Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon.
The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek.
Continue reading Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns

The software company pushed back on the joint advisory, which comes following multiple directives from CISA this year prodding agencies to patch against Ivanti exploits.

The post Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns appeared first on CyberScoop.

Continue reading Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns

Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments

The advisory issued by the U.K.’s National Cyber Security Centre breaks down tactics and techniques from SVR hacking ops.

The post Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments appeared first on CyberScoop.

Continue reading Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments

Five Eyes Coalition Release Guidelines for Business Leaders on Securing Intellectual Property

The Five Eyes coalition’s principles focus on reducing the possibility of IP theft, particularly from nation-state-sponsored threat actors. Continue reading Five Eyes Coalition Release Guidelines for Business Leaders on Securing Intellectual Property

Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices

Five Eyes report details ‘Infamous Chisel’ malware used by Russian state-sponsored hackers to target the Ukrainian military’s Android devices. 
The post Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices appeared first o… Continue reading Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices

CISA, Five Eyes issue guidance meant to slow Log4Shell attacks

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released Wednesday an advisory offering vendors and affected organizations a detailed guide on how to deal with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s software library. “This joint CSA expands on the previously published guidance by detailing steps that vendors and organizations with IT and/or cloud assets should take to reduce the risk posed by these vulnerabilities,” the advisory states. The warning was issued alongside the FBI and National Security Agency and the security agencies of Five Eyes intelligence partners, Australia, Canada, New Zealand, the United Kingdom. “Log4j vulnerabilities present a severe and ongoing threat to organizations and governments around the world; we implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks,” CISA Director Jen Easterly said in a statement. The alert follows previous guidance […]

The post CISA, Five Eyes issue guidance meant to slow Log4Shell attacks appeared first on CyberScoop.

Continue reading CISA, Five Eyes issue guidance meant to slow Log4Shell attacks

How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise

This year when U.S. Cyber Command convened with allied countries to test how they would collectively defend against a cyber-operation targeting allied networks, the units came together for what appeared to be a straightforward simulation of an attack against a European airbase. The worldwide coronavirus pandemic made the simulation less than straightforward. For the first time ever, participants conducted the exercise from home, according to U.S. military cyber commanders involved in the exercise. The annual simulation, which simulated an attack that impacted both information technology (IT) and operational technology (OT), took place on a new platform, the Persistent Cyber Training Environment (PCTE). “The impact of COVID-19 is pretty clear and it’s been a challenge for us. But it didn’t pause the action that’s been going on in cyberspace,” U.S. Coast Guard Rear Admiral John Mauger, the director of Cyber Command exercises and training, told reporters Wednesday. “Within Cyber Command we couldn’t stop […]

The post How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise appeared first on CyberScoop.

Continue reading How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise

Senate Intelligence Committee wants DNI to investigate commercial spyware threats

The Senate Intelligence Committee quietly approved a measure last week that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software. The DNI’s report, which would be sent to Congress 180 days after the Intelligence Authorization Act for 2021 passes, would include information on how the U.S. — and other countries — can work to reduce the threats of commercial spyware, including through export controls, diplomatic pressure, trade agreements, and work with the technology and telecommunications sectors to better secure consumers’ software. The committee wants the DNI to specifically address the threat posed to U.S. citizens, in addition to those living abroad or employed by the U.S. government. The report request comes nearly one year after the United Nations Special Rapporteur David Kaye called for a moratorium on the creation and sale of […]

The post Senate Intelligence Committee wants DNI to investigate commercial spyware threats appeared first on CyberScoop.

Continue reading Senate Intelligence Committee wants DNI to investigate commercial spyware threats

UK cyber agency launches review of Huawei presence in 5G networks

The United Kingdom’s cybersecurity agency is reviewing the impact that new U.S. sanctions on Chinese telecommunications company Huawei could have on Britain’s deployment of 5G technology. The review by the National Cyber Security Centre is welcome news for U.S. officials who have lobbied their U.K. counterparts to ban Huawei gear out of concerns over espionage. And it’s a potential change of fate for Huawei’s business in the U.K. after officials decided in January to allow the telecom giant’s equipment in up to 35% of the country’s 5G deployments — albeit not in the most sensitive parts of those networks. “Following the U.S. announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks,” the NCSC said in a statement to CyberScoop on Tuesday. “The security and resilience of our networks is of paramount importance.” Prime Minister Boris Johnson’s office, according […]

The post UK cyber agency launches review of Huawei presence in 5G networks appeared first on CyberScoop.

Continue reading UK cyber agency launches review of Huawei presence in 5G networks