#networksecurity

White House Says at Least 8 US Telecom Firms, Dozens of Nations Impacted by China Hacking Campaign

by

December 5, 2024 at 06:03AM A White House official revealed that a Chinese hacking campaign has impacted at least eight U.S. telecom firms and multiple nations, targeting private communications of Americans, including officials. While no classified information was compromised, ongoing cybersecurity risks remain. The Chinese embassy denies involvement, urging the U.S. to stop its cyberattacks. … Read more

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

by

December 5, 2024 at 01:18AM The U.S. CISA has added several vulnerabilities to its KEV catalog, including severe issues in Zyxel and I-O DATA products, with active exploitation reported. Recommendations for remediation by December 25, 2024, are urged for federal agencies. Meanwhile, I-O DATA advises users to enhance security until patches are released. **Meeting Takeaways … Read more

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

by

December 4, 2024 at 05:17PM Concerns over China-backed Salt Typhoon’s cyber intrusions into US telecom networks led CISA, NSA, and FBI to issue guidance for detection and mitigation. Victims like AT&T and Verizon continue to combat this extensive espionage campaign, with recommendations encouraging encrypted communications and enhanced cybersecurity measures for individuals and organizations. ### Meeting … Read more

Japan warns of IO-Data zero-day router flaws exploited in attacks

by

December 4, 2024 at 10:34AM Japan’s CERT warns that hackers are exploiting zero-day vulnerabilities in I-O Data’s UD-LT1 routers, enabling unauthorized access and command execution. The vendor confirmed flaws and plans to release fixes by December 18, 2024. Users are advised to implement mitigation measures to protect their devices until updates are available. ### Meeting … Read more

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

by

December 4, 2024 at 08:19AM CISA warned of a high-severity vulnerability (CVE-2024-11667) in Zyxel firewall devices, exploited in the wild, allowing unauthorized file access. Zyxel issued patches, but users must change passwords for complete protection. CISA urges federal agencies to update their systems by December 24 and recommends all organizations to follow suit. ### Meeting … Read more

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

by

December 4, 2024 at 02:15AM A joint advisory from Australia, Canada, New Zealand, and the U.S. warns of a Chinese cyber espionage campaign targeting telecommunications. The group, known as Salt Typhoon, has been active since 2020, with ongoing intrusions. Cybersecurity guidance emphasizes strengthening network defenses to mitigate associated risks amid escalating U.S.-China trade tensions. **Meeting … Read more

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign

by

December 3, 2024 at 05:53PM Federal authorities are urging telecom companies to enhance network security after a significant Chinese hacking campaign accessed Americans’ private data. The FBI and cybersecurity agencies issued technical recommendations to thwart further cyberespionage, while the scale and ongoing access of the attackers remain unclear. This broad attack is part of China’s … Read more

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

by

December 3, 2024 at 08:57AM Cisco has updated its advisory regarding a decade-old vulnerability (CVE-2014-2120) in its Adaptive Security Appliance, which is being actively exploited. The flaw allows cross-site scripting attacks via the WebVPN login page. Users are urged to update their systems as it was added to the CISA’s KEV catalog for urgent remediation. … Read more

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

by

November 28, 2024 at 12:27PM Advantech EKI wireless access points have 20 disclosed vulnerabilities, including six critical ones that allow unauthenticated remote code execution and potential backdoor access. Recent firmware updates address these issues, but attackers can exploit them via physical proximity and rogue access points. Vulnerabilities could lead to significant network breaches and data … Read more

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

by

November 27, 2024 at 11:54PM T-Mobile reported recent attempts by hackers to infiltrate its systems, though no sensitive data was accessed. The attacks originated from a connected wireline provider’s network and were thwarted by T-Mobile’s security measures. The incident is notable following cyber threats from a China-linked group targeting U.S. telecoms. ### Meeting Takeaways – … Read more