Male reported tensions with Bahama in New Providence [4 sources]
30d signal volume
30d signal volume
Hezbollah’s cheap fibre-optic drones are creating new challenges for Israeli troops in southern Lebanon, forcing the military to adapt its tactics against an increasingly lethal threat. The Israeli military — considered one of the most advanced in the world — has confirmed two soldiers and one civilian contractor killed in explosive drone attacks in under a week, with several others wounded despite a ceasefire in place since mid-April. The devices are small, cheap and readily available, like “children’s toys”, explained Orna Mizrahi, a senior researcher at Israel’s Institute for National Security Studies (INSS). The military “does not have nowadays any response for that, because they didn’t prepare themselves for such low-tech explosives”, she told AFP. Israel has been fighting Hezbollah since early March, invading the neighbouring country’s south to confront the group. Since then, violence has continued, with both sides accusing each other of breaching the ceasefire. Israel has continued its airstrikes since the ceasefire came into effect. Unlike conventional drones guided by GPS or radio, which can therefore be jammed, Hezbollah is using devices linked to their launch site by a thin fibre-optic cable that can stretch for dozens of kilometres. Operators pilot the drones in first-person view (FPV) using screens or virtual reality goggles that require limited training. “Since the drone does not transmit the image via radio broadcast and does not receive guidance commands via radio receiver, it cannot be detected by electronic intelligence means or blocked through electronic warfare,” said Arie Aviram, an expert who has written on the subject for the INSS. The drones’ speed and precision mean they can cause considerable damage to Israeli targets, and their lack of electronic traces leaves troops reliant on radar or visual detection, which often comes too late. Asymmetrical warfare Hezbollah’s use of these drones is characteristic of asymmetrical warfare, explained INSS researcher Mizrahi. In recent days, Hezbollah has relied more on these drones, a notable shift from the barrages of rockets it unleashed in the weeks after the war broke out. Experts say the cost of assembling the fibre-optic drones can range from just a few hundred dollars to around $4,000, depending on the quality and type of components, which can be bought on online platforms such as AliExpress. On Friday, the group’s media chief Youssef al Zein confirmed the group was using the drones and said they were being manufactured in Lebanon. “We are aware of the enemy’s superiority, but at the same time we are exploiting its weak points,” he said. For Israel, shooting down cheap drones using sophisticated air defences and fighter jets is unsustainable and costly. Aviram said that lasers, like those used by Israel’s Iron Beam air defence system, could be a suitable solution “provided they were widely deployed”, which is not the case. Indicating the challenge posed by these devices, the Israeli defence ministry put out a public call on April 11 for “proposals to identify additional capabilities to address the threat of fibre-optic-controlled FPV drones”. Nets and barriers A video shared on social media by prominent Israeli journalist Amit Segal on Wednesday appeared to show military vehicles draped in netting to protect against drones. AFP was unable to verify the footage. A senior military official told journalists on Tuesday that “so far, we’re using force protection technologies and other protections that we learned from other places, from our own experience with nets, with barriers”. “But it’s a threat that we’re still adapting to, there’s nothing that is foolproof,” the official added, noting that the military was “learning” from the war in Ukraine , where fibre-optic drones are now common. Israeli news website Mako reported in 2024 that Ukraine — which has become a world-leading drone expert since Russia’s invasion — offered its expertise to Israel several years ago but was rebuffed. “There was no concrete response,” Ukraine’s former defence minister Oleksii Reznikov told Mako at the time. Asked by AFP about the challenges posed by fibre-optic explosive drones, the Israeli military said troops had in recent weeks “conducted an in-depth analysis of how this threat operates and how Hezbollah employs it”. “The IDF is monitoring the drone threat and developing operational methods to address it,” it said, adding that troops on the ground were “continuously working to improve and adapt their systems in order to deal with the evolving threat”.
Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it Summary With support from the UK Cyber League , this advisory has been jointly released by the National Cyber Security Centre (NCSC-UK) and international partners: Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Communications Security Establishment Canada’s (CSE’s) Canadian Centre for Cyber Security (Cyber Centre) Germany Federal Office for the Protection of the Constitution - Bundesamt für Verfassungsschutz (BfV) Germany Federal Intelligence Service – Bundesnachrichtendienst (BND) Germany Federal Office for Information Security - Bundesamt für Sicherheit in der Informationstechnik (BSI) Japan National Cybersecurity Office (NCO) - 国家サイバー統括室 Netherlands General Intelligence and Security Service - Algemene Inlichtingen- en Veiligheidsdienst (AIVD) Netherlands Defence Intelligence and Security Service - Militaire Inlichtingen- en Veiligheidsdienst (MIVD) New Zealand National Cyber Security Centre (NCSC-NZ) Spain National Cryptologic Centre – Centro Criptológico Nacional (CCN) Sweden National Cyber Security Centre - Nationellt cybersäkerhetscenter (NCSC-SE) United States Cybersecurity and Infrastructure Security Agency (CISA) United States Department of Defense Cyber Crime Center (DC3) United States Federal Bureau of Investigation (FBI) United States National Security Agency (NSA) Its purpose is to provide network defenders with the tools needed to defend against China-nexus cyber actors and their tactic of using large scale networks of compromised devices (covert networks) to route their cyber activity. Introduction Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) used by China-nexus cyber actors, moving away from the use of individually procured infrastructure, and towards the use of externally provisioned, large-scale networks of compromised devices. The NCSC believes that the majority of China-nexus threat actors are using these networks (hereafter “covert networks”), that multiple covert networks have been created and are being constantly updated, and that a single covert network could be being used by multiple actors. These networks are mainly made up of compromised Small Office Home Office (SOHO) routers, as well as Internet of Things (IoT) and smart devices. Anyone who is a target of China-nexus cyber actors may be impacted by the use of covert networks. They have been used by Chinese state-sponsored actors Volt Typhoon to pre-position offensive cyber capabilities on critical national infrastructure. The group Flax Typhoon used a different covert network of compromised infrastructure to conduct cyber espionage. The use of covert networks of compromised devices - also known as botnets - to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale. This advisory describes the typical makeup of a covert network and what they are being used for. It also includes protective advice for organizations being targeted by cyber activity using a covert network as an access vector. Covert Networks Covert networks are used to connect across the internet in a low-cost, low-risk, deniable way, disguising the origin and attribution of malicious activity. Actors have been observed using them for each phase of their Cyber Kill Chains, from performing scans as part of reconnaissance, to the delivery of malware, communicating with said malware, and exfiltrating stolen data from a victim. They can also be used for general deniable internet browsing, allowing threat actors to research exploitation techniques, new TTPs, and their victims without attribution. Some covert networks are also used by legitimate customers to browse the internet, making it challenging to attribute malicious activity. There is evidence that covert networks used by China-nexus actors are created and maintained by Chinese information security companies. A network known to network defenders as Raptor Train, which in 2024 infected more than 200,000 devices worldwide, was controlled and managed by the Chinese company, Integrity Technology Group. This company was also assessed by the FBI to be responsible for the computer intrusion activities attributed to China-based hackers known as Flax Typhoon. Botnet operations represent a significant threat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber attacks – NCSC Director of Operations, Paul Chichester Covert networks mostly consist of compromised SOHO routers, but they also pull in any vulnerable device they can exploit at scale. Raptor Train was made up of thousands of SOHO routers and IoT devices, such as web cameras and video recorders, as well as firewalls and Network Attached Storage (NAS) devices. The KV Botnet used by Volt Typhoon was mainly made up of vulnerable Cisco and NetGear routers . The edge devices were vulnerable because they were “end of life” – out of date and no longer receiving updates or security patches by their manufacturers. The cyber security industry has been aware of examples of these networks for some time and has publicly reported on the widespread scale of the threat and its implications. Mandiant Intelligence produced a public blog in May 2024 talking about covert networks in which they highlighted a key issue for defenders – indicator of compromise (IOC) Extinction. If a particular threat group could now come from one of many covert networks, each with potentially hundreds of thousands of endpoints, and each used by