"First American December Data Breach Impacts 44,000 People"

"First American December Data Breach Impacts 44,000 People"

​First American Financial Corporation, the second-largest title insurance company in the United States, recently revealed that a December cyberattack led to a breach impacting 44,000 individuals.  On December 21, 2023, the company provided very few details regarding the nature of the incident and was forced to take some of its systems offline to contain the impact of the cyberattack.  Five months later, the title insurance provider disclosed in a filing with the U.S.

Submitted by Adam Ekwall on

"US Sanctions Three Chinese Men for Operating 911 S5 Botnet"

"US Sanctions Three Chinese Men for Operating 911 S5 Botnet"

The Treasury Department recently announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control (OFAC) has designated Yunhe Wang, Jingping Liu, and Yanni Zheng, as well as Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, which are Thailand-based companies that are allegedly owned or controlled by Wang. According to the Department of Justice (DoJ), Wang was the primary administrator of 911 S5, while Liu was responsible for laundering cri

Submitted by Adam Ekwall on

"Internet Archive Disrupted by Sustained and 'Mean' DDoS Attack"

"Internet Archive Disrupted by Sustained and 'Mean' DDoS Attack"

The Internet Archive has been hit with Distributed Denial-of-Service (DDoS) attacks. The non-profit research library offers free access to millions of historical documents, preserved websites, and media content. Since May 26, the site has received tens of thousands of fake information requests per second, forcing it offline intermittently for the past three days. The DDoS attacks have also impacted access to the Internet Archive Wayback Machine that preserves the history of over 866 billion web pages.

Submitted by Gregory Rigby on

"New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks"

"New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks"

Microsoft reports that a new North Korean threat actor called "Moonstone Sleet" (formerly "Storm-1789") is attacking education, the Defense Industrial Base (DIB), Information Technology (IT) companies, and more to conduct espionage and generate revenue. Moonstone Sleet, a state-sponsored group, has become a well-resourced adversary by combining tactics, techniques, and procedures (TTPs) from other North Korean threat actors with its own. This article continues to discuss findings regarding Moonstone Sleet.

Submitted by Gregory Rigby on

"NIST Launches ARIA, a New Program to Advance Sociotechnical Testing and Evaluation for AI"

"NIST Launches ARIA, a New Program to Advance Sociotechnical Testing and Evaluation for AI"

The National Institute of Standards and Technology (NIST) is launching a Testing, Evaluation, Validation, and Verification (TEVV) program to improve understanding of Artificial Intelligence (AI) capabilities and impacts. The objective of the "Assessing Risks and Impacts of AI" (ARIA) program is to help organizations and individuals determine whether a specific AI technology will be valid, reliable, safe, secure, private, and fair upon deployment.

Submitted by Gregory Rigby on

"US Government Sanctions Cybercrime Gang Behind Massive 911 S5 Botnet"

"US Government Sanctions Cybercrime Gang Behind Massive 911 S5 Botnet"

The US Treasury Department sanctioned three Chinese nationals and three Thailand-based companies linked to a botnet controlling a residential proxy service called "911 S5." About two years ago, researchers at the Canadian University of Sherbrooke discovered that this illegitimate residential proxy service offered free Virtual Private Network (VPN) services as a lure to install malware that adds potential victims' IP addresses to the 911 S5 botnet.

Submitted by Gregory Rigby on

"Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Techniques"

"Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Techniques"

Over the past three months, the "CatDDoS" malware botnet has exploited over 80 software security flaws to infiltrate vulnerable devices and bring them into a botnet for Distributed Denial-of-Service (DDoS) attacks. According to QiAnXin XLab, CatDDoS-related gangs' samples have used many known vulnerabilities. The flaws affect routers, networking gear, and other devices from Apache, Cacti, Cisco, D-Link, DrayTek, FreePBX, GitLab, and more. This article continues to discuss findings regarding the CatDDoS malware botnet and the attack technique dubbed "DNSBomb."

Submitted by Gregory Rigby on

"Widespread Data Silos Slow down Security Response Times"

"Widespread Data Silos Slow down Security Response Times"

Although Information Technology (IT) and security professionals share goals and challenges, according to Ivanti, 72 percent of them report that their organization siloed security and IT data, causing corporate misalignment and increased security risk. Sixty-three percent say siloed data slows security response times due to insufficient data. Fifty-four percent say siloed data weakens security, and 41 percent struggle to collaborate on cybersecurity. This article continues to discuss key findings from Ivanti's 2024 State of Cybersecurity Report.

Submitted by Gregory Rigby on

"ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack"

"ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack"

Dutch bank ABN Amro recently announced that client data may have been compromised in a ransomware attack at third-party services provider AddComm.  ABN Amro noted that AddComm distributes physical and digital documents and tokens to its clients and employees.  For the time being, ABN Amro has stopped using AddComm’s services.  ABN Amro said that its systems were not affected by the ransomware attack and that its clients should not worry about their money being at risk.

Submitted by Adam Ekwall on
Subscribe to