Dean Jones’ Post

To all the Admins in my network. Read the article below regarding the critical security flaw, CVE-2023-28461, that is a great redw C affecting Array Networks AG and vxAG secure access gateways, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation reports provided by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability, with a CVSS score of 9.8, allows remote code execution through missing authentication. Array Networks released a fix in March 20231. The inclusion in the KEV catalog follows Trend Micro’s revelation that the China-linked cyber espionage group Earth Kasha has been exploiting this and other vulnerabilities for initial access. Earth Kasha primarily targets Japanese entities but has also attacked organizations in Taiwan, India, and Europe. Federal Civilian Executive Branch (FCEB) agencies are advised to apply the patches by December 16, 20241. VulnCheck reported that 15 Chinese hacking groups have exploited at least one of the top 15 vulnerabilities in 2023, with over 440,000 internet-exposed hosts at risk. Organizations are urged to assess their exposure, enhance visibility, leverage threat intelligence, maintain strong patch management, and minimize internet-facing exposure. #cybersecurity #cisa #fceb #kev #vknowit #usda #cvp #dynamotechnologies #alphaomega

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia. "Based on the collected phishing emails, decoy documents, and observations from incidents, it appears that the targets are primarily government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand," researchers Ted Lee, Cyris Tseng, Pierre Lee, Sunny Lu, and Philip Chen said. Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.   #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

Chinese nation-state hackers targeted U.S. internet service providers (ISPs) in a cyber espionage campaign, aiming to steal sensitive data. The attacks, linked to the Salt Typhoon group, underscore ongoing threats to critical infrastructure. #CyberSecurity #Espionage #ChineseHackers #ISPBreach #CyberThreats #SaltTyphoon #GhostEmperor #NationStateAttack #CriticalInfrastructure

Persistent exploitation of network vulnerabilities below the threshold of war. We will continue to see these activities escalate even more in the days ahead given the geopolitical and geoeconomic competitions. --- NSA Issues Updated Guidance on Russian SVR Cyber Operations FORT MEADE, Md. - The National Security Agency (NSA) joins the Federal Bureau of Investigation (FBI), the United States Cyber Command’s Cyber National Mission Force (CNMF), and the United Kingdom National Cyber Security Centre (NCSC) to warn network defenders about ongoing Russian Federation Foreign Intelligence Service (SVR) cyber threats and to recommend rapid countermeasures for security patching and mitigating systems. The joint Cybersecurity Advisory (CSA), “Update on SVR Cyber Operations and Vulnerability Exploitation,” highlights how Russian SVR cyber actors are currently exploiting a set of software vulnerabilities and have intentions to exploit additional vulnerabilities. It provides a detailed list of publicly disclosed common vulnerabilities and exposures (CVEs) and a list of mitigations to improve cybersecurity posture based on the SVR cyber actors’ operations. “This activity is a global threat to the government and private sectors and requires thorough review of security controls, including prioritizing patches and keeping software up to date,” said Dave Luber, NSA’s Cybersecurity Director. “Our updated guidance will help network defenders detect these intrusions and ensure they are taking steps to secure their systems.”

🚨🚨 Security Advisory 🚨🚨 Summary: The Dutch Military Intelligence and Security Service (MIVD) revealed that a Chinese cyber-espionage campaign, exploiting the FortiOS/FortiProxy vulnerability (CVE-2022-42475), is more extensive than initially thought. The Chinese state-sponsored hackers infected 14,000 devices during a zero-day period, targeting Western governments, international organizations, and defense companies. The Coathanger remote access trojan (RAT), found even in the Dutch Ministry of Defence's network, survives system reboots and firmware upgrades, giving attackers persistent access. As of February, at least 20,000 FortiGate systems were compromised globally, with the malware evading detection and removal. Mitigations: • Patch Systems: Immediately update all FortiGate devices to patch vulnerabilities. • Network Segmentation: Implement robust network segmentation to limit lateral movement. • Advanced Detection Tools: Use advanced threat detection tools to identify and remove sophisticated malware. • Regular Scans: Conduct regular security scans to detect anomalies. • Access Controls: Strengthen access controls and monitor privileged accounts. • Incident Response Plan: Develop and rehearse an incident response plan to quickly address breaches.

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions FBI seeks public help on global cyberattacks involving Chinese APTs using edge device exploits The FBI is seeking public assistance to identify those behind cyber intrusions linked to Chinese APT groups that have exploited vulnerabilities in edge devices and networks for cyber espionage against critical infrastructure. Learn more: https://lnkd.in/gYVzsNac #cybersecurity #artificialintelligence #machinelearning #cybersecurity #technology #innovation #AI #datasecurity #digitaltransformation #dataanalytics #technews

#ICYMI: Cyber Security News ® details VulnCheck's Patrick Garrity 👾🛹💙's latest research, revealing that after analysis of the Five Eyes alert on the Flax Typhoon, among the 66 vulnerabilities associated with the botnet, the VulnCheck KEV database included 41 as known to be exploited prior to this advisory: https://lnkd.in/g9Quc6cn #ExploitIntelligence #VulnerabilityManagement #ThreatIntelligence

China-backed group Earth Baku has expanded its #cyberattack reach beyond the Indo-Pacific, now targeting Europe, the Middle East, and Africa. This escalation signifies a broader threat to critical sectors like #healthcare, telecoms, and education in these regions. Earth Baku’s updated tactics include leveraging public-facing applications to deploy sophisticated #malware like StealthReacher and SneakCross. Learn more: https://lnkd.in/gENDFB5S #cybersecurity #infosec #hacking

Russia-linked backdoor targets Eastern European networks. Why it matters: 1. The discovery of Kapeka, a backdoor malware linked to Russian hacker group Sandworm, underscores the increasing threat of cyber espionage and sabotage operations in Eastern Europe. These targeted, highly evolved attacks indicate a focus on the logistics and transportation sectors, and contribute to rising cyber tensions. 2. Kapeka serves as a powerful toolkit for hackers by providing long-term system access and upgrading its functions based on the victim's profile. Its link to destructive attacks, including ransomware campaigns, highlights potential geopolitical motives aligned with ongoing regional conflicts. 3. Kapeka's evolution from older malware strains like GreyEnergy and BlackEnergy suggests that hackers are constantly developing new, more sophisticated tools. The adaptability and stealth in their modus operandi spotlight the challenges in detecting and mitigating such threats. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eiJ-Bjdb

Industrial cybersecurity pros remain vigilant as Chinese hacking threats continue. At the world's largest conference, concerns extend beyond Beijing's operations targeting U.S. critical infrastructure. Stay secure with our cybersecurity solutions! 🔐 Read more: https://lnkd.in/dWhKgJdz #SimpleCyber #IndustrialSecurity #ThreatIntelligence #cyberdefense