Cybersecurity

Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network

Chinese state-sponsored hackers broke into an internal computer network used by the Dutch Ministry of Defence last year, the Netherlands said Tuesday. In a rare announcement, both the country’s military (MIVD) and civilian (AIVD) security services said the ministry had been hacked for espionage purposes after the threat actor exploited a vulnerability in FortiGate devices, […]

Cybersecurity

How a mistakenly published password exposed Mercedes-Benz source code | TechCrunch

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of RedHunt Labs, alerted TechCrunch to the exposure and asked for help in disclosing to the […]

Cybersecurity

AWS Using MadPot Decoy System to Disrupt APTs, Botnets

Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm. MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious […]

Cybersecurity

Rising OT/ICS cybersecurity incidents reveal alarming trend – Help Net Security

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers. […]

Cybersecurity

Microsoft AI Researchers Leak 38TB of Private Data

Microsoft accidentally revealed a huge trove of sensitive internal information dating back over three years via a public GitHub repository, it has emerged. Cloud security firm Wiz discovered the privacy snafu when it found the GitHub repository “robust-models-transfer” which belonged to Microsoft’s AI research division. Although the repository was meant only to provide access to […]