Zero Trust Privacy Assessment and Guidance

This publication provides guidance on how to use Zero Trust in privacy implementation. It highlights the core principles of privacy and how they can align with a Zero Trust architecture, touching on privacy impact assessments (PIAs) as well. 

As the world increasingly digitizes, these recommendations become all the more critical. They aren’t just about protecting privacy. Zero Trust ensures that organizations identify, locate, process, and dispose of such data with the right level of security.

Read Full Publication

Warning Against Phishing Emails Distributing GuLoader Malware by Impersonating a Famous International Shipping Company

AhnLab SEcurity intelligence Center (ASEC) recently identified the distribution of GuLoader malware via a phishing email by impersonating a famous international shipping company. The phishing email was obtained through the email honeypot operated by ASEC. The mail body instructs users to check their post-paid customs tax and demands them to open the attachment.

Read Full Article

US congressional panel urges Americans to ditch China-made routers

A U.S. congressional committee on Wednesday urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure. The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China’s TP-Link Technology Co, which according to research firm IDC is the top seller of WiFi routers internationally by unit volume.

Read Full Article

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report, attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional security tools and processes often miss these threats, leaving organizations unprepared.

Read Full Article

Cloudflare CDN flaw leaks user location data, even through secure chat apps

A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord.

While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what geographic region a person lives in and monitor their movements.

Read Full Article

WH National Cyber Director Finalizing Software Liability Proposals

The outgoing White House national cyber director is highlighting the progress his office made over the last four years, while also queuing up key issues, like regulatory harmonization and software liability, for the incoming Trump administration.

White House National Cyber Director Harry Coker, speaking at the Foundation for the Defense of Democracies in Washington on Tuesday, ran down his office’s signature efforts, including the 2023 national cyber strategy and the push to establish minimum cyber standards for critical industries.

Read Full Article

FBI, CISA say Chinese hackers are still lurking in US telecom systems

Leading U.S. cybersecurity agencies on Tuesday said that Chinese hackers likely still have access to critical telecommunications systems, and published guidance to help engineers and network defenders identify and remove the threat actors. In a call with reporters, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said the agencies have been investigating the incident since late spring, and have uncovered an expansive campaign that some lawmakers are calling the worst telecom hack in the nation’s history. 

Read Full Article

Homeland Security Committee reveals Cyber Threat Snapshot on rising cyber threats from nation-states, hacker networks

The U.S. House Committee on Homeland Security published a new ‘Cyber Threat Snapshot’ examining growing threats posed by malign nation-states and criminal networks to the homeland and American data. Identifying some of the recent notable attacks, the report zeroed in on the Salt Typhoon attack by Chinese hackers, who reportedly infiltrated backdoors in major U.S. internet service providers; and activities by the Volt Typhoon adversaries, who compromised U.S. critical infrastructure for at least five years, targeting the transportation, telecommunications, and energy sectors.

Read Full Article