Jen Easterly from CISA confirmed on Wednesday that Salt Typhoon threat actors were detected on US government networks prior to telcos discovering the same activity in their organizations. She went on to say it is likely “just the tip of the iceberg” of Chinese state-sponsored intrusions into critical U.S infrastructure. She also took the opportunity … Read More “Salt Typhoon THREAT ACTORS SPOTTED ON US GOVT NETWORKS BEFORE TELCOS” »
Tag: information security news
The Salt Typhoon saga continues to unfold, the latest victims confirmed to have been compromised are Charter and Windstream. AT&T, Verizon, and Lumen are also confirmed to be impacted at this time. The attack has been attributed to Chinese state-sponsored threat actors that obtained text messages, voicemails, phone calls and wiretap information of active U.S … Read More “Charter and Windstream ADDED TO LIST OF TELCO PROVIDERS COMPROMISED BY Salt Typhoon” »
A data leak posted by IntelBroker on December 25th via BreachForums has been verified as authentic by Cisco. This follows an earlier leak this month of 2.9 GB of files. The files contain sensitive materials such as cryptographic signatures, internal project archives, and source code. Allegedly a misconfiguration in the DevHub platform inadvertently made the … Read More “Cisco CONFIRMS AUTHENTICITY OF 4.45 GB DATA BREACH” »
There is a very interesting writeup at ars technica on a sophisticated malware attack that allowed bad actors to compromise infrastructure that was used to update and distribute Linux. The attack took place back in 2011 which led to 448 accounts being compromised and created a backdoor in OpenSSH that allowed for access to a … Read More “LINUX KERNEL SUPPLIER-SIDE OpenSSH BACKDOOR” »
A novel VPN attack being called TunnelVision is able to force encrypted VPN traffic to route outside of the secure tunnel, potentially allowing a bad actor to intercept communication thought to be encrypted and secure. According to researchers the vulnerability may have existed since as early as 2002. The attack does not appear to effect … Read More “NOVEL VPN ATTACK FORCES TRAFFIC OUTSIDE OF ENCRYPTED TUNNEL” »
A majority of organizations globally are implementing Zero Trust architecture/strategies. The model assumes there is no implicit trust granted to assets or user accounts based solely on their physical location. This is a response to an increase in work from home, remote users and bring your own device (BYOD) being more widely adopted. While this … Read More “ZERO TRUST ARCHITECTURE IS BEING WIDELY IMPLEMENTED GLOBALLY” »
A state-sponsored threat actor group has apparently leveraged two zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) to gain access to government systems and conduct espionage. Cisco is calling the campaign ArcaneDoor and based on the sophistication of the attacks their security division, Talos, believes it to be a state-sponsored group they are calling UAT4356. … Read More “ZERO-DAY VULNERABILITY IN Cisco Adaptive Security Appliances ALLOWS ACCESS TO GOVERNMENT NETWORKS – ArcaneDoor” »
Frontier Communications was forced to shut down some of their IT systems following a cyberattack to prevent threat actors from laterally moving through their network. Attackers did have access to PII data but it is not clear if that data was related to employees or clients. The company is saying the attack did not disrupt … Read More “FRONTIER COMMUNICATIONS SHUTS DOWN SERVICES DUE TO CYBERATTACK” »
Researchers at the University of Illinois Urbana-Champaign have found that OpenAI’s Chat GPT-4 is capable of producing working exploits for most public vulnerabilities simply by reading about them in CVEs and other online sources. They tested the agent on known vulnerabilities with High or Sever CVE scores effecting Python packages, websites, containers and other bugs. … Read More “MOST VULNERABILITIES CAN BE EXPLOITED BY GPT-4 BY READING THREAT ADVISORIES” »
A vulnerability exists that could allow a bad actor to bypass authentication and gain admin access to Delinea Secret Server which is a Privileged Access Management solution. Attackers could potentially extract secrets. The vulnerability exists in the Secret Server SOAP API. Information on the vulnerability and a PoC are already available from a blog post … Read More “CRITICAL VULNERABILITY IN Delinea Secret Server ALLOWS AUTH BYPASS” »