Over the past several years, US Federal Agencies and private sector companies have observed China-based threat actors targeting network and telecommunication critical infrastructure. A wave of recent reports have disclosed that these attacks have succeeded in compromising government and industry targets to a far greater extent than previously thought. As ... Read More

CISA has released new cybersecurity guidelines for communications infrastructure. The guidance comes in the wake of a series of disclosures that massive Telecommunications Carriers have been compromised by Salt Typhoon and other China-sponsored adversaries.  At the same time, the U.S. Federal Communications Commission (FCC) has proposed a Declaratory Ruling to ... Read More

Why Build Something When It’s Already There? Attackers have been observed “living off the land,” that is, using tools that already exist on the system, to accomplish their goals for quite some time (dating back to attacks against UNIX systems using built-in shells such as “sh”). Rather than build specific ... Read More

Network appliances such as VPNs, firewalls, load balancers, and routers must be connected to the open internet. They do not support EDR and have deep access to resources inside the perimeter. For these reasons, it’s no surprise that nation-state and criminal groups have increased their targeting of network devices, with ... Read More

The Threat of Linux Bootkits Recently, security researchers have been analyzing and publishing details about “Iranukit” and “Bootkitty,” malware that targets Linux systems with bootkits. Bootkitty has been getting media coverage and is touted as the first UEFI bootkit for Linux. ESET’s research team created a post detailing the analysis ... Read More

The National Institute of Standards and Technology (NIST) has released a report titled Hardware Security Failure Scenarios, enumerating 98 scenarios in which hardware and firmware weaknesses, and flaws in the supply chains that produce hardware and firmware, could be exploited by an adversary, and what kind of damage could be ... Read More

Over half of the most routinely exploited vulnerabilities worldwide in 2023 affected network devices and infrastructure, according to a cybersecurity advisory issued by CISA and other international cybersecurity agencies in November, 2024. Furthermore, the majority of the routinely exploited vulnerabilities were “initially exploited as a zero-day” which was a change ... Read More

As enterprises increasingly focus on supply chain security, a critical yet often overlooked element remains: hardware security. Many organizations fail to address the risks associated with underlying hardware, either due to misconceptions or the perceived complexity of mitigation efforts. The post Securing the Foundation: The Critical Role of Hardware in Supply ... Read More

In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operations and geopolitical ambitions. They explore the implications of China’s strategies, the vulnerabilities in critical infrastructure, and the need for transparency and trust in digital systems. The ... Read More

The Pacific Rim cyberattack saga, detailed in a series of blog posts by Sophos in October 2024, offers a sobering reminder for enterprises: everyone is a target. No enterprise is too small or uninteresting to fall into the attack path of nation-state threat actors.  Widely used firewalls and other network ... Read More