Atranche of documents posted to GitHub five days ago reveals that Chinese contractors working to support Beijing's hacking operations are a lot like office drones everywhere but with a twist: They complain about the low pay, gamble in the office and also help to break into the computer systems of foreign governments. Since their release over the weekend, the trove of documents from a Chinese offensive security company, I-SOON, have stunned researchers. READ MORE...
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation's burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON. READ MORE...
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. SSH-Snake was discovered by the Sysdig Threat Research Team (TRT), who describe it as a "self-modifying worm" that stands out from traditional SSH worms by avoiding the patterns typically associated with scripted attacks. READ MORE...
A threat actor is targeting organizations running Apache Hadoop and Apache Druid big data technologies with a new version of the Lucifer botnet, a known malware tool that combines cryptojacking and distributed denial of service (DDoS) capabilities. The campaign is a departure for the botnet, and an analysis this week from Aqua Nautilus suggests that its operators are testing new infection routines as a precursor to a broader campaign. READ MORE...
When hackers working on behalf of the Chinese government stole a Microsoft signing key and used it to breach the email accounts of senior U.S. government officials last year, that operation was only discovered due to an expensive logging option in use at the U.S. State Department. The fact that a security feature necessary to detect a Chinese hacking operation was marketed as an upgrade placed intense scrutiny on Microsoft's decision to charge a premium for security features. READ MORE...
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks. The fact sheet they published today outlines the top eight actions U.S. Water and Wastewater Systems (WWS) sector organizations can take to reduce cyberattack risks and boost their resilience against malicious activity. It also details the free services, resources, and tools that can be used in support of these defense measures. READ MORE...
Infosec researchers say urgent patching of the latest remote code execution (RCE) vulnerability in ConnectWise's ScreenConnect is required given its maximum severity score. The vulnerability has been given a maximum 10/10 CVSS rating by ConnectWise, one that outside researchers agree with given the potential consequences of a successful exploit. In disclosing the maximum-severity authentication bypass vulnerability (CWE-288), ConnectWise also revealed a second weakness. READ MORE...
Researchers from the University of Florida, alongside CertiK, have come up with a theoretical attack, called "VoltSchemer" (PDF), that allows for wireless charger takeover through power supply voltage manipulation. The attack could allow threat actors to damage charging devices, bypass Qi standard's mechanisms, and manipulate voice assistants. It would be able to do this by exploiting voltage noises from the power supply. READ MORE...