FlagThis

A critical vulnerability, tracked as CVE-2021-44207, in the Acclaim Systems USAHERDS web application, which is a web based application, has been actively exploited. The vulnerability involves the use of hard-coded credentials, making it an easy target for malicious actors. CISA has added this flaw to its Known Exploited Vulnerabilities catalog. Organizations are urged to apply the necessary remediation to reduce their exposure to cyber attacks. This vulnerability allows for significant risk to the federal enterprise.

A new mobile surveillance tool named ‘EagleMsgSpy’ has been discovered, used by Chinese law enforcement to gather data from Android devices. This tool, operational since 2017, collects a range of sensitive data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and network activity. The collected data is sent to a command-and-control server, raising concerns about privacy and potential misuse.

Chinese hackers, likely associated with the Salt Typhoon group, used sophisticated methods to breach US telecommunication providers. The attack went beyond simple credential theft, indicating advanced techniques and significant compromise.

The FBI and CISA have jointly issued a warning about a significant cyber espionage campaign targeting US telecommunications infrastructure, allegedly orchestrated by Chinese-backed hackers. The campaign, which commenced in late October, has compromised the private communications of individuals, particularly those involved in government affairs. The extent of the breach and the specific methods employed by the attackers remain unclear, but the impact on US national security is substantial. This campaign underscores the growing threat posed by state-sponsored actors who leverage sophisticated cyber techniques to gather intelligence and influence political affairs. The compromised communications could be used to gain insights into government policies, strategies, and internal discussions, potentially giving the Chinese government a strategic advantage.

The US Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for their involvement in a global firewall compromise in April 2020. This hack exploited a zero-day vulnerability, impacting tens of thousands of firewalls, including those of critical infrastructure companies. Guan Tianfeng has also been indicted by the Department of Justice for developing and deploying malware, leading to a $10 million reward for information on the company or Guan. This coordinated action highlights the ongoing threat posed by Chinese cyber actors.