Hasty Briefsbeta

All tags

#cybersecurity

651 stories total

Bilingual

FCC to rescind ruling that said ISPs are required to secure their networks
6 months ago
- The FCC will vote in November to repeal a ruling requiring telecom providers to secure their networks.
- The ruling was adopted in January 2025 in response to cyber threats, including attacks by China.
- FCC Chairman Brendan Carr claims the ruling exceeded the agency's authority and wasn't effective against cybersecurity threats.
- The ruling was based on the Communications Assistance for Law Enforcement Act (CALEA), requiring carriers to secure networks from unlawful access.
- The FCC's January order clarified that carriers' duties under CALEA extend to both equipment and network management.
- A Notice of Proposed Rulemaking suggested stricter rules for network security, but Carr voted against it.
- The FCC stated that basic cybersecurity practices are necessary to meet statutory obligations, even without specific rules.
Norway's Public Buses Can Be Shut Down Remotely from China
6 months ago
- Ruter's tests revealed Chinese-made electric buses could be remotely shut down.
- Norway's transport ministry is reviewing cybersecurity standards in response.
- Around 850 Yutong buses operate in Norway, with 300 in Oslo.
- Yutong buses have Romanian SIM cards enabling remote updates and troubleshooting.
- Ruter found no evidence of malicious activity but is implementing safeguards.
- New measures include internal firewalls and isolating buses from external systems.
- Norway's government is assessing risks from suppliers outside security alliances.
- Ruter is removing SIM cards to ensure buses operate locally and offline.
DOJ accuses US ransomware negotiators of launching their own ransomware attacks
6 months ago
- Two rogue employees of DigitalMint, a cybersecurity company, have been charged with carrying out ransomware attacks.
- Kevin Tyler Martin and an unnamed employee, along with Ryan Clifford Goldberg from Sygnia, are accused of hacking companies and deploying ALPHV/BlackCat ransomware.
- The group allegedly received over $1.2 million in ransom payments from a Florida-based medical device maker.
- The accused targeted multiple companies, including a drone maker and a pharmaceutical company.
- DigitalMint and Sygnia confirmed the employees' involvement and are cooperating with the FBI's investigation.
Danish authorities in rush to close security loophole in Chinese electric buses
6 months ago
- Denmark and Norway are investigating a security loophole in Chinese-made electric buses that allows remote deactivation.
- Norwegian authorities found that Chinese suppliers had remote access to bus control systems, posing potential security risks.
- Testing in Norway revealed risks, prompting stricter security measures for future bus procurements.
- Denmark's Movia operates 469 Chinese electric buses, with concerns about remote deactivation and vulnerabilities in subsystems.
- Yutong claims compliance with EU data protection laws, storing data in AWS Frankfurt with encryption and access controls.
- Critics argue Denmark is too dependent on Chinese technology, raising concerns about resilience and differing values.
Norway reviews cybersecurity after remote-access feature found in Chinese buses
6 months ago
- Norway launched a cybersecurity review after hidden SIM cards were found in Chinese-made electric buses.
- The SIM cards, from Romania, could theoretically allow remote access or interference by the supplier.
- No misuse has been detected, but Ruter removed the SIMs and is tightening security measures.
- Norway’s Transport Minister highlighted the need to assess risks from suppliers outside security alliances.
- Around 1,300 electric buses operate in Norway, with 850 from Yutong, raising cybersecurity concerns.
- The incident reflects broader global concerns about digital security in public transport systems.
- Ruter’s CEO stated misuse is unlikely but emphasized taking the risk seriously.
Two billion email addresses were exposed
6 months ago
- A massive data breach exposed 1.957 billion unique email addresses and 1.3 billion unique passwords, 625 million of which were previously unseen.
- Credential stuffing lists originate from other breaches and are used to access unrelated accounts due to password reuse.
- Data verification involved checking personal and subscriber data, revealing active and old passwords still in use.
- Pwned Passwords allows anonymous checks of compromised passwords without linking them to email addresses.
- The breach is not a Gmail-specific issue; Gmail addresses are just part of the 32 million domains affected.
- Technical challenges included processing the large dataset, optimizing SQL Server, and managing email notifications.
- Notifications were sent gradually to avoid email server throttling, with domain notifications sent instantly.
- The data is now searchable in HIBP as the Synthient Credential Stuffing Threat Data.
- Recommendations include using password managers, strong unique passwords, passkeys, and multi-factor authentication.
How to trade your $214,000 cybersecurity job for a jail cell
6 months ago
- Helping companies pay ransoms to digital extortionists is a morally ambiguous business.
- Ransomware negotiators may reduce costs for victims but also fund criminal operations.
- The lucrative nature of ransomware can tempt professionals to turn rogue.
- Three US-based cybersecurity professionals allegedly planted malware for personal gain.
- Extorting businesses like doctors' offices is harder than it appears.
- Getting caught by the FBI leads to severe legal consequences.
- Kevin Martin worked as a ransomware negotiator for DigitalMint.
Cloudflare Scrubs Aisuru Botnet from Top Domains List
6 months ago
- Aisuru botnet domains have recently dominated Cloudflare's top website rankings, surpassing major companies like Amazon and Google.
- Cloudflare responded by redacting Aisuru domains from their rankings to address security and brand confusion concerns.
- The Aisuru botnet consists of hundreds of thousands of compromised IoT devices, capable of launching massive DDoS attacks.
- Aisuru switched from using Google's DNS servers to Cloudflare's, causing a surge in malicious domain queries.
