Security News > 2024 > January

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

In this article, we walk you through how to set up and use KeePass. If you're using a different operating system, simply look for the appropriate download link under KeePass' Contributed/Unofficial KeePass Ports list.

Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been honing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos. "We've been involved in incident response cases, as well as using our intelligence and capabilities to track that group and identify where they've been targeting," Lee said.

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported versions of Windows could spell trouble for enterprise defenders. "I have only tested the whole thing a few times in a domain network consisting of a Windows 10 machine and a Windows Server 2022 domain controller. I was able to crash the event log service of the domain controller as an unprivileged user from the Windows 10 machine, and that was about it."

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

Professional cyber threat hunters complement cybersecurity programs focusing on potential threats and vulnerabilities that may breach automated cybersecurity tools and traditional systems. These hunters proactively search for previously unknown or ongoing threats by using their deep understanding of cybersecurity and how cybercriminals operate.

Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. The same social engineering, phishing and application/operating system vulnerabilities which plague desktops and laptops are just as applicable to mobile devices.

Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. The news comes days after Ivanti, which releases its patches on a staggered schedule, said the first batch of fixes - due last week - was delayed, and many versions remain without official fixes.

Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm's Asia offices were initially breached, and the attackers spread throughout their network.

TL;DR: Provide yourself and your team with the ultimate VPN protection with a lifetime subscription to Ivacy VPN while it's available to new users for just $35 through February 4 at 11:59 p.m. Pacific. So it's imperative to keep yourself protected with a powerful VPN, both at home and abroad. However, all VPNs are not created equal.