Cyber Espenarge | Breaking Cybersecurity News | The Hacker News

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker  DEV-0147 ,  describing  the activity as an "expansion of the group's data exfiltration operations that traditionally targeted government agencies and think tanks in Asia and Europe." The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access. ShadowPad, also called PoisonPlug, is a  successor  to the  PlugX remote access trojan  and has been widely put to use by Chinese adversarial collectives with links to the Ministry of State Security (MSS) and People's Liberation Army (PLA), per Secureworks. One of the other malicious tools utilized by DEV-0147 is a webpack loader called QuasarLoader , which allows for deploying additional payloads onto the compro...

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as " RedFoxtrot " to the People's Liberation Army (PLA) Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country. Previously called the Lanzhou Military Region's Second Technical Reconnaissance Bureau, Unit 69010 is a military cover for a Technical Reconnaissance Bureau (TRB) within China's Strategic Support Force (SSF) Network Systems Department ( NSD ). The connection to PLA Unit 69010 stems from what the researchers said were "lax operational security measures" adopted by an unnamed suspected RedFoxtrot threa...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...