of flexibility, it also poses a threat to user data protection and privacy. In the most recent Cybernews study, 50 apps dedicated to personal finance, such as payment providers, investment platforms, cryptocurrency, and more, were examined.

Google recently announced the release of Chrome 118 to the stable channel with fixes for 20 vulnerabilities, including 14 reported by external researchers.  Google noted that the most severe of the externally reported flaws is CVE-2023-5218, a critical bug described as a use-after-free issue in Site Isolation, Chrome’s component responsible for preventing sites from stealing other sites’ data.