Articles of interest from the week of July 8, 2024

China ‘Actively’ Targeting US Industrial Base, Warns CYBERCOM Chief

“The People's Republic of China’s efforts to steal intellectual property, gain critical infrastructure footholds, and disrupt supply chains pose a significant risk to DoD's ability to defend the nation," CYBERCOM Commander Gen. Haugh said. (Breaking Defense)

“China continues its strategic espionage efforts against our industrial base to steal critical intellectual property, demanding that we remain steadfast in our cybersecurity vigilance and strengthen our defenses against such persistent threats.” – Jason Ingalls, Founder at Ingalls Information Security

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. (The Hacker News)

Patch Now: Cisco Zero-Day Under Fire From Chinese APT

Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands, and dropping custom malware. (Dark Reading)

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. (The Hacker News)

Virtual Escape; Real Reward: Introducing Google’s kvmCTF

Google is committed to enhancing the security of open-source technologies, especially those that make up the foundation for many of our products, like Linux and KVM. To this end, we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023, (Google Online Security Blog)

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. (The Hacker News)