Security News

Global rise in DDoS attacks threatens digital infrastructure
2023-06-29 03:30

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. While the overall number of DDoS attacks did more than double, the maximum size of 361.9 gigabits per second represented a 48.2% decrease over those measured in 2021.

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
2023-06-26 05:51

The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. "The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land techniques for lateral movement," the cybersecurity company said.

China's cyber now aimed at infrastructure, warns CISA boss
2023-06-13 04:45

China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency Jen Easterly told an Aspen Institute event on Monday. "PRC actors have been in the spotlight for years and years, the key difference here was for PRC actors the focus has been espionage," said [VIDEO] Easterly.

Chinese Hacking of US Critical Infrastructure
2023-05-31 14:53

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.

Augmenting Your Microsoft 365 EOP and MDO Email Security Infrastructure
2023-05-25 16:00

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

Five Eyes agencies detail how Chinese hackers breached US infrastructure
2023-05-25 11:10

The National Security Agency and Five Eyes partner agencies have identified indicators of compromise associated with a People's Republic of China state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to target networks across US critical infrastructure. The authoring agencies also includes a summary of indicators of compromise values, such as unique command-line strings, hashes, file paths, exploitation of CVE-2021-40539 and CVE-2021-27860 vulnerabilities, and file names commonly used by this actor.

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
2023-05-25 08:28

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.

Five Eyes and Microsoft accuse China of attacking US infrastructure again
2023-05-25 03:30

China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity. The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."

Chinese hackers breach US critical infrastructure in stealthy attacks
2023-05-24 20:43

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the Microsoft Threat Intelligence team said.

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
2023-05-17 08:40

Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. SideWinder has been known to be active since at least 2012, with attack chains primarily leveraging spear-phishing as an intrusion mechanism to obtain a foothold into targeted environments.