Yazılar

Vietnam investigates cyberattack on creditors’ data

/in /tarafından

Vietnam’s National Credit Information Center (CIC), which is overseen by the State Bank of Vietnam, has suffered a cyberattack targeting its database of creditors’ information. Authorities said the breach involved unauthorized access aimed at stealing personal data such as identities, credit payments, risk assessments, and credit card details.

The cybersecurity agency confirmed the investigation is ongoing, while CIC separately notified financial institutions in a September 11 letter, suspecting that the attack was carried out by the hacker group Shiny Hunters—a collective notorious for targeting companies like Google, Microsoft, and Qantas.

Officials stressed that CIC’s systems remain functional, with no disruption to operations or visible damage. However, the scope of the data leak has not been disclosed. Vietnam’s central bank declined to comment, and Shiny Hunters could not be reached.

JPMorgan analysts warned that while the incident does not yet pose a systemic risk, it may lead to higher cybersecurity costs for Vietnamese banks and could potentially affect deposit flows if further breaches occur.

Vietnam has already been grappling with a rising wave of data leaks. A 2024 report by telecom giant Viettel noted that 14.5 million leaked accounts in Vietnam represented 12% of global total leaks, underscoring the country’s growing vulnerability to cybercrime.

Senator Wyden Urges FTC Probe Into Microsoft Over Cybersecurity Failures

/in /tarafından

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he described as “gross cybersecurity negligence” that he says poses an ongoing threat to U.S. national security.

In a September 10 letter to FTC Chairman Andrew Ferguson, Wyden accused Microsoft of creating vulnerabilities that have led to ransomware attacks on critical infrastructure, including health care organizations. He argued that Microsoft’s default Windows configurations and continued support for outdated encryption standards have left customers exposed.

Wyden compared the company to “an arsonist selling firefighting services,” saying its dominance in enterprise IT leaves agencies and firms with “no choice” but to use its products despite the risks.

The Ascension Case

Wyden highlighted the May 2024 ransomware attack on Ascension, a major U.S. hospital operator, as a prime example. Hackers reportedly exploited a contractor’s laptop after a malicious link appeared through Microsoft’s Bing search engine, eventually breaching Ascension’s Active Directory server and exposing the data of 5.6 million people.

Wyden said Microsoft’s default encryption settings — particularly support for the outdated RC4 standard — facilitated the attack.

Microsoft’s Response

Microsoft acknowledged that RC4 is insecure but stressed it makes up “less than 0.1% of traffic.” The company said it discourages use of RC4 but cannot yet fully disable it because “disabling its use completely would break many customer systems.”

The company pledged to disable RC4 by default in certain Windows products starting Q1 2026 and to roll out additional mitigations.

Broader Context

Wyden has repeatedly urged scrutiny of Microsoft’s role in cyber incidents, including the July 2023 breach by Chinese-linked hackers who stole thousands of U.S. officials’ emails.

The FTC confirmed receipt of Wyden’s letter but offered no further comment.

The senator’s push comes amid broader concerns that the monopoly-like grip of Microsoft on enterprise IT both amplifies security risks and limits customers’ ability to choose safer alternatives.

U.S. Warns of Hidden Radios in Solar-Powered Highway Infrastructure

/in /tarafından

U.S. transportation officials have issued a security advisory warning that solar-powered highway equipment — including electric vehicle chargers, weather stations, and traffic cameras — may contain undocumented cellular radios and other rogue devices hidden inside imported inverters and battery systems.

The advisory, circulated by the Federal Highway Administration (FHWA) on August 20 and reviewed by Reuters, follows discoveries of undocumented communications components in foreign-manufactured power inverters and battery management systems (BMS). While the note did not name a country of origin, many inverters are produced in China, and the warning aligns with rising U.S. scrutiny of Chinese technology in critical infrastructure.

Officials fear such hidden radios could allow remote tampering, enabling disruptions ranging from synchronized outages to the manipulation of roadside systems essential for autonomous vehicle operations. Anomadarshi Barua, a George Mason University researcher, said compromised inverters could be exploited to trigger power surges or send malicious commands, “creating a lot of havoc.”

Earlier this year, U.S. energy officials raised alarms after rogue communications hardware was found in Chinese-made inverters and batteries. Denmark’s grid operators also reported unexplained electronic components in imported energy equipment.

The FHWA memo urged transportation authorities to inventory inverters, conduct spectrum scans for unauthorized signals, remove undocumented radios, and ensure network segmentation to limit exposure.

China’s Embassy in Washington rejected the warnings, denouncing what it called the “distortion and smear of China’s achievements in energy infrastructure.”

The warning adds to broader U.S. measures targeting Chinese technology. Washington has already moved to ban most Chinese cars and trucks from the U.S. market by late 2026 over concerns that vehicle software and sensors could be used for data collection or surveillance.