Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Summary: The Trump administration has dissolved all advisory committee memberships within the Department of Homeland Security (DHS), including the Cyber Safety Review Board (CSRB), which has been critical of major cybersecurity failures. This decision raises concerns about the future of cybersecurity oversight and the potential implications for national security.…
Read More
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Summary: The US government has disclosed details of two exploit chains used by Chinese hackers to infiltrate Ivanti Cloud Service Appliances (CSA), highlighting significant vulnerabilities. Four critical security flaws have been identified, which are actively exploited by these threat actors. The advisory emphasizes the importance of monitoring and securing affected systems to prevent further intrusions.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Summary: A newly identified Chinese threat group, PlushDaemon, has executed a supply chain attack against South Korean VPN developer IPany, deploying a custom backdoor for cyber-espionage. This attack marks a shift in the group’s tactics, which typically involve hijacking legitimate updates of applications. The group has been active since at least 2019, targeting various regions including South Korea and the US.…
Read More
BreachForums admin to be resentenced after appeals court slams supervised release
Summary: Conor Fitzpatrick, the founder of the cybercrime platform BreachForums, is set to be resentenced after a three-judge panel vacated a previous lenient sentence that allowed him to serve only 17 days in prison. The appellate court criticized the district court’s decision, which was influenced by Fitzpatrick’s age and autism diagnosis, for being “substantively unreasonable” given his extensive criminal activities.…
Read More
China-linked hacker group targets victims in East Asia with malicious VPN installers
Summary: A new Chinese state-sponsored hacker group, PlushDaemon, has been targeting users in East Asia through an espionage campaign involving a compromised VPN installer from South Korean firm IPany. The attackers deployed custom malware capable of extensive data collection and spying on victims. Although discovered recently, PlushDaemon has been active since at least 2019, focusing on espionage against various entities across multiple countries.…
Read More
Iran and Russia deepen cyber ties with new agreement
Summary: A recent agreement between Iran and Russia aims to enhance military, security, and technological cooperation, particularly in cybersecurity and internet regulation. The deal, signed by leaders of both nations, seeks to formalize their close ties and establish stronger control over the digital space. Both countries, known for their restrictive internet policies, plan to collaborate on countering cybercrime and managing national internet segments.…
Read More
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Summary: A newly identified China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack on a South Korean VPN provider, utilizing a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit designed for espionage and data collection, indicating the group’s significant operational capabilities since at least 2019.…
Read More
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
Summary: Cloudflare reported the largest DDoS attack to date, peaking at 5.6 Tbps, which targeted an unnamed ISP in Eastern Asia on October 29, 2024. The attack, originating from a Mirai-variant botnet, lasted only 80 seconds and involved over 13,000 IoT devices. Cloudflare also noted a significant increase in DDoS attacks in 2024, with a 53% rise compared to the previous year.…
Read More
Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
Summary: The largest DDoS attack recorded peaked at 5.6 Tbps, utilizing a Mirai-based botnet with 13,000 compromised devices, targeting an ISP in Eastern Asia. Cloudflare reports a significant rise in hyper-volumetric DDoS attacks, with a notable increase in short-lived attacks that complicate human response efforts. The trend indicates a growing threat landscape, particularly during peak usage periods, leading to an increase in ransom DDoS attacks.…
Read More
TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team
Summary: The Transportation Security Administration (TSA) administrator David Pekoske was removed from his position by the Trump administration, despite having been appointed during Trump’s first term and later renewed by President Biden. Pekoske played a significant role in enhancing cybersecurity measures across transportation sectors, particularly following the Colonial Pipeline ransomware attack.…
Read More
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
Summary: A former CIA analyst, Asif William Rahman, pleaded guilty to transmitting top secret National Defense Information to unauthorized individuals and attempted to conceal his actions. Meanwhile, the Philippines arrested a Chinese national and two Filipinos for conducting espionage activities related to critical infrastructure. Both incidents highlight ongoing security threats and breaches involving sensitive information and national defense.…
Read More
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Summary: Cybersecurity researchers have identified a series of cyber attacks targeting Chinese-speaking regions using a malware known as ValleyRAT. These attacks utilize a multi-stage loader called PNGPlug to deliver the malware through a phishing scheme disguised as legitimate software. The campaign highlights the attackers’ sophisticated methods, including the use of benign applications to conceal malicious activities.…
Read More
FCC Enacts Rule Requiring Telecom Operators To Secure Networks
Summary: The FCC has enacted new rules to enhance cybersecurity measures for telecom operators, requiring them to secure their networks against potential attacks. This decision follows a significant espionage campaign by the Chinese-sponsored threat group Salt Typhoon, which compromised multiple U.S. telecom companies. The FCC’s actions aim to modernize existing regulations and improve defenses against state-sponsored cyber threats.…
Read More
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Summary: Recent research has identified significant security vulnerabilities in various tunneling protocols, potentially allowing attackers to hijack internet hosts for anonymous attacks. Approximately 4.2 million hosts, including VPN servers and routers, are at risk, particularly in countries like China, France, and the U.S. Exploiting these vulnerabilities could enable attackers to conduct denial-of-service (DoS) attacks and access private networks.…
Read More