February 1, 2024 at 04:06AM The US government conducted a major takedown of a botnet using end-of-life Cisco and Netgear routers that were exploited by Chinese state-backed hackers. The botnet, linked to the Chinese APT Volt Typhoon, targeted various sectors, and the FBI remotely seized control of infected routers. The operation aimed to delete malware … Read more
January 31, 2024 at 04:51PM Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems, which threatened physical security according to government officials. The attack locked up IT infrastructure and allowed data exfiltration. JCI’s incident management and response plan, along with external cybersecurity specialists, helped restore affected systems. The … Read more
January 11, 2024 at 10:41AM Former Microsoft product head Panos Panay has left to lead Amazon’s product division, aiming to enhance their device ecosystem, including Alexa, Echo, and Fire TV. The rising number of IoT devices presents security concerns, especially as consumer devices infiltrate commercial networks. Amazon’s plans to expand its device range could compound … Read more
January 9, 2024 at 12:54PM CISA has included a critical Apache Superset flaw (CVE-2023-27524) in its Known Exploited Vulnerabilities list, warning of potential exploitation. This was reported by SecurityWeek. Based on the meeting notes, the key takeaway is that CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog, and … Read more
January 3, 2024 at 10:10AM Nearly 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack, which manipulates sequence numbers during the handshake process to compromise the integrity of SSH channels. This attack affects both clients and servers and was developed by academic researchers from Ruhr University Bochum in Germany. The significance of this … Read more
December 20, 2023 at 03:40PM BlackCat/ALPHV ransomware leaders claim they’ve restarted operations on their primary blog despite DOJ’s control. In response to law enforcement actions, they’ve lifted ban on cyberattacks against critical infrastructure. However, experts doubt their quick comeback ability. FBI seized server and data, but BlackCat set up a new site. Cybersecurity insiders warn … Read more
December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more
December 14, 2023 at 05:16PM NKAbuse is a new Go-based multi-platform malware exploiting NKN (New Kind of Network) technology. It targets Linux desktops, IoT devices, and supports MIPS, ARM, and 386 architectures. It uses NKN for DDoS attacks and as a remote access trojan, making it difficult to detect and defend against. Its use of … Read more
December 13, 2023 at 12:24PM Malware hunters in the US have uncovered a resilient botnet built from outdated SOHO routers, serving as a covert data transfer network for Chinese government-backed hacker group Volt Typhoon. The botnet spans various sectors, including critical infrastructure organizations. Black Lotus Labs plans to release detailed technical analysis of the threat, … Read more
November 14, 2023 at 07:09AM Code security firm GitGuardian has discovered thousands of hardcoded credentials in Python code committed to PyPI packages. Over 4,000 unique secrets were found in nearly 3,000 packages, with more than 760 of them being valid. The leaked secrets included keys and credentials for popular services such as AWS, Azure AD, … Read more