Cybersecurity agencies issue warning over Chinese hacking group

Government cybersecurity authorities in the US and allied nations are sounding the alarm bell again over the Chinese hacking group known as Volt Typhoon.

In a joint advisory issued on Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, and eight international partners warned that the Beijing-backed Volt Typhoon gang may be gearing up for disruptive or destructive cyber strikes targeting critical infrastructure...

20 March 2024 | Legislation & Government

ASIO chief warns of critical infrastructure sabotage threat

Mike Burgess, Director General of Security at Australia's Security Intelligence Organisation (ASIO), has raised concerns over the potential for sabotage targeting critical infrastructure.

Speaking at ASIO's annual threat assessment, Burgess emphasised the persistent efforts of adversaries to exploit vulnerabilities in digital infrastructure—with a specific focus on disrupting essential services during critical moments.

"The sabotage threat has receded in recent...

29 February 2024 | Networks

IBM reveals surge in cyberattacks leveraging compromised accounts

Cybercriminals are increasingly exploiting valid user accounts to gain access to corporate networks, making this tactic a preferred weapon of choice for threat actors.

The findings come from IBM's 2024 X-Force Threat Intelligence Index released today. The report, based on insights from monitoring over 150 billion security events per day across more than 130 countries, reveals that cybercriminals are generating more opportunities to "log in" to enterprise systems through...

21 February 2024 | Networks

CISA urges manufacturers to end default passwords

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged manufacturers to end default passwords on internet-exposed systems due to the severe risks posed by malicious actors.

In a recent alert, CISA highlighted the exploitation of operational technology devices by Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) who used default passwords to gain access to critical infrastructure systems in the US.

“IRGC-affiliated...

18 December 2023 | IoT

UK accuses Russia of sustained hacking campaign

The UK Government has accused Russia's Security Service, the FSB, of orchestrating a sustained cyber-hacking campaign targeted at politicians and public figures.

The group – identified as FSB Centre 18 – is alleged to have stolen and disseminated sensitive data through cyber-attacks, including materials related to the 2019 election.

Despite Russia's persistent denials, Foreign Secretary David Cameron condemned the group's actions as "completely...

7 December 2023 | Legislation & Government

NCSC warns UK’s critical infrastructure is too vulnerable

The UK's National Cyber Security Centre (NCSC) has raised the alarm about escalating threats to the nation's Critical National Infrastructure (CNI) and warned that resilience is not at the required level.

"The threat is evolving. While we are making progress building resilience in our most critical sectors, we aren't where we need to be," states a NCSC report this week.

Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, commented on the pressing...

14 November 2023 | Legislation & Government

Microsoft: UN treaty creates ‘ideal conditions’ for cybercrime

Amy Hogan-Burney, Associate General Counsel, Cybersecurity Policy & Protection at Microsoft, has voiced concerns about a Russia-led United Nations (UN) cybercrime treaty. 

As the global menace of cybercrime gains sophistication and extends its reach, a united front is crucial to effectively combat these digital threats. Concerted cooperation between law enforcement agencies, governmental bodies, international partners, and private corporations is required.

However,...

31 August 2023 | Legislation & Government

Russian hackers suspected of cyberattack exposing data of 40M citizens

A cyberattack targeting the UK Electoral Commission has exposed the data of up to 40 million citizens. British intelligence services have uncovered evidence linking the cyberattack to Russian hackers.

The attack, described as a "complex cyber attack," targeted the Electoral Commission's computer systems, gaining unauthorised access to sensitive information. The breach was not detected until 14 months after the initial intrusion, prompting questions about the organisation's...

9 August 2023 | Security

Risk Register 2023: Infrastructure cyberattack could harm thousands

In a stark warning, the UK government has alerted the public to the impact of a cyberattack on critical infrastructure.

The findings come from the latest National Risk Register report, which is based on the government’s classified National Security Risk Assessment and considers malicious risks like terrorism and cyberattacks alongside non-malicious risks such as severe weather incidents.

The government estimates there’s a 5-25 percent likelihood of a serious...

4 August 2023 | Security

Over 338K FortiGate firewalls remain unpatched to critical bug

A critical vulnerability in FortiGate firewalls, known as CVE-2023-27997, has left more than 338,000 devices exposed to potential exploitation.

The flaw, which allows for remote code execution, was patched by Fortinet last month, but a significant number of devices have yet to be updated.

Infosec company Bishop Fox has even developed an example exploit to demonstrate the severity of the vulnerability.

Rated 9.8 out of 10 in terms of CVSS severity, the...

4 July 2023 | Security