Government and Internet - Cyber Security Informer

Surveillance of the Internet Backbone

Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. In the hands of some governments, that could be dangerous. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.

Internet

Internet Internet Surveillance VPN

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. Internet is a regional ISP that provides fiber and wireless Internet service.

Internet

Internet Internet Wireless Government

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. ru) from the Internet.

Internet

Internet Internet Government Technology

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code. Last year, the U.S.

Malware

Malware Antivirus Software DDOS

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. Something this complex and impressive implies that a government is behind this.

Malware

Malware Cryptocurrency Internet Internet

State And Local Government Cyber In-Security Endangers America: Let’s Finally Deal With It

Joseph Steinberg

SEPTEMBER 6, 2022

Such risks are even more troubling when one considers that the federal government has taken all sorts of actions to remove various Chinese-made hardware from its various environments due to national security reasons, but State and Local governments have generally not followed suit. Consider, for example, sewage processing systems.

Government

Government Artificial Intelligence Cybersecurity Financial Services

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

JUNE 21, 2022

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both. 2992, the American Innovation and Choice Online Act ; and S.

Internet

Internet Internet Encryption Backups

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski.

Spyware

Spyware Government Surveillance Hacking

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Were just getting started down the road to the Internet of Everything (IoE.) Not coincidentally, industry standards groups and government regulators have stepped forward to embrace a vital supporting role. Governments and standards bodies are taking note.

Internet

Internet Internet IoT Manufacturing

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned. This is basically the SolarWinds attack, but much more extensive.

Malware

Malware Software Internet Internet

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

DECEMBER 5, 2023

Before the internet, putting someone under surveillance was expensive and time-consuming. Surveillance has become the business model of the internet, and there’s no reasonable way for us to opt out of it. Governments around the world already use mass surveillance; they will engage in mass spying as well. They conform.

Surveillance

Surveillance Internet Internet Government

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

NSA Advisory on Chinese Government Hacking

Schneier on Security

OCTOBER 21, 2020

Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks.

Hacking

Hacking Government Internet Internet

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government’s “Wanted” poster for him.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Amy Zegart on Spycraft in the Internet Age

Schneier on Security

FEBRUARY 8, 2022

Intelligence collectors are everywhere, and government spy agencies are drowning in data. Now everyone is racing for insight and the internet gives them tools to do it. Wired has an excerpt : In short, data volume and accessibility are revolutionizing sensemaking.

Internet

Internet Internet Technology Government

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

SEPTEMBER 16, 2024

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Internet

Internet Internet Government

Insecurity of Government Infrastructure

Adam Shostack

JANUARY 2, 2025

Thats why a group of us, led by Evan Lam and Sudheesh Singanamalla, have a new short paper* in NDSS, On the (In)Security of Government Web and Mail Infrastructure : Abstract: Government web infrastructure is a critical part of todays Internet and the functioning of society.

Government

Government DNS Internet Internet

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. government.

VPN

VPN Government Cybercrime Internet

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. The web shell gives the attackers administrative access to the victim’s computer servers.

Hacking

Hacking Software Government Internet

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. “We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges. If you’ve ever thought about running a Tor bridge, now is the time.

Government

Government Internet Internet Hacking

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country.

Phishing

Phishing Scams Mobile Passwords

NSO Group’s Pegasus Spyware Used Against US State Department Officials

Schneier on Security

DECEMBER 13, 2021

NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US. ” .

Spyware

Spyware Internet Internet Government

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. In response, the whole network was taken offline.

Ransomware

Ransomware Government Internet Internet

Essays from the Second IWORD

Schneier on Security

MARCH 8, 2024

An Argument for More Dialogues in Academia Aditi Juneja, Ensuring We Have A Democracy in 2076 Nick Couldry, Resonance, Not Scalability Jon Evans, Experimentocracy Nathan Schneider, Democracy On, Not Just Around, the Internet Eugene Fischer, The Enrichment and Decay of Ionia We are starting to think about IWORD 2024 this December.

Government

Government Internet Internet

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

telecommunication and internet service providers. government IT systems and critical infrastructure. government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. China-linked threat actors persistently target U.S. critical infrastructure.” national security.”

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. Connectivity to a compromised provider was interrupted, and T-Mobile notified industry and government leaders.

Mobile

Mobile Telecommunications Government Internet

US Treasury Department Sanctions Chinese Company Over Cyberattacks

Schneier on Security

JANUARY 7, 2025

officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

Internet

Internet Internet Government Technology

Keeping the Internet Secure

Adam Shostack

JANUARY 2, 2025

[no description provided] Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption.

Internet

Internet Internet Government Manufacturing

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

SEPTEMBER 16, 2021

man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. The user interface for Downthem[.]org.

DDOS

DDOS DNS Internet Internet

FBI Shuts Down Chinese Botnet

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications

Telecommunications Media Malware Internet

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government VPN Accountability Authentication

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies. The US government has already advised athletes to leave their personal phones and laptops home and bring burners.

Surveillance

Surveillance Encryption Wireless Government

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

JUNE 10, 2022

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

Government

Government Marketing Internet Internet

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software

Software Engineering Internet Internet

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). However, when improperly configured or left exposed to the internet, HMIs become prime targets for cyberattacks. This underscores the urgent need to secure these systems.

Internet

Internet Internet Risk Passwords

Booter Boss Busted By Bacon Pizza Buy

Krebs on Security

FEBRUARY 4, 2020

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. ” The government suggested a lenient sentence considering the defendant’s ongoing health complications, which include liver failure.

Internet

Internet Internet Government Accountability

Analyzing IoT Security Best Practices

Schneier on Security

JUNE 25, 2020

van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. by Christopher Bellman and Paul C.

IoT

IoT Manufacturing Internet Internet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The core Manipulaters product is Heartsender , a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365 , Yahoo , AOL , Intuit , iCloud and ID.me , to name a few.

Phishing

Phishing Cybercrime Advertising Malware

Surveillance of the Internet Backbone

U.S. Internet Leaked Years of Internal, Customer Emails

Trending Sources

Internet Backbone Giant Lumen Shuns.RU

Welcoming the Czech Republic Government to Have I Been Pwned

The Internet is Held Together With Spit & Baling Wire

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Perfectl Malware

State And Local Government Cyber In-Security Endangers America: Let’s Finally Deal With It

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Poland probes Pegasus spyware abuse under the PiS government

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Delivering Malware Through Abandoned Amazon S3 Buckets

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

NSA Advisory on Chinese Government Hacking

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

FBI: Spike in Hacked Police Emails, Fake Subpoenas

U.S. Offered $10M for Hacker Just Arrested by Russia

Amy Zegart on Spycraft in the Internet Age

Legacy Ivanti Cloud Service Appliance Being Exploited

Insecurity of Government Infrastructure

Is Your Computer Part of ‘The Largest Botnet Ever?’

Report: Recent 10x Increase in Cyberattacks on Ukraine

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

NSO Group’s Pegasus Spyware Used Against US State Department Officials

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

Essays from the Second IWORD

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

T-Mobile detected network intrusion attempts and blocked them

US Treasury Department Sanctions Chinese Company Over Cyberattacks

Keeping the Internet Secure

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

FBI Shuts Down Chinese Botnet

U.S. CISA: hackers breached a state government organization

China’s Olympics App Is Horribly Insecure

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Backdoor in XZ Utils That Almost Happened

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

Booter Boss Busted By Bacon Pizza Buy

Analyzing IoT Security Best Practices

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Stay Connected