The U.S., Australia, India, and the UK are having their government institutions subjected to new attacks by Chinese advanced persistent threat operation Volt Typhoon leveraging a pair of critical vulnerabilities in end-of-life Cisco small business RV320/325 VPN routers, tracked as CVE-2019-1652 and CVE-2019-1653, according to SecurityWeek.
Nearly 30% of vulnerable Cisco routers have been compromised by Volt Typhoon over 37 days, with one of the devices based on New Caledonia believed to have been used to facilitate improved targeting, a report from SecurityScorecard revealed. Researchers also discovered that Volt Typhoon's botnet infrastructure had communications with 27 IP addresses hosting 69 sites belonging to the targeted countries' government entities.
"While public reporting on Volt Typhoon has not previously noted its targeting of Australian or UK government assets in addition to U.S. ones, such activity would be in keeping with PRC nation-state cyber activity more generally, as these countries' roles in the Western alliance system (including their Five Eyes and AUKUS membership) have contributed to their frequent targeting by China-linked APT group," said researchers.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news