In today’s cybersecurity news…
ShinyHunters hits Vietnam National Credit Information Center
The attack was confirmed by the Vietnam Cyber Emergency Response Team, and Resecurity’s HUNTER team was able to acquire samples of leaked data, much of whichis connected to other financial institutions in Vietnam. This attack is believed to be an exploit of an “n-day” vulnerability “a known but unpatched flaw in end-of-life software used by the CIC. Because the software was no longer supported, no security patches were available, leaving the system especially vulnerable.” ShinyHunters did extort the bank but simply listed the data for sale on a Dark Web forum.
HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass
According to a post in WeLiveSecurity from ESET Research, HybridPetya is a copycat of the Petya/NotPetya malware, “adding the capability of compromising UEFI-based systems and weaponizing a CVE numbered flaw (CVE‑2024‑7344) to bypass UEFI Secure Boot on outdated systems.” This new ransomware was uploaded to VirusTotal this past February, “and encrypts the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions.” ESET has seen no signs of HybridPetya being used in the wild yet, and it “does not exhibit the aggressive network propagation seen in the original NotPetya.”
CISA official calls on lawmakers to extend cyber info-sharing law
A top CISA official, Nick Andersen, CISA’s executive assistant director for cybersecurity, speaking at the Billington Cybersecurity Summit in Washington, says he is urging Congress to renew the 2015 Cybersecurity Information Sharing Act (CISA 2015) before it expires September 30. The law encourages private companies to voluntarily share threat intelligence with the government. Renewal legislation has advanced in the House but has yet to reach a full vote, while the Senate is only beginning to circulate its own version, led by Homeland Security Committee Chair Rand Paul. With limited time left, lawmakers may extend the measure temporarily by attaching it to a short-term government funding bill to prevent disruption.
Great Firewall suffers its biggest leak ever
On September 11, researchers “confirmed that more than 500GB of internal documents, source code, work logs, and internal communications from the so-called Great Firewall were dumped online, including packaging repos and operational runbooks used to build and maintain China’s national traffic filtering system.” This leak exposed details of “Tiangou,” a commercial censorship platform developed by Chinese firm Geedge. Originally built on HP and Dell servers, later on Chinese hardware, Tiangou functions as a turnkey “Great Firewall in a box.” Deployment records show it was installed across 26 data centers in Myanmar, capable of handling 81 million simultaneous TCP connections, and integrated at national exchange points for large-scale blocking and filtering. Additional reporting by WIRED and Amnesty International reveals exports to Pakistan, Ethiopia, and Kazakhstan, where it supports mass surveillance and lawful intercept systems.
Huge thanks to our sponsor, Drata
With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction.
That means less manual work, and faster deal cycles.
Win with Trust. Learn more at SafeBase.io.
Cyberattacks against schools driven by a rise in student hackers, says UK agencies
The Information Commissioner’s Office (ICO) warned on Thursday that “student hackers motivated by dares are driving an increasing number of cyberattacks and data breaches affecting schools.” The agency said it identified “a worrying pattern” in the 215 insider threat breach reports from the education sector between January 2022 and August 2024, with 57% of incidents caused by students who were likely motivated by “dares, notoriety, financial gain, revenge and rivalries.” The UK’s National Crime Agency believes that one-in-five children in Britain aged 10 to 16 has engaged in illegal activity online. Some 215 breaches described by the ICO in the education sector were caused by what was described as “poor data protection practices, including staff accessing data without a legitimate need, by devices being left unattended, or by students being allowed to use staff devices.”
French tech company Dassault reveals critical vulnerability
CISA has issued a warning regarding the ongoing exploitation of a critical remote code execution flaw in DELMIA Apriso, which is a joint manufacturing operations management and manufacturing execution solution from the French company Dassault. The vulnerability has a CVE number (CVE-2025-5086) and a critical severity score of 9.0. Enterprises across a wide range of industries around the world use DELMIA Apriso “to schedule production, for quality management, allocate resources, warehouse management, and for integration between production equipment and business applications.”
FBI issues flash alert regarding Salesforce gangs
The FLASH alert is intended to “disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cybercriminal groups UNC6040 and UNC6395, which are responsible for a rising number of data theft and extortion intrusions.” These groups have been behind the numerous Salesforce-related scams that have occurred this year. The FBI “advises organizations to strengthen defenses against cybercriminals targeting Salesforce and other systems. Recommended measures include training call center staff to recognize phishing attempts, enforcing MFA, and applying the Principle of Least Privilege with AAA systems to limit user actions, and to investigate and vet indicators prior to taking action, such as blocking.”
CISA seeks control over CVE
CISA has published a two-page summary of its vision for the future of the CVE. According to Nicholas Andersen, CISA’s new Executive Assistant Director for Cybersecurity, the CVE’s desire, through its board of directors, to “transition to a nonprofit entity with true international coordination, rigorous and transparent governance, and multiple funding sources from public, private, and nonprofit organizations,” does not sit well with CISA, who foresees conflicts of interest within that model, which “reinforces the need for CISA to take a more active role in the long-term stewardship of the CVE Program.”