Tag

Cybersecurity Agencies

All articles tagged with #cybersecurity agencies

cybersecurity1 year ago•1 min saved

"Chinese Hackers' 5-Year Infiltration of US Infrastructure Revealed"

US and allied intelligence agencies have revealed that a sophisticated group of Chinese hackers, known as Volt Typhoon, has been targeting critical US infrastructure including aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage systems for as long as five years. The group has been observed maintaining access within some victim IT environments, raising concerns about potential sabotage rather than espionage. The US government has sought assistance from private technology industry to track and counter this malicious cyber activity.

via The Guardian|

#chinese-hackers #cybersecurity #cybersecurity-agencies

cybersecurity2 years ago•3 min saved

"Web Devs' Negligence Leads to Massive Data Breaches and Warnings from Cybersecurity Agencies"

Cybersecurity agencies in the US and Australia have warned that personal, financial, and health information of millions of individuals has been stolen due to insecure direct object references (IDORs) in web applications and APIs. IDORs occur when access to information is granted based on user input rather than proper authorization checks. These vulnerabilities are frequently exploited by criminals to steal, modify, or delete sensitive data, access devices without permission, or distribute malware. The agencies recommend implementing secure-by-design principles, using automated code analysis tools, and following a series of recommendations to mitigate the risk of IDOR flaws and protect sensitive data.

via The Register|

#cybersecurity #cybersecurity-agencies #data-breach

cybersecurity2 years ago•2 min saved

Rising TrueBot Malware Attacks Prompt Cybersecurity Agencies' Alarm

Cybersecurity agencies have issued warnings about the emergence of new variants of the TrueBot malware, which is now targeting companies in the U.S. and Canada. The malware exploits a critical vulnerability in the widely used Netwrix Auditor server, allowing attackers to gain unrestricted access to compromised systems. Linked with cybercriminal collectives Silence and FIN11, TrueBot is used to extract confidential data and disseminate ransomware, posing a significant threat to infiltrated networks. Organizations are advised to install necessary updates, enhance security protocols, be vigilant for signs of infiltration, and report any incidents to authorities.

via The Hacker News|

#cybersecurity #cybersecurity-agencies #data-breach

cybersecurity2 years ago•3 min saved

China's State-Sponsored Hackers Target US Navy and Pacific Cyberinfrastructure.

Chinese-backed hackers breached American infrastructure, including technology systems belonging to the U.S. Navy, using legitimate credentials to gain access to the systems and small-office routers to disguise where the intrusion is coming from. The infrastructure targeted “span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” The Five Eyes cybersecurity agencies issued a joint advisory on the hack and how to detect similar ones, while China denied the allegations.

via Task & Purpose|

#china #cyberattack #cybersecurity