Security

T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’

by

December 4, 2024 at 07:58PM T-Mobile US swiftly thwarted cyber-espionage attempts by a Chinese-backed group, Salt Typhoon, which compromised a connected network but accessed none of T-Mo’s sensitive customer data. T-Mobile emphasized its layered defenses and the use of advanced authentication methods to prevent further intrusions. US officials recommend strong encryption for communications. **Meeting Takeaways:** … Read more

Microsoft says having a TPM is “non-negotiable” for Windows 11

by

December 4, 2024 at 07:48PM Microsoft confirmed that Windows 10 users require TPM 2.0 support to upgrade to Windows 11, describing it as a mandatory security feature. Though many bypass methods exist, TPM 2.0 is critical for enhancing cybersecurity. Additionally, Windows 10 support ends on October 14, 2025, but users can purchase Extended Security Updates … Read more

New DroidBot Android malware targets 77 banking, crypto apps

by

December 4, 2024 at 06:20PM A new Android malware called ‘DroidBot’ targets over 77 cryptocurrency exchanges and banking apps across the UK, Italy, France, Spain, and Portugal to steal user credentials. **Meeting Takeaways:** 1. **Introduction of New Malware:** A new Android banking malware called ‘DroidBot’ has been identified. 2. **Targeted Applications:** The malware specifically aims … Read more

White House: Salt Typhoon hacked telcos in dozens of countries

by

December 4, 2024 at 06:05PM Chinese state hackers, identified as Salt Typhoon, have compromised telecommunications firms in multiple countries, including eight in the U.S., with possible breaches lasting one to two years. Although classified communications remain secure, federal agencies recommend using encrypted messaging to protect against future intrusions. CISA and FBI released guidance for enhanced … Read more

Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects

by

December 4, 2024 at 06:01PM Onapsis announced an expansion of its Control product line, introducing a new bundle for enhanced application security testing on the SAP Business Technology Platform (BTP). This offering provides automated code scanning, real-time security checks, and centralized Git repository scanning, helping developers secure and streamline their SAP projects. Availability starts Q4 … Read more

Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systems

by

December 4, 2024 at 06:01PM U.S. Senators Ron Wyden and Eric Schmitt called for an investigation into the Defense Department’s failure to secure communications from foreign spies after the “Salt Typhoon” hack. Concerns include DOD’s $2.7 billion contract with vulnerable telecoms and the lack of encryption and cybersecurity audits for phone networks. ### Meeting Takeaways … Read more

Russian FSB Hackers Breach Pakistan’s APT Storm-0156

by

December 4, 2024 at 05:31PM Russian hackers, known as Secret Blizzard, have infiltrated a Pakistani hacker group, Storm-0156, to access sensitive information from Afghan and Indian military targets. By leveraging Storm-0156’s tools and infrastructure, they employed diverse tactics for espionage, showcasing a unique trend of threat actors hacking fellow cybercriminals to gain operational advantages. **Meeting … Read more

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

by

December 4, 2024 at 05:17PM Concerns over China-backed Salt Typhoon’s cyber intrusions into US telecom networks led CISA, NSA, and FBI to issue guidance for detection and mitigation. Victims like AT&T and Verizon continue to combat this extensive espionage campaign, with recommendations encouraging encrypted communications and enhanced cybersecurity measures for individuals and organizations. ### Meeting … Read more

Veeam Urges Updates After Discovering Critical Vulnerability

by

December 4, 2024 at 03:54PM Veeam has released an update to fix a critical vulnerability (CVE-2024-42448, CVSS 9.9) in its Service Provider Console (VSPC), which could enable remote code execution. A secondary vulnerability (CVE-2024-42449, CVSS 7.1) could leak sensitive data. Users are urged to update to the latest patch, as no mitigations exist. **Meeting Takeaways: … Read more

FBI shares tips on how to tackle AI-powered fraud schemes

by

December 4, 2024 at 03:39PM The FBI warns that scammers are increasingly using AI to enhance online fraud schemes, including romance, investment, and job scams. They advise the public to be vigilant and provide tips for identifying scams, such as checking for imperfections in media and verifying identities through secret phrases. **Meeting Takeaways:** 1. **FBI … Read more