Cybersecurity officials warn against potentially costly Medusa ransomware attacks

source: apnews.com  |  image: pexels.com

 

LOS ANGELES (AP) — The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme.

In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people. Medusa uses phishing campaigns as its main method for stealing victims’ credentials, according to CISA. Continue reading “Cybersecurity officials warn…”

Clickfix:  How to Infect Your PC in 3 Easy Steps

source: krebsonsecurity.com  |  image: pexels.com

 

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Continue reading “ClickFix: How to Infect Your PC in Three Easy Steps”

The cyber threats to watch in 2025, and other cybersecurity news to know this month

source: weforum.org  |  image: pexels.com

 

1. Global Cybersecurity Outlook 2025: Navigating complexity

The cyber threat landscape in 2025 will be shaped by increasingly sophisticated attacks, with ransomware, social engineering and AI-powered cybercrime remaining top concerns, according to the World Economic Forum’s latest Global Cybersecurity Outlook.

Data breaches continued at historic levels in 2024, with 3,158 data compromises tracked by the Identity Theft Resource Center – on par with the previous record-breaking year. However, victim notices surged 211% to 1.3 billion, but this was largely due to five mega-breaches, each triggering over 100 million notices.

The US Is Considering a TP-Link Router Ban—Should You Worry?

source: wired.com  |  image: pexels.com

 

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

TP-Link is one of the most popular routermanufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, though no evidence of deliberate wrongdoing has yet emerged.

“We are a US company,” Jeff Barney, president of TP-Link told WIRED, “We have no affiliation with TP-Link Tech, which focuses on mainland China, and we can prove our separateness.” Continue reading “The US Is Considering a TP-Link Router Ban—Should You Worry?”

We’re In for a Rude Awakening on Cybersecurity

source: city-journal.org (contributed by FAN, Steve Page)  |  image: pexels.com

America remains ill-prepared for Chinese hackers targeting critical infrastructure.

It’s a crisis that almost no one is talking about. The Chinese Communist Party is now the world’s preeminent practitioner of cyber warfare. Once notoriously loud and clumsy, the CCP’s hackers have become stealthy and sophisticated. They’re intercepting the calls and texts of our leaders and infiltrating servers at our ports, power plants, and water-treatment facilities. Yet hardly anyone seems to care. When Congress held hearings on cybersecurity late last year, only a handful of journalists bothered to cover them. Continue reading “We’re In for a Rude Awakening on Cybersecurity”

Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs

source: reuters.com (contributed by Steve Page)  |  image: fbi.gov

 

WASHINGTON, Jan 16 (Reuters) – The U.S. Commerce Department and FBI are both investigating a little-known telecoms hardware firm founded by senior Huawei veterans in China over possible security risks, sources and documents show.
Founded in 2014, Baicells Technologies opened a North American business the next year in Wisconsin and has since provided telecoms equipment for 700 commercial mobile networks across every U.S. state, according to its website.
The Commerce Department is investigating Baicells on national security grounds and has sent subpoenas to the company, four people said. The U.S. telecoms regulator, the Federal Communications Commission (FCC), is advising it on its review, two of the people said.
The FBI’s interest in its equipment and Chinese origins dates back to at least 2019.

Continue reading “Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs”

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

source: tomshardware.com (contributed by Steve Page)  |  image: pexels.com 

 

As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

source: wired.com (contributed by FAN, Steve Page)  |  image: unsplash.com

 

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

IN RECENT YEARS, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. At the same time, though, it has been difficult to check devices for infection, leading individuals to navigate an ad hoc array of academic institutions and NGOs that have been on the front lines of developing forensic techniques to detect mobile spyware. On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company’s customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus. Continue reading “Phone Scanner That Detects Spyware”

Rising Threat of China’s Volt Typhoon

image - china tech

source: axios.com (contributed by FAN, Bill Amshey)  |  Image: pexels.com

 

Notorious China-linked hackers known for burrowing deep into U.S. infrastructure are back, according to a report out today.

Why it matters: The resurgence shows that the Chinese government isn’t backing down from its quest to infiltrate American utilities in preparation for a potential destructive cyberattack.

Zoom in: The research team at SecurityScorecard, a cyber risk assessment company, says it has noticed Volt Typhoon moving traffic through a set of compromised routers in New Caledonia, an island nation off the coast of Australia, as recently as September.

  • Global law enforcement disrupted a significant portion of Volt Typhoon’s botnet in January, but the group quickly set up new servers.
  • However, actual movement across these servers hadn’t been seen until September, according to the report.
  • Routing through New Caledonia gives the hackers a “silent bridge” to hide traffic moving between the Asia-Pacific region and the Americas, the report says. Continue reading “Rising Threat of China’s Volt Typhoon”

Say Goodbye to Passwords

source: fastcompany.com  |  image: pixabay.com

 

Passkey adoption is up, and problems are being fixed.

It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.

In 2022, all three companies embraced an alternative called passkeys, which sync securely between your devices and are protected by face recognition, a fingerprint, or a PIN. The thinking goes that if you don’t have to remember a password—or even create one in a password manager—you’re less likely to fall prey to phishing scams. And if websites don’t have to store their customers’ passwords anymore, security breaches won’t be as disastrous. Continue reading “Say Goodbye to Passwords”