The US Department of the Treasury alerted lawmakers on Monday that Chinese state-backed threat actors were able to compromise its systems and steal data from workstations earlier this month. Because an advanced persistent threat (APT) group is suspected to be behind the hack, it is being treated as a "major cybersecurity incident," the disclosure letter from the Treasury Department said. The letter was sent to the chairman and ranking member of the Senate committee that oversees the agency. READ MORE...
Lax security controls played a significant role in allowing a China-government sponsored threat group to gain broad and full access to U.S. telecom networks, a senior White House official said Friday. "From what we're seeing [,] those networks are not as defensible as they need to be to defend against a well-resourced, capable, offensive cyber actor like China," Anne Neuberger, deputy national security advisor for cyber and emerging technology, said during a Friday media briefing. READ MORE...
Cybercriminals who hacked Rhode Island's system for health and benefits programs have released files to a site on the dark web, a scenario the state has been preparing for, Gov. Daniel McKee said Monday. The state has an outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information, according to a press release from McKee's office. The governor said it wasn't yet clear if all of the files stolen from RIBridges have been posted to the dark web. READ MORE...
A US Army soldier suspected of leaking presidential call logs was reportedly arrested in Texas on December 20, after being charged on two counts of unlawful transfer of confidential phone records. The suspect, Cameron John Wagenius, 20, was arrested in Fort Hood, Texas, under the suspicion of being a cybercriminal who, using the online moniker of Kiberphant0m, had been offering and leaking call records stolen from telecommunication providers AT&T and Verizon. READ MORE...
The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. The FBI and other US federal agencies rang in 2024 boasting about disrupting a Chinese botnet composed of "hundreds" of outdated routers intent on breaking into US critical infrastructure facilities. Spoiler alert: the botnet is back. READ MORE...
Two botnets tracked as 'Ficora' and 'Capsaicin' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. For initial access, the two pieces of malware use known exploits for CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. READ MORE...
A new jailbreak technique for OpenAI and other large language models (LLMs) increases the chance that attackers can circumvent cybersecurity guardrails and abuse the system to deliver malicious content. Discovered by researchers at Palo Alto Networks' Unit 42, the so-called Bad Likert Judge attack asks the LLM to act as a judge scoring the harmfulness of a given response using the Likert scale. READ MORE...
Thousands of industrial routers from a Chinese telecommunications equipment manufacturer are vulnerable to a post-authentication vulnerability, with indications it is already being exploited in the wild to infect devices with Mirai malware. On Dec. 27, VulnCheck detailed the vulnerability, tracked as CVE-2024-12856, wherein an attacker can leverage default credentials in Four-Faith F3x24 and F3x36 routers to remotely inject commands into the operating system. READ MORE...