Ex-CIA computer engineer sentenced to 40 years for giving hacking secrets to WikiLeaks. #CIA #prison Summary: Former CIA software engineer sentenced to 40 years for stealing classified information and possessing child sexual abuse images.

SecurityWeek

Ex-CIA Computer Engineer Gets 40 Years in Prison for Giving Spy Agency Hacking Secrets to WikiLeaks

Former CIA software engineer Joshua Schulte sentenced to 40 years in prison for biggest theft of classified information in CIA history

Facebook's extensive surveillance network is exposed in a new study. Consumer Reports found that 186,892 companies sent data about Facebook users to the social network. On average, each participant had their data sent to Facebook by 2,230 companies. The study highlights the need for interventions to reduce tracking, improve privacy laws, and increase transparency. #DataPrivacy #Facebook #Surveillance #Tracking

Schneier on Security

Facebook's Extensive Surveillance Network - Schneier on Security

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their ...

Top US cyber officials testify on China's cyber threat to US critical infrastructure. Officials warn that Chinese hackers are preparing to cause real-world harm to American citizens and communities. The testimony comes on the same day as the takedown of a botnet used by Chinese hackers. Hashtags: #CyberThreat #USInfrastructure #ChinaHackers

SecurityWeek

Watch: Top Cyber Officials Testify on China's Cyber Threat to US Critical Infrastructure

Video: US cyber officials testify on China’s cyber threat to US critical infrastructure before the House Select Committee on U.S.-China Competition.

Summary: Several potentially serious container escape vulnerabilities, collectively known as Leaky Vessels, have been discovered in Docker's Runc and BuildKit tools. The vulnerabilities could allow attackers to escape containers and gain access to the underlying host operating system, potentially compromising data and conducting further attacks. Patches and mitigations are available, and users are advised to update their systems. Hashtags: #ContainerEscape #Vulnerabilities #Docker #Security

SecurityWeek

'Leaky Vessels' Container Escape Vulnerabilities Impact Docker, Others

Snyk discloses information on Leaky Vessels, several potentially serious container escape vulnerabilities affecting Docker and others.

CISA sets 48-hour deadline for removal of insecure Ivanti products. Hashtags: #CISA #Ivanti #Cybersecurity #Deadline

SecurityWeek

CISA Sets 48-Hour Deadline for Removal of Insecure Ivanti Products

In an unprecedented move, CISA is directing federal agencies to disconnect insecure Ivanti VPN products within 48 hours.

Pump-and-Dump Schemes: Crypto fraudsters made $240m by artificially inflating Ethereum tokens #CryptoFraud #MarketManipulation #PumpAndDump #Cryptocurrency #Ethereum Blockchain analysis firm Chainalysis reveals that market manipulators may have made over $240m by inflating the value of Ethereum tokens #MarketManipulation #EthereumTokens #CryptoProfits Less than 14% of all tokens launched on Ethereum achieved more than $300 of DEX liquidity in a month, suggesting fraudulent activity linked to pump-and-dump schemes #MarketManipulation #FraudulentTokens #PumpAndDump Chainalysis identifies tokens meeting criteria for pump-and-dump schemes, including market traction, liquidity removal, and market collapse, affecting 24% of Ethereum tokens and 54% listed on a DEX #MarketManipulation #PumpAndDumpSchemes #TokenFraud While market manipulation produced an average profit of $2600 per token, Chainalysis warns that these schemes undermine the overall crypto market and calls for safer markets with increased transparency #CryptoMarket #SaferMarkets #IncreasedTransparency

Infosecurity Magazine

Pump-and-Dump Schemes Make Crypto Fraudsters $240m

Chainalysis reveals that pump-and-dump schemes made Ethereum market manipulators over $240m in 2023 alone

Interpol-led operation Synergia targeted 1300 suspicious IPs associated with cyberattacks including phishing, malware, and ransomware. Officers conducted house searches, seized servers and devices, and detained 31 individuals. Command-and-control (C2) servers were taken down in Europe, Hong Kong, Singapore, South Sudan, and Zimbabwe. 70% of the identified C2 servers have been dismantled. Interpol, along with its partners, provided analysis and intelligence support. Hashtags: #Interpol #Cybersecurity #Synergia #Phishing #Malware #Ransomware.