multiple threat actors, old network defense paradigms of static malicious IP block lists will be less effective. This is compounded by the dynamic nature of these networks where new nodes will be added as old devices are patched or removed from use. Typical Network Topology The number of covert networks used by China-nexus cyber actors is large, with new networks regularly developed and deployed. The existing covert networks change too, either because of defensive or legal action, or simply as a result of software updates and new exploits being used to target different technologies for incorporation into the network. Because of this, a description of all known covert networks in detail, including how they are constructed and how they communicate, would immediately be out of date – and for most network defenders would not be practically useful. However, most covert networks of compromised devices use the same basic set up. Understanding this generalized structure can aid researchers and defenders by helping them to understand which part of a network they may have found, and how to defend against it. A diagram illustrating the basic setup of a covert network. The diagram above illustrates the basic setup of a covert network, where typically an actor will connect to the network via an on-ramp or entry node. Their traffic will be forwarded through multiple compromised devices, used as traversal nodes, before exiting the network from an exit node, usually in the same geographic region as the target. Protective Advice Defending from attackers using covert networks is not straightforward, and defensive tactics will be different based on the levels of resource and the nature of the target organization. General advice for good cyber security practice should be followed, and some key messages can be found in the appendix of this advisory. The following advice is specifically tailored to steps which can be taken to combat the risk of attacks coming from large, dynamic networks of compromised devices. Further guidance for all organizations facing cyber security threats is available on the NCSC website. This guidance should be considered alongside all applicable laws and regulations of the UK and co-sealing countries relating to the security of networks and data. It will be each organization’s responsibility to ensure compliance with any such laws and regulations. Organizations should note that following the recommended actions set out below will not remove all risks. All organizations The NCSC recommends the following steps for all affected organizations to either take themselves, or ask their managed service and/or security providers to investigate for them: Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connecting to them. Baseline normal connections, especially to corporate virtual private networks (VPNs) or other similar services. Would you expect connections from consumer broadband ranges? Leverage available dynamic threat feeds which include covert network infrastructure. Implement multifactor authentication for remote connections. Smaller organizations should consider creating and actioning a free NCSC Cyber Action Toolkit . Larger or more at-risk organizations Some more comprehensive measures may be appropriate if the risk to an organization is high enough, to be conducted either in-house or through a security provider: Apply IP address allow lists rather than deny lists for connections to corporate VPNs for remote workers. Use geographic allow lists or profile incoming connections based on operating system, time zones, and/or organization specific system configuration settings. Implement zero trust policies for connections. Enforce machine certificates for Secure Sockets Layer (SSL) connections. Reduce the internet-facing presence of the IT estate. Investigate machine learning techniques to profile normal network edge activity to detect and block anomalies. The NCSC's Cyber Essentials can help protect organizations of all sizes. Largest or most at-risk organizations If Advanced Persistent Threat (APT) tracking is part of an organization’s in-house capability, or if it is part of the service provided by a security vendor, consider tracking China-nexus covert networks as APTs in their own right. Active hunting – look for connections from IP addresses likely to be part of a covert network of compromised devices, for instance those hosting SOHO routers or IoT devices. Track and map covert networks reported by industry or government by looking at banners and certificates. Use threat reporting and threat feeds to create and implement dynamic blocklists and create alert rules to detect incoming threats. Consider using NetFlow feeds to look upstream and map covert networks to find new nodes. The NCSC Cyber Assessment Framework provides guidance for organizations under the highest levels of threat, including those operating essential services, in sectors such as energy, healthcare, transport, digital infrastructure and government. MITRE ATT&CK® This advisory has been compiled with respect to the MITRE ATT&CK® framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Tactic ID Technique Procedure Resource Development T1584.005 Compromise Infrastructure: Botnet Botnets are used as core components of covert networks Resource Development T1584.008 Compromise Infrastructure: Network Devices Devices are compromised and added to