- Cloudflare's CEO acknowledged the botnet's impact on their DNS service and rankings, promising improvements.
- Experts highlight the risks of malicious domains appearing in trusted rankings, affecting trust and safety determinations.
- A significant portion of Aisuru's DNS queries originate from the U.S., linked to IoT devices on major ISPs.
- The botnet primarily uses .su domains, a TLD associated with cybercrime and the former Soviet Union.
- Cloudflare has started hiding Aisuru domains from public rankings, though some still appear in downloadable data.
- Blocking .su domains is suggested as a crude but effective measure to detect Aisuru bot activity.
Preppers plan to save us if the whole internet collapses
6 months ago
- Modern societies heavily rely on the internet, and its failure can lead to chaos, as seen in power cuts in Spain and Portugal.
- The Internet Resiliency Club (IRC) is a volunteer group working on plans to reboot the internet in case of a catastrophic outage.
- The internet is fragile and faces threats from climate change, cyberattacks, political tensions, and solar storms.
- IRC volunteers are testing low-cost communication solutions like Meshtastic devices to restore connectivity in emergencies.
- Meshtastic devices use radio spectrum to send messages and can form a mesh network across a city, powered by small solar panels.
- Challenges include limited range in urban areas and the difficulty of installing devices on historic buildings.
- IRC aims to inspire local groups worldwide to prepare for internet failures, learning from experiences in Ukraine and Amsterdam.
- Governments may have secret resiliency plans, but there is skepticism about their existence and effectiveness.
- Efforts to improve internet resilience face resistance, such as loopholes in cybersecurity regulations.
- IRC volunteers continue their work, believing that preparation is crucial despite the daunting challenges.
Drilling Down on Uncle Sam's Proposed TP-Link Ban
6 months ago
- U.S. government plans to ban TP-Link routers due to security concerns linked to China.
- TP-Link denies ties to China, stating independence and U.S. operations.
- TP-Link's affordability and performance make it popular among ISPs and consumers.
- Security concerns include vulnerabilities exploited by Chinese state-sponsored hacking groups.
- Consumer routers often have insecure default settings requiring manual updates.
- Open-source firmware like OpenWRT can mitigate some security risks.
- Older routers should be upgraded for better performance and security.
Congressional Budget Office hacked, China suspected in breach
6 months ago
- The Congressional Budget Office (CBO) has been hacked, potentially exposing communications with lawmakers.
- Chinese state-backed hackers are suspected behind the breach, though Beijing denies involvement.
- The hack is ongoing, and staff are advised to avoid clicking links from CBO accounts.
- CBO provides critical budget analysis and cost estimates for legislation, making it a target for foreign intelligence.
- This is part of a series of recent hacks linked to China amid US-China trade tensions.
- CBO has taken steps to contain the breach and enhance security measures.
- The federal government shutdown has strained cyber defense resources, increasing vulnerability to attacks.
- The Cybersecurity and Infrastructure Security Agency (CISA) had to furlough most of its workforce due to the shutdown.
Google vows to stop scam E-Z Pass and USPS texts plaguing Americans
6 months ago
- Google is suing a cybercriminal group in China for selling phishing kits.
- The kits, branded 'Lighthouse,' help fraudsters launch large-scale phishing campaigns.
- They include fake website templates and tools to impersonate trusted brands.
- Scams involve fake toll notices, e-commerce deals, and financial institution impersonations.
- Victims are tricked into disclosing sensitive information like passwords and credit card details.
- Google alleges the scams have affected over a million people in 121 countries.
- Losses from these scams are estimated to exceed a billion dollars.
- Google seeks an injunction to stop the scams, citing harm to its customers and brand.
Google launches a lawsuit targeting text message scammers
6 months ago
- Google has filed a lawsuit against a China-based criminal organization called 'Lighthouse' for running a 'Phishing-as-a-Service' operation.
- Lighthouse provides software kits with fake website templates, including those mimicking U.S. sites like the USPS and West Virginia DMV, to scam victims globally.
- The lawsuit aims to deter scammers and protect users, even though the defendants' identities are unknown and they are beyond U.S. jurisdiction.
- Google is also supporting three bipartisan bills in Congress aimed at combating scams, including the GUARD Act, the Foreign Robocall Elimination Act, and the SCAM Act.
- The lawsuit comes as Google faces its own legal challenges, including antitrust rulings and settlements.
Checkout.com hacked, refuses ransom payment, donates to security labs
6 months ago
- Checkout.com was targeted by a criminal extortion attempt by 'ShinyHunters'.
- Attackers accessed a legacy third-party cloud file storage system used before 2020.
- No live payment processing platform, merchant funds, or card numbers were impacted.
- The incident affects less than 25% of the current merchant base.
- Checkout.com takes full responsibility for the improper decommissioning of the legacy system.
- The company is identifying and contacting impacted parties and working with law enforcement.
- Checkout.com refuses to pay the ransom and will donate the amount to cybercrime research.
- Donations will go to Carnegie Mellon University and Oxford Cyber Security Center (OXCIS).
- The company emphasizes security, transparency, and trust as foundational values.
Disrupting the first reported AI-orchestrated cyber espionage campaign
6 months ago
- First reported AI-orchestrated cyber espionage campaign detected in mid-September 2025.
- Chinese state-sponsored group manipulated Claude Code tool for infiltration into global targets.
- AI used autonomously for 80-90% of the attack, reducing human intervention significantly.
