In today’s cybersecurity news…
Malicious Go module steals credentials via Telegram
Researchers at cybersecurity firm Socket are warning of a malicious Go module that “presents itself as a brute-force tool for SSH but actually contains functionality to exfiltrate credentials.” It does this by “sending the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor.” The package is named “golang-random-ip-ssh-bruteforce,” and has been linked to a now discontinued GitHub account. The researchers also said the Go module “works by scanning random IPv4 addresses for exposed SSH services on TCP port 22, then attempting to brute-force the service using an embedded username-password list and exfiltrating the successful credentials to the attacker.”
Mirai-based botnet resurfaces targeting systems globally
Researchers at FortiGuard Labs researchers are tracking a new botnet campaign, which exploits known flaws in DrayTek, TP-Link, Raisecom, and Cisco, and which exhibits “evolved tactics and renewed activity.” The botnet, whose name is a homophobic slur, uses code from the basic Mirai variant and integrates N-day and 0-day exploits. It has been hitting Four-Faith brand industrial routers and as well as Neterbit routers and Vimar smart home devices. Its operators have also been launching DDoS attacks against the researchers who are tracking it.
Silk Typhoon hackers exploit cloud trust to hack downstream customers
In addition to its well-known cyberespionage activities, the group named Murky Panda, but better known as Silk Typhoon and Hafnium, has also been observed exploiting trusted relationships in cloud environments in order to gain initial access to the networks and data of downstream customers. A new report from CrowdStrike shows how the group takes advantage of the fact that “cloud providers are sometimes granted built-in administrative access to customer environments.” CrowdStrike adds, “breaches via trusted relationships are rare, they are less monitored than more common vectors such as credential theft. By exploiting these trust models, Murky Panda can more easily blend in with legitimate traffic and activity to maintain stealthy access for long periods.”
FTC warns tech companies against complying with European and British ‘censorship’ laws
FTC chairperson Andrew Ferguson has written to the chief executives of major tech firms criticizing what he calls “foreign attempts at censorship and efforts to countermand the use of encryption to protect American consumers’ data.” He continues that compliance could be considered a violation of Section 5 of the Federal Trade Commission Act which prohibits unfair or deceptive practices in commerce, adding “American consumers do not reasonably expect to be censored to appease a foreign power and may be deceived by such actions.”
Huge thanks to our sponsor, Prophet Security
Electronics manufacturer Data I/O suffers ransomware attack
Data I/O produces electronics used in vehicles, consumer devices, and charging stations for electric vehicles, for companies including Tesla, Panasonic, Amazon, Google and Microsoft. It suffered a ransomware attack on August 16, which impacted shipping, manufacturing, production and other support functions. A report was sent to federal regulators on Thursday evening, and the company is now waiting for a third-party investigation to conclude before notifying potential data breach victims.
House lawmakers seek to change federal cyber job education requirements
The Act would be called the Cybersecurity Hiring Modernization Act. It has been put forward by Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio. Mace is chair of the House Oversight Cybersecurity, Information Technology, and Government Innovation Subcommittee, and Brown is a ranking member of the same committee. The Act would “prioritize skills-based hiring over educational requirements for cyber jobs at federal agencies,” to “ensure the federal government has access to a ‘broader pool of qualified applicants’” in the face of urgent cybersecurity challenges. Mace stated, “we need to make sure our federal agencies hire the most qualified candidates, not just those with traditional degrees.”
App designed to keep women safer is hacked and breached
Following up on a story we covered in July, the women-only Tea Dating Advice app suffered a massive data breach exposing highly sensitive user data. Initially, hackers accessed a legacy storage system, leaking 72,000 images, including 13,000 selfies and driver’s licenses meant for immediate deletion after verification. The crisis deepened when a researcher uncovered over 1.1 million private direct messages from 2023 through 2025, revealing intimate conversations and personal identifiers. Tea suspended its messaging feature on July 29 and enlisted cybersecurity experts, but these experts condemned its weak protections. The company behind the app is now facing ten class-action lawsuits and calls for app store removal. It is offering affected users offered identity theft and credit monitoring services.
(BBC News)
China exits the internet for an hour
Activist group Great Firewall Report noted that the entire country of China cut itself off from the internet for just over an hour on Wednesday. This was done by “disrupting all traffic to TCP port 443, the standard port used for carrying HTTPS traffic.” Not only did this prevent China’s citizens from reaching websites hosted outside China, it also blocked other services that rely on port 443, such as those used by Apple and Tesla to “connect to offshore servers that power some of their basic services.” Reporters at The Register cannot identify an obvious reason for the blockage, suggesting China was “either testing its ability to block port 443 – which Beijing might see as a useful capability – or someone messed up.”