botnets Resource Development T1583.003 Acquire Infrastructure: Virtual Private Server Virtual private servers (VPS) are used in covert networks, typically as on-ramps Command and Control T1090.003 Proxy: Multi-hop Proxy Used by China-nexus cyber actors to route traffic Appendix: Cyber Security Best Practices In addition to the protective advice outlined in this advisory, a number of cyber security best practices will also be useful in defending against the activity described in this advisory. Protect your devices and networks by keeping them up to date : use the latest supported versions, apply security updates promptly, use antivirus and scan regularly to guard against known malware threats. See NCSC Guidance: https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/antivirus-and-other-security-software Prevent and detect lateral movement in your organization’s networks . See NCSC Guidance: https://www.ncsc.gov.uk/guidance/preventing-lateral-movement Implement architectural controls for network segregation . See NCSC Guidance: https://www.ncsc.gov.uk/guidance/10-steps-network-security Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes and https://www.ncsc.gov.uk/information/logging-made-easy Use modern systems and software. These have better security built-in. If you cannot move off out-of-date platforms and applications straight away, there are short term steps you can take to improve your position. See NCSC Guidance: https://www.ncsc.gov.uk/collection/mobile-device-guidance/managing-the-risks-from-obsolete-products Restrict intruders' ability to move freely around your systems and networks . Pay particular attention to potentially vulnerable entry points such as third-party systems with onward access to your core network. During an incident, disable remote access from third-party systems until you are sure they are clean. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/preventing-lateral-movement and https://www.ncsc.gov.uk/guidance/assessing-supply-chain-security . Deploy a host-based intrusion detection system . A variety of products are available, free and paid-for, to suit different needs and budgets. Further information : Invest in preventing malware-based attacks across various scenarios. See NCSC Guidance: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Disclaimer This report draws on information derived from NCSC and industry sources. Any NCSC findings and recommendations made have not been provided with the intention of avoiding all risks and following the recommendations will not remove all such risk. Ownership of information risks remains with the relevant system owner at all times. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by co-sealers. UK readers should refer to the NCSC website for information about NCSC assured services . This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk . All material is UK Crown Copyright ©
Ping An Digital Bank Announces FY2025 Annual Results, Net Interest Income Rose by over 60% YoY, Total Assets Achieved 135% Growth Striding forward with the Brand Vision, "Always with You, Always Ahead" With the new brand vision"Always with You, Always Ahead," we provide professional support to help customers navigate with confidence - from banking services to life protection planning. As a fully licensed bank, Ping An ...
A Kansas task force is working to develop a new public school funding formula before the current framework expires. Previous funding plans have been deemed unconstitutional by the Kansas Supreme Court for failing to provide equitable and adequate funding, requiring legislative and gubernatorial agreement on a new approach.
Clothing support for Women’s Shelter through new Lindex partnership Lindex in Iceland has entered into a partnership agreement with Kvennaathvarfið, the Women’s Shelter to provide clothing for women and children seeking refuge at shelters in Reykjavík and Akureyri.
Ohio lawmakers want to replace all lead service lines, but it could cost billions An Ohio bill would require the state replace all lead service lines, but some statewide organizations worry about the costs associated with the bill. Ohio state Reps. Dontavius Jarrells, D-Columbus, and Monica Robb Blasdel, R-New Waterford, introduced Ohio House Bill 307 last year, which would require local water providers to work with the state to […]
As other states expand quality pre-K, North Carolina lags behind A new national study by the National Institute for Early Education Research finds North Carolina ranks 32nd in the nation in providing preschool access to four-year-olds. The 2025 State of Preschool Yearbook notes that North Carolina spent less on preschool programs and enrolled fewer children in the 2024-2025 school year than the previous year. According […]
Russian Despatch: Looking for a New Orban in the Balkans Moscow has lost its main ally inside the EU with the defeat of Hungary’s Viktor Orban. Can the victory of Bulgaria’s Rumen Radev provide the Kremlin with a new disruptor for the European bloc?
NJ Spotlight News broadcast summary from April 29, 2026 covering top stories relevant to New Jersey. No specific threat content identified in the excerpt provided.
Four individuals received a new recognition award during the final phase of a national tournament. No additional context regarding the nature of the award, tournament type, or geographic location is provided.