A major data breach at Comcast-owned Xfinity exposed people’s account names, passwords and other personal data.
Category: cybercrime/malcode – Page 59
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware.
The security shortcoming is CVE-2020–14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers.
“This vulnerability allows remote authenticated attackers to execute code using a gadget chain and is commonly chained with CVE-2020–14882 (an authentication bypass vulnerability also affecting Oracle Weblogic Server) or the use of leaked, stolen, or weak credentials,” Imperva said in a report published last week.
U.S. and China race to shield secrets from quantum computers
No one knows who might get there first. The United States and China are considered the leaders in the field; many experts believe America still holds an edge.
As the race to master quantum computing continues, a scramble is on to protect critical data. Washington and its allies are working on new encryption standards known as post-quantum cryptography – essentially codes that are much harder to crack, even for a quantum computer. Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers. The scientist spearheading Beijing’s efforts has become a minor celebrity in China.
Quantum computing is radically different. Conventional computers process information as bits – either 1 or 0, and just one number at a time. Quantum computers process in quantum bits, or “qubits,” which can be 1, 0 or any number in between, all at the same time, which physicists say is an approximate way of describing a complex mathematical concept.
China’s Cyber Threat: Is U.S. Infrastructure at Risk?
The Chinese military has been escalating its cyber capabilities, posing a potential threat to key American infrastructure. This includes power and water utilities, as well as communication and transportation systems. Over the past year, hackers affiliated with China’s People’s Liberation Army have successfully infiltrated the computer systems of approximately two dozen critical entities.
These cyber intrusions are not isolated incidents. They are part of a broader strategy to develop methods that could cause panic, chaos, or disrupt logistics in the event of a U.S.-China conflict. The victims of these cyber-attacks include a water utility in Hawaii, a major West Coast port, and at least one oil and gas pipeline. There was also an attempt to breach the operator of Texas’s power grid.
China’s Military Linked to Cyber Infiltration of US Essential Services: Report
Takeaways:
• The Chinese military is reportedly increasing its attempts to infiltrate essential infrastructure, utilities, communication, and transportation services in the U.S., according to anonymous U.S. officials and cybersecurity experts.
• Hackers linked with China’s People’s Liberation Army have infiltrated around two dozen essential service entities in the past year, including a water utility in Hawaii, an oil and gas pipeline, and a West Coast port.
Chinese hackers allegedly target US infrastructure as ‘Volt Typhoon’
The intrusions are part of a broader effort to develop ways to sow chaos or snarl logistics in the event of a U.S.-China conflict in the Pacific, officials say.
While both China and the United States of America have accused each other of conducting cyberattacks for years now, recently, China’s People’s Liberation Army allegedly involved in a series of cyber intrusions referred to as “Volt Typhoon.”
The Washington Post reported earlier this morning that these attacks targeted critical American infrastructure, including water utility systems in Hawaii, major ports on the West Coast, and an oil and gas pipeline, according to experts.
Allegedly breaching Texas power grid
Furthermore, the country allegedly attempted to breach the operator of Texas’s power grid, which operates independently from the rest of the U.S. electrical systems.