FCC moves to strengthen internet routing security

The Federal Communications Commission (FCC) has unveiled a proposal aimed at bolstering the security of America's networks against cyberattacks by improving internet routing security.

The new initiative mandates that ISPs produce confidential reports detailing their efforts and plans to address vulnerabilities in the Border Gateway Protocol (BGP), a fundamental technical protocol used for routing information across the internet.

Under the proposal, the largest broadband...

7 June 2024 | Broadband

Researchers uncover attack to ‘decloak’ VPN traffic

A novel network technique that bypasses VPN encryption has been revealed by security researchers at Leviathan Security. Dubbed "decloaking," the technique allows an attacker to force a target's traffic off their VPN tunnel by exploiting DHCP (Dynamic Host Configuration Protocol) functionality built into operating systems.  

The result is that the user's traffic is transmitted unencrypted, enabling an attacker on the same network to snoop on their activity—despite their...

7 May 2024 | Networks

T-Mobile staff receiving cash offers to help with SIM swap attacks

T-Mobile employees are being propositioned via text messages to partake in illegal SIM swapping activities, with a financial incentive of $300 per swap.

SIM swap attacks take advantage of consumers using SMS as their two-factor authentication (2FA) method. By transferring a number via a SIM swap, an attacker can gain unauthorised access to victims' accounts.

This phenomenon of SIM swapping is a severe concern since it compromises the integrity of what is otherwise a...

16 April 2024 | Security

French municipal services disrupted by cyberattack

Multiple French municipalities have experienced significant disruptions to public services following a "large-scale cyber attack" on shared servers. The ongoing cyber assault has compromised the operational capacity of crucial local government functions, illustrating the growing threat of digital attacks against public infrastructure.

The affected areas – including Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais, and Porniche – reported extensive service...

12 April 2024 | Networks

AT&T probes data breach affecting millions of customers

AT&T announced on Saturday that it is investigating a major data breach involving the personal information of over 73 million current and former customer accounts.

The company said a data set containing records on approximately 7.6 million existing AT&T accounts and 65.4 million former accounts was released on the dark web.

According to AT&T's preliminary analysis, the compromised data appears to date back to 2019 or earlier. However, the company stated it...

2 April 2024 | AT&T

Cybersecurity agencies issue warning over Chinese hacking group

Government cybersecurity authorities in the US and allied nations are sounding the alarm bell again over the Chinese hacking group known as Volt Typhoon.

In a joint advisory issued on Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, and eight international partners warned that the Beijing-backed Volt Typhoon gang may be gearing up for disruptive or destructive cyber strikes targeting critical infrastructure...

20 March 2024 | Legislation & Government

ASIO chief warns of critical infrastructure sabotage threat

Mike Burgess, Director General of Security at Australia's Security Intelligence Organisation (ASIO), has raised concerns over the potential for sabotage targeting critical infrastructure.

Speaking at ASIO's annual threat assessment, Burgess emphasised the persistent efforts of adversaries to exploit vulnerabilities in digital infrastructure—with a specific focus on disrupting essential services during critical moments.

"The sabotage threat has receded in recent...

29 February 2024 | Networks

IBM reveals surge in cyberattacks leveraging compromised accounts

Cybercriminals are increasingly exploiting valid user accounts to gain access to corporate networks, making this tactic a preferred weapon of choice for threat actors.

The findings come from IBM's 2024 X-Force Threat Intelligence Index released today. The report, based on insights from monitoring over 150 billion security events per day across more than 130 countries, reveals that cybercriminals are generating more opportunities to "log in" to enterprise systems through...

21 February 2024 | Networks

CISA urges manufacturers to end default passwords

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged manufacturers to end default passwords on internet-exposed systems due to the severe risks posed by malicious actors.

In a recent alert, CISA highlighted the exploitation of operational technology devices by Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) who used default passwords to gain access to critical infrastructure systems in the US.

“IRGC-affiliated...

18 December 2023 | IoT

UK accuses Russia of sustained hacking campaign

The UK Government has accused Russia's Security Service, the FSB, of orchestrating a sustained cyber-hacking campaign targeted at politicians and public figures.

The group – identified as FSB Centre 18 – is alleged to have stolen and disseminated sensitive data through cyber-attacks, including materials related to the 2019 election.

Despite Russia's persistent denials, Foreign Secretary David Cameron condemned the group's actions as "completely...

7 December 2023 | Legislation & Government