Infosecurity Magazine

Interpol-Led Initiative Targets 1300 Suspicious IPs

Global collaborative effort focused on combating the global rise of phishing, malware and ransomware

Summary: US federal agencies' failure to oversee ransomware protections threatens the White House's goals of bolstering cyber resilience in critical infrastructure, according to a report by the Government Accountability Office (GAO). The report found that agencies assess basic cybersecurity protections and general guidance, rather than federal guidelines on addressing ransomware specifically. The GAO analyzed ransomware mitigation strategies in critical manufacturing, energy, healthcare, and transportation sectors. The agencies have not fully assessed the use of leading cybersecurity practices or the effectiveness of federal support in mitigating risks. The report recommends improved oversight and evaluation procedures. Hashtags: #RansomwareProtections #CyberResilience #GovernmentOversight #CriticalInfrastructure #FederalAgencies #CybersecurityPractices

Infosecurity Magazine

US Agencies Failing to Oversee Ransomware Protections

A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guid...

Russian APTs employ HTTP-Shell for attacks on government entities. Spear-phishing campaign named "The Bear and the Shell" targets Russian government critics. Attacks utilize social engineering tactics and disguise files as job offers. HTTP-Shell allows remote access to victim's systems. Attackers pose as PDF editing site for command and control. Campaign extends beyond NASA theme, targeting USAID and news outlets. Attribution points to Russian state-sponsored threat actor. Concerns raised over targeted cyberattacks on dissenting voices. #RussianAPT #HTTPShell #CyberAttacks #GovernmentEntities #ThreatActor

Cyber Security News

Russian APTs Employ HTTP-Shell to Attack Government Entities

Recently, Cluster25, a threat intelligence firm, uncovered a spear-phishing campaign dubbed "The Bear and the Shell".

US officials have disrupted a state-backed Chinese effort to plant malware in order to damage US civilian infrastructure, including water treatment plants and transportation systems. FBI Director Chris Wray warned that Chinese hackers are positioning themselves to cause havoc in the event of a war between the US and China. The operation disrupted a botnet of hijacked routers owned by private citizens and companies. The Chinese hackers are using basic flaws in US technology to infiltrate critical infrastructure networks. The US has become more aggressive in its efforts to disrupt cyber operations. State-backed hackers, especially from China and Russia, are adapting and finding new intrusion methods. Major software providers often sacrifice security for convenience. Chinese hackers have previously targeted US critical infrastructure. The Chinese government denies the allegations and claims to be the victim of cyber attacks. #China #CyberThreat #USInfrastructure #Hacking #NationalSecurity #Cybersecurity

SecurityWeek

US Says It Disrupted a China Cyber Threat, but Warns Hackers Could Still Wreak Havoc for Americans

Chinese government hackers are busy targeting critical infrastructure inside the United States, FBI Director Chris Wray told House lawmakers

Apple has released the first security update for its Vision Pro VR headset, which addresses a WebKit vulnerability. The vulnerability allows for arbitrary code execution through specially crafted web content. The US cybersecurity agency CISA has also warned about the exploitation of an iOS vulnerability. #Apple #VisionPro #iOS #Cybersecurity #Vulnerability

SecurityWeek

Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation

Apple releases first security update for Vision Pro VR headset as CISA issues warning about exploitation of iOS vulnerability.

Change Your Password Day: Five Reasons to (Finally) Do It #ChangeYourPasswordDay #PasswordSecurity #Cybersecurity #DataProtection #OnlineSafety

Infosecurity Magazine

Change Your Password Day: Five Reasons to (Finally) Do It

Infosecurity has selected five reasons why February 1st is an excellent opportunity to finally change this password you meant to change a long time...

Summary: Ivanti has released patches for two critical zero-day vulnerabilities, which also cover two new bugs. One of the new bugs is actively being exploited in attacks. The vulnerabilities impact Ivanti's Connect Secure VPN product and Policy Secure network access control offering. Ivanti advises customers to factory reset their appliances before applying the patch to prevent threat actors from gaining "upgrade persistence." In related news, security researchers have discovered new malware linked to the original Ivanti zero-day vulnerabilities, including a webshell called Bushwalk. Hashtags: #Ivanti #security #vulnerabilities #zero-day #patches #bugs #malware #webshell #ConnectSecure #PolicySecure

Infosecurity Magazine

Ivanti Releases Zero-Day Patches and Reveals Two New Bugs

Ivanti has finally released updates to fix two zero-day bugs and two new high-severity vulnerabilities

Hackers are using compromised routers to target government organizations in Europe and the Caucasus region. The APT28 threat actors were behind this malicious campaign. They used spear-phishing to distribute credential stealers, remote execution tools, and a reconnaissance and credentials harvesting tool. The malicious infrastructure is believed to be built from legitimate compromised Ubiquiti network devices. The attack is likely being carried out to further Russian goals. #cyberattack #cybersecurity #cybersecuritynews

Cyber Security News

Hackers Use Compromised Routers to Attack Government Organizations

Attackers continue to use compromised routers as malicious infrastructure to target government organizations in Europe and the Caucasus region.

