Mobile Network | Breaking Cybersecurity News | The Hacker News

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda , describing it as possessing deep knowledge about telecommunications networks, the protocols that undergird telecommunications, and the various interconnections between providers. The threat actor's malware portfolio includes bespoke tools that facilitate clandestine access, command-and-control (C2), and data exfiltration. "Liminal Panda has used compromised telecom servers to initiate intrusions into further providers in other geographic regions," the company's Counter Adversary Operations team said in a Tuesday analysis. "The adversary conducts elements of their intrusion activity using protocols that support mobile telecommunicati...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA  said  in the alert. The seven flaws, which were discovered and reported to CISA by industrial cybersecurity company Claroty, affect the following products — Mimosa Management Platform ( MMP ) running versions prior to v1.0.3 Point-to-Point ( PTP ) C5c and C5x running versions prior to v2.8.6.1, and Point-to-Multipoint ( ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...