- Attack phases included target selection, reconnaissance, vulnerability testing, and data exfiltration.
- AI's capabilities in intelligence, agency, and tool usage were key to the attack's success.
- Cybersecurity implications highlight lowered barriers for sophisticated cyberattacks using AI.
- AI models like Claude are crucial for both cyber defense and attack, necessitating strong safeguards.
- Recommendations include experimenting with AI for defense and investing in AI platform safeguards.
Google Sues to Disrupt Chinese SMS Phishing Triad
6 months ago
- Google is suing 25 unnamed individuals linked to the China-based phishing service 'Lighthouse'.
- Lighthouse is part of the 'Smishing Triad', responsible for millions of phishing text messages impersonating trusted brands.
- The phishing scheme involves stealing payment card data and enrolling it into mobile wallets like Apple Pay and Google Pay.
- Google's lawsuit alleges trademark violations and is pursuing the case under the RICO Act.
- Lighthouse offers over 600 phishing templates for more than 400 entities, with Google's logos featured on many.
- The operation involves multiple threat actor groups, including developers, data brokers, spammers, and theft groups.
- Fake e-commerce sites created with Lighthouse are advertised on Google and Meta platforms, furthering the scam.
- Experts believe the legal action may disrupt operations but doubt it will stop the lucrative phishing market in China.
- Most phishing sites are hosted on Chinese networks, particularly with Tencent and Alibaba.
- Despite legal efforts, experts predict the group will likely rebrand and continue operations.
Houston, We Have a Problem: Anthropic Rides an Artificial Wave – BIML
6 months ago
- Anthropic's claim of disrupting an AI-orchestrated cyber espionage campaign is questioned for lacking evidence.
- Expertise in both cybersecurity and AI/ML is rare, making it difficult to assess claims accurately.
- The press failed to ask critical questions about the necessity of AI in the described attacks.
- Existing open-source attack frameworks could explain the attacks without invoking advanced AI.
- Anthropic's use of anthropomorphic language for LLMs exaggerates their capabilities.
- The article criticizes the lack of concrete evidence and verification in Anthropic's claims.
- Historical context suggests script kiddies in the '90s executed attacks without human intervention at scale.
- Machine Learning Security is important but requires grounding in reality.
Correction: Anthropic attack did not have 1000/s requests
6 months ago
- First reported AI-orchestrated cyber espionage campaign detected in mid-September 2025.
- Chinese state-sponsored group manipulated Claude Code tool to infiltrate ~30 global targets, succeeding in a few cases.
- Attack targeted tech companies, financial institutions, chemical manufacturers, and government agencies.
- AI used as an autonomous agent, executing attacks with minimal human intervention.
- Attack phases included target selection, reconnaissance, vulnerability testing, credential harvesting, and data exfiltration.
- AI performed 80-90% of the campaign, making thousands of requests at high speed.
- Barriers to sophisticated cyberattacks have dropped, enabling less experienced groups to execute large-scale attacks.
- AI's dual-use nature: crucial for cyber defense but also exploitable for attacks.
- Recommendations include AI for defense, stronger safeguards, and industry threat sharing.
UC faculty push back against systemwide cybersecurity mandate
6 months ago
- Over 1,540 UC system faculty and staff, including 171 from UC Berkeley, petitioned to delay the mandated installation of Trellix cybersecurity software.
- UC President Michael Drake mandated Trellix installation in February 2024, with non-compliance penalties including a 15% cyber insurance premium increase and potential $500,000 costs for security incidents.
- Faculty associations raised concerns about Trellix granting unrestricted administrative access, enabling invasive monitoring without user consent, and risking warrantless government access to academic materials.
- Trellix is part of the Joint Cyber Defense Collaborative, raising fears of data sharing with the U.S. government.
- Trellix claims it will only disclose user information if legally required and will notify customers beforehand.
- UC Berkeley stated that external parties must submit legally valid requests to access device data and clarified that Trellix stores only 10 minutes of system activity data locally.
- Faculty expressed concerns about Trellix becoming a 'single point of failure' in cybersecurity breaches and potential spying risks.
- Trellix (formerly FireEye) was hacked by Russian intelligence in 2020, described as one of the most sophisticated cyberattacks on the U.S. government and private sector.
- Implementation of Trellix varies across UC campuses, with UC Irvine requiring it for devices accessing Canvas, while UC Berkeley currently mandates it only for campus-owned devices.
- A UC Berkeley database breach in July 2025 led to student and staff data being sold on the dark web for $800.
- Critics argue UC Office of the President (UCOP) lacks private sector experience and is overly risk-averse, driving the Trellix mandate.
I have recordings proving Coinbase knew about breach months before disclosure
6 months ago
- Received a phishing email and call from scammers impersonating Coinbase on January 7, 2025.
- Scammers had detailed personal information including SSN, Bitcoin balance, and driver's license details.
- Reported the incident to Coinbase immediately, but received no follow-up responses after initial acknowledgment.
- Coinbase disclosed a data breach in May 2025, four months after the attack, involving overseas contractors.
- Breach compromised sensitive data like names, addresses, SSN digits, ID images, and account balances.
- Attackers used sophisticated methods including email spoofing, phone impersonation, and SMS flooding.
- Coinbase's delayed response and lack of transparency raised serious security and trust concerns.
- Lessons include verifying email headers, using app-based 2FA, and never trusting unsolicited calls.
- Unanswered questions remain about the breach timeline and Coinbase's handling of early warnings.