GNU C Library Vulnerability Leads to Full Root Access. Heap-based buffer overflow in glibc's __vsyslog_internal() function allows attackers to gain full root access. Linux distributions are vulnerable. #glibc #vulnerability #rootaccess #securityweek

SecurityWeek

GNU C Library Vulnerability Leads to Full Root Access

Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library (glibc) that allows full root access to a system.

- IT and OT integration in the ICS threat landscape discussed in podcast with Palo Alto Networks - Challenges of merging IT and OT governance structures - Process integrations for IT/OT security strategy - Consolidated tech stacks for IT and OT - Role of next-generation firewalls in integrated IT/OT world - Hashtags: #Cybersecurity #ITOTIntegration #ICSConference #TechStacks #NextGenFirewalls

SecurityWeek

Podcast: Palo Alto Networks Talks IT/OT Convergence

In this podcast, SecurityWeek talks to Del Rodillas from Palo Alto Networks, about the integration of IT and OT and the ICS threat landscape.

US Gov neutralizes Chinese APT Volt Typhoon's botnet of end-of-life routers. #Cybersecurity #Botnet #APT US government takes down botnet used by Chinese APT Volt Typhoon. #Security #Router #APT Government remotely seizes control of infected routers used as covert communications channel by Chinese hackers. #GovernementAction #RouterBotnet #ChineseAPT US government disrupts botnet of Cisco and Netgear routers used by Chinese APT group. #USGovernment #RouterBotnet #APT Chinese APT group Volt Typhoon targeted critical infrastructure using end-of-life routers. #CybersecurityThreat #CriticalInfrastructure #RouterBotnet

SecurityWeek

US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon

The US government neutralizes a botnet full of end-of-life Cisco and Netgear routers being by a notorious Chinese APT group.

EU launches first cybersecurity certification for digital products. The voluntary scheme replaces national certifications. EUCC allows ICT suppliers to demonstrate cybersecurity assurance. The scheme proposes two levels of assurance based on risk. ENISA is working on certification schemes for cloud services and 5G security. Increasing cybersecurity regulations and standards. #EU #cybersecurity #certification #digitalproducts #ICTsuppliers

Infosecurity Magazine

EU Launches First Cybersecurity Certification for Digital Products

The voluntary scheme aims to encourage ICT providers to boost the cybersecurity of products and services across the EU

AI and 5G are redefining cybersecurity, requiring the industry to collectively adapt. Security measures are crucial for an organization's reputation. Industry-wide collaboration is key to understanding and mitigating evolving threats. Telcos have a responsibility to protect customers and critical infrastructure. Inadequate defense against cybercrime can have devastating consequences. The security of new technology, like 5G, must be addressed before mass adoption. The rise of AI brings new challenges and risks, but it can also be used for defense. Joining industry events and raising awareness is important for staying ahead of threats. #AI #5G #Cybersecurity #Threats #Telcos #DataBreach #SecuritySummit #GSMASECCON

Infosecurity Magazine

AI And 5G are Defining a New Era of Cybersecurity: The Industry Must C

5G and AI create an impression of boundless innovation, but without security, the hard-earned reputation of any company can unravel

Pawn Storm, also known as APT28, has been targeting high-value entities since 2004. They continue to compromise email accounts despite using outdated methods like phishing. Pawn Storm has recently been involved in Net-NTLMv2 hash relay attacks on government, defense, and military networks globally. They have targeted various sectors and regions, demonstrating persistence and enhancing operational security. They have used anonymization layers and vulnerabilities to conduct their attacks. Pawn Storm remains aggressive and network defenders should leverage indicators of compromise to enhance security. #PawnStorm #APT28 #hashrelayattacks #government #defense #military #phishing #informationsecurity

Infosecurity Magazine

Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed

Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation