CISA and the FBI said today they're aware of "possible threats" to satellite communication (SATCOM) networks in the US and worldwide. Today's security advisory also warned US critical infrastructure organizations of risks to SATCOM providers' customers following network breaches. "Successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments," CISA and the FBI said. READ MORE...
One of the top credit bureaus in South Africa has suffered a data breach, and the hackers are demanding about $15 million in ransom, according to news reports. The country's arm of TransUnion confirmed Thursday that "a criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client's credentials." The company said the ransom demand "will not be paid." READ MORE...
In early September, researchers with Google's Threat Analysis Group started tracking a financially motivated hacking group exploiting a since-patched Microsoft vulnerability to gain access to targeted computers. Later it became clear that the group is what's known as an initial access broker - a crew specializing in gaining entry to high-value networks and selling that access to other cybercriminals - and that it is closely affiliated with the notorious Conti ransomware organization. READ MORE...
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group. "Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties," Leonard said. READ MORE...
Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. READ MORE...
For years, malicious hackers have been hacking large fleets of MikroTik routers and conscripting them into Trickbot, one of the Internet's most destructive botnets. Now, Microsoft has finally figured out why and how the routers are being put to use. Trickbot came to light in 2016 as a trojan for stealing account passwords for use in bank fraud. Since then, Trickbot has mushroomed into one of the Internet's most aggressive threat platforms. READ MORE...
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices. The role of Cyclops Blink is to establish persistence for threat actors on the device, allowing them a point of remote access to compromised networks. READ MORE...