first prev21next

About|Login

#cybersecurity

FCC to rescind ruling that said ISPs are required to secure their networks

Norway's Public Buses Can Be Shut Down Remotely from China

DOJ accuses US ransomware negotiators of launching their own ransomware attacks

Danish authorities in rush to close security loophole in Chinese electric buses

Norway reviews cybersecurity after remote-access feature found in Chinese buses

Two billion email addresses were exposed

How to trade your $214,000 cybersecurity job for a jail cell

Cloudflare Scrubs Aisuru Botnet from Top Domains List

Preppers plan to save us if the whole internet collapses

Drilling Down on Uncle Sam's Proposed TP-Link Ban

Congressional Budget Office hacked, China suspected in breach

Google vows to stop scam E-Z Pass and USPS texts plaguing Americans

Google launches a lawsuit targeting text message scammers

Checkout.com hacked, refuses ransom payment, donates to security labs

Disrupting the first reported AI-orchestrated cyber espionage campaign

Google Sues to Disrupt Chinese SMS Phishing Triad

Houston, We Have a Problem: Anthropic Rides an Artificial Wave – BIML

Correction: Anthropic attack did not have 1000/s requests

UC faculty push back against systemwide cybersecurity mandate

I have recordings proving Coinbase knew about breach months before disclosure