Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches
The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion Congress had devoted to the “rip and replace” program to get rid of Huawei and ZTE equipment left the agency with a $3.08 billion hole to reimburse 126 carriers for eliminating use of that tech, “putting our national security and the connectivity of rural consumers who depend on these networks at risk.”
This devious new malware technique looks to hijack Windows itself to avoid detection
Cybersecurity researchers from Akamai have discovered a new way to get malware to run on Windows devices without triggering Endpoint Detection and Response (EDR) tools. In a report published on the Akamai blog earlier this week, it was said that starting with Windows XP, the OS introduced a feature called UI Automation, as part of the .NET Framework. This feature is designed to provide programmatic access to user interface elements, enabling assistive technologies like screen readers to interact with applications and help users with disabilities. It also supports automated testing scenarios by allowing developers to manipulate and retrieve information from UI components programmatically.
How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.
Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel
A notorious Iranian state-sponsored hacking group has been using custom-built malware to target IoT and operational technology (OT) devices in the United States and Israel, according to cybersecurity firm Claroty. The malware, named IOCONTROL, has been tied by Claroty researchers to CyberAv3ngers, which claims to be a hacktivist group, but which the US government and others have linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). CyberAv3ngers has targeted industrial control systems (ICS) at water facilities in Ireland and the United States, including a water utility in Pennsylvania. In the Ireland attack, the hackers’ actions caused serious disruptions that led to the water supply being cut off for two days.
Not Every Gift Comes from Santa Claus: Avoiding Cyber Scams This Holiday Season
The holidays are a time for joy, connection, and giving, but amidst the festive cheer lies a growing cyber threat that’s anything but jolly. As we fill our online shopping carts with gifts for loved ones, scammers are busy crafting their own presents—persuasive, GenAI-generated phishing emails and ads designed to steal your personal information, financial data, and peace of mind. In the spirit of the season, let’s unwrap the truth about these scams and learn how to keep our celebrations secure.
Hackers Weaponize Google Drive Links to Breach Corporate Networks
A sophisticated attack campaign targeting organizations in Japan and other East Asian countries. The threat actor, identified as APT-C-60, is employing a clever social engineering tactic that exploits job application processes to infiltrate corporate networks and deploy malware. The attack, first detected in August 2024, began with a phishing email disguised as a job application sent to an organization’s recruitment contact. The email contains a seemingly innocuous Google Drive link, which, when clicked, initiates a complex infection chain.