many parts make the whole
Jen Easterly from CISA confirmed on Wednesday that Salt Typhoon threat actors were detected on US government networks prior to telcos discovering the same activity in their organizations. She went on to say it is likely “just the tip of the iceberg” of Chinese state-sponsored intrusions into critical U.S infrastructure. She also took the opportunity … Read More “Salt Typhoon THREAT ACTORS SPOTTED ON US GOVT NETWORKS BEFORE TELCOS” »
The Salt Typhoon saga continues to unfold, the latest victims confirmed to have been compromised are Charter and Windstream. AT&T, Verizon, and Lumen are also confirmed to be impacted at this time. The attack has been attributed to Chinese state-sponsored threat actors that obtained text messages, voicemails, phone calls and wiretap information of active U.S … Read More “Charter and Windstream ADDED TO LIST OF TELCO PROVIDERS COMPROMISED BY Salt Typhoon” »
A data leak posted by IntelBroker on December 25th via BreachForums has been verified as authentic by Cisco. This follows an earlier leak this month of 2.9 GB of files. The files contain sensitive materials such as cryptographic signatures, internal project archives, and source code. Allegedly a misconfiguration in the DevHub platform inadvertently made the … Read More “Cisco CONFIRMS AUTHENTICITY OF 4.45 GB DATA BREACH” »
A Chinese state-sponsored espionage campaign being dubbed Salt Typhoon now includes nine U.S telecommunication firms. The Chinese government has denied responsibility for the attack which has compromised communications of senior U.S government officials. The full scope of the attack may never be known as the sophisticated attackers took steps to erase evidence of their presence. … Read More “NINTH TELECOM COMPANY ADDED TO LIST OF Salt Typhoon TARGETS” »
A threat actor has revealed they were able to steal the data of 50 million Dell customers including names, addresses and other data related to purchases made at Dell. The compromise was accomplished by setting up a number of partner accounts within the Dell company portal which, after they were approved, allowed them to brute … Read More “BREACH AT Dell LEADS TO DATA OF 50 MILLION CUSTOMERS” »
In a recent court case Marriott has revealed that it was actually securing data using SHA-1 and not the more secure AES-128 encryption algorithm. Marriott was arguing that the encryption they were using was so strong the case against them should have been dismissed, however they recently revealed they were actually using SHA-1 at the … Read More “MARRIOTT ADMITS IT FALSELY CLAIMED IT WAS USING ENCRYPTION” »
A state-sponsored threat actor group has apparently leveraged two zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) to gain access to government systems and conduct espionage. Cisco is calling the campaign ArcaneDoor and based on the sophistication of the attacks their security division, Talos, believes it to be a state-sponsored group they are calling UAT4356. … Read More “ZERO-DAY VULNERABILITY IN Cisco Adaptive Security Appliances ALLOWS ACCESS TO GOVERNMENT NETWORKS – ArcaneDoor” »
Tom Forbes recently published an interesting article detailing how a strange pull request on his pypi-data project led him to discover a publicly available release file that contained a hard coded AWS access key and an AWS secret key. This key was still active and allowed Tom access to an AWS bucket containing clinical data … Read More “InfoSys LEAKS FullAdminAccess AWS KEYS ON PyPi FOR OVER A YEAR” »
Compromised updates for Solarwinds Orion are making headlines for containing malware. The updates available from March through May of this year appear to have contained a very elusive and adaptable trojan that FireEye has dubbed the SUNBURST Backdoor. FireEye has published a great write-up on the attack here along with Indications of Compromise. Please be sure to read through … Read More “SOLARWINDS ORION AND THE SUNBURST BACKDOOR” »
One of the most popular VPN provides, NordVPN has been in the news recently for being hacked. According to NordVPN no user data was compromised and the bad actor never had access to any user traffic. A bad actor was able to acquire a TLS key for a single server in Finland. NordVPN is downplaying … Read More “NordVPN COMPROMISE” »