News
Hi folks,
I hope you're doing well. We've got a nice balance of interesting articles and plenty of breaches this week :-) Enjoy the read!
Cheers,
White House says Chinese telecom hacks have been in motion for years
The Chinese state-sponsored hacker group Salt Typhoon has impacted at least eight telecoms in the US and more in other countries as well, in a campaign that has been going for over two years.
Korea arrests CEO for adding DDoS feature to satellite receivers
Apparently a manufacturer of satellite receivers from South Korea pre-loaded 240,000 receivers with DDoS attack capabilities, at the request of the (unnamed) client. Building in such capability is illegal, so the manufacturer now had their CEO and five employees arrested, and assets being seized. No mention of what happens to the client. I presume they're from a different country and thus can't be directly charged.
Cloudflare’s developer domains increasingly abused by threat actors
Good to be aware of that pages.dev and workers.dev, which are operated by Cloudflare, are frequently used in phishing attacks because most security applications consider those domains to have a good reputation. Most of the time they are used for hosting legit things, but not always.
Report: Chinese lidar technology poses national security threat
Alarm bells are being raised about an increased usage of Chinese-made components for lidar technology, similar to previously raised issues with Huawei and DJI drones.
Six password takeaways from the updated NIST cybersecurity framework
It's a sponsored post (on bleepingcomputer, not here), but it's actually a great list of things that really should be common knowledge by now but still aren't. Like password length beats complexity rules, password rotation is a bad idea, etc. Easy to share with folks who haven't gotten the memo yet after all these years.
Quick stories
- New Windows Server 2012 zero-day gets free, unofficial patches: link.
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems: link.
- Police seize Matrix encrypted chat service after spying on criminals: link.
- Microsoft reiterates “non-negotiable” TPM 2.0 requirement for Windows 11: link.
- UN, international orgs create advisory body for submarine cables after incidents: link.
Breaches and leaks
- Romania's election systems targeted in over 85,000 cyberattacks: link.
- Costa Rica state energy company calls in US experts to help with ransomware attack: link.
- Hoboken government recovering from ransomware attack as Conti-linked gang takes credit: link.
- Bologna FC confirms data breach after RansomHub ransomware attack: link.
- Vodka maker Stoli files for bankruptcy in US after ransomware attack: link.
- BT unit took servers offline after Black Basta ransomware breach: link.
- U.S. org suffered four month intrusion by Chinese hackers: link.
- Japanese crypto service shuts down after theft of bitcoin worth $308 million: link.
- Solana Web3.js library backdoored to steal secret, private keys: link.
Issues and fixes
- Veeam warns of critical RCE bug in Service Provider Console: link.
- Exploit released for critical WhatsUp Gold RCE flaw, patch now: link.
- Japan warns of IO-Data zero-day router flaws exploited in attacks: link.
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit: link.
- CISA and German cyber authorities warn Zyxel firewalls facing active exploitation: link.
1Password: the password manager with (to me) the best UX
I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)