AnonymousMedia.org

Category: Uncategorized

Eurostar delays enter second day as passengers stuck onboard overnight

EPA

People’s New Year’s Eve plans thrown into disarray after Eurostar cancellations.

Eurostar passengers are braced for more possible disruption, after a power outage in the Channel Tunnel caused travel chaos for thousands of people on Tuesday.

As people scrambled to get to New Year’s Eve celebrations, some travellers said they spent more than six hours stuck onboard trains overnight as services were hit by more delays.

One man told the BBC he had boarded the 19:01 service to Paris, but as of 03:00 GMT he was still stuck on the train at the entrance to the tunnel.

He said staff had told him there was a “50% chance we go to Paris, 50% chance we go back to London”.

“I guess my new year plan is in the hands of the tunnel operators now,” the 27-year-old Parisian said.

Eurostar said it planned to run all of its services on Wednesday but warned there may still be some delays and cancellations.

The service from London to Paris scheduled for 06:00 GMT has been cancelled.

The problem with the overhead power supply and a broken down LeShuttle train blocked all routes on Tuesday, causing disruptions for thousands trying to get away for New Year’s Eve.

Some Eurostar and LeShuttle services had resumed on Tuesday evening, but delays remained, with only one of the tunnel’s two rail lines open.

Getlink, which runs the Channel Tunnel, said work continued through the night to fix the power issue.

On Wednesday morning, an update on Eurostar’s website said: “Services have resumed today following a power issue in the Channel Tunnel yesterday and some further issues with rail infrastructure overnight.

“We plan to run all of our services today, however due to knock-on impacts there may still be some delays and possible last-minute cancellations.

“Please check for live updates on the status of your train on the train status and timetables page.”

Dennis van der Steen, from the Netherlands, was heading home to Amsterdam to spend New Year’s Eve with his family and friends.

Instead he said he spent six hours stuck on board a Eurostar train, before it began to move again at about 03:00 GMT.

“We’re stuck,” he told the BBC.

He said there was no power onboard the train when it stopped, and that some passengers slept while others were “also very worried”. He was later told his train would continue on its journey.

Another passenger described feeling a “rollercoaster of emotions” for hours, not knowing whether the train he was on would be able to continue across the Channel or return to London.

His train eventually made it to Brussels, he said, adding: “Glad to be home, saw many families stranded.”

Kelly North and Bethany Massey-Chase tell the BBC how they’ve had to re-book their Eurostar service to Paris

Images of massive crowds of travellers stranded at London St Pancras International flooded social media following Tuesday’s power outage.

A photograph shared with the BBC by a train driver for Eurostar appeared to show overhead electrical cables strewn across the tracks.

Meanwhile, cars that had hoped to use the Channel Tunnel caused traffic jams near the LeShuttle Terminal in Folkestone.

Tim Brown, who had been trying to return to the UK after spending Christmas in Germany, told PA News he had been stuck in his car on the LeShuttle train for more than three hours with “no access to food or water”.

At least a dozen Eurostar services between the UK, France, Belgium and the Netherlands had been cancelled by midday on Tuesday.

The rail operator apologised and said passengers could rearrange their plans free of charge or can cancel their booking and get a refund or an e-voucher.

On Tuesday, Eurostar has urged its customers “to rebook their journey for another day if possible, with free exchanges available”.

“We also advise customers not to come to our stations if their trains have been already been cancelled.”

Source link

12/30/2025
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Dec 30, 2026Ravie LakshmananMalware / Cyber Espionage
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia.

The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting government organizations in Southeast and East Asia, primarily Myanmar and Thailand.

“The driver file is signed with an old, stolen, or leaked digital certificate and registers as a minifilter driver on infected machines,” the Russian cybersecurity company said. “Its end-goal is to inject a backdoor trojan into the system processes and provide protection for malicious files, user-mode processes, and registry keys.”

The final payload deployed as part of the attack is TONESHELL, an implant with reverse shell and downloader capabilities to fetch next-stage malware onto compromised hosts. The use of TONESHELL has been attributed to Mustang Panda since at least late 2022.

As recently as September 2025, the threat actor was linked to attacks targeting Thai entities with TONESHELL and a USB worm named TONEDISK (aka WispRider) that uses removable devices as a distribution vector for a backdoor referred to as Yokai.

The command-and-control (C2) infrastructure used for TONESHELL is said to have been erected in September 2024, although there are indications that the campaign itself did not commence until February 2025. The exact initial access pathway used in the attack is not clear. It’s suspected that the attackers abused previously compromised machines to deploy the malicious driver.

The driver file (“ProjectConfiguration.sys”) is signed with a digital certificate from Guangzhou Kingteller Technology Co., Ltd, a Chinese company that’s involved in the distribution and provisioning of automated teller machines (ATMs). The certificate was valid from August 2012 to 2015.

Given that there are other unrelated malicious artifacts signed with the same digital certificate, it’s assessed that the threat actors likely leveraged a leaked or stolen certificate to realize their goals. The malicious driver comes fitted with two user-mode shellcodes that are embedded into the .data section of the binary. They are executed as separate user-mode threads.

“The rootkit functionality protects both the driver’s own module and the user-mode processes into which the backdoor code is injected, preventing access by any process on the system,” Kaspersky said.

The driver has the following set of features –
- Deny attempts to create or open Registry keys that match against a protected list by setting up a RegistryCallback routine and ensuring that it operates at an altitude of 330024 or higher
- Interfere with the altitude assigned to WdFilter.sys, a Microsoft Defender driver, and change it to zero (it has a default value of 328010), thereby preventing it from being loaded into the I/O stack
- Intercept process-related operations and deny access if the action targets any process that’s on a list of protected process IDs when they are running
- Remove rootkit protection for those processes once execution completes
“Microsoft designates the 320000–329999 altitude range for the FSFilter Anti-Virus Load Order Group,” Kaspersky explained. “The malware’s chosen altitude exceeds this range. Since filters with lower altitudes sit deeper in the I/O stack, the malicious driver intercepts file operations before legitimate low-altitude filters like antivirus components, allowing it to circumvent security checks.”

The driver is ultimately designed to drop two user-mode payloads, one of which spawns an “svchost.exe” process and injects a small delay-inducing shellcode. The second payload is the TONESHELL backdoor that’s injected into that same “svchost.exe” process.

Once launched, the backdoor establishes contact with a C2 server (“avocadomechanism[.]com” or “potherbreference[.]com”) over TCP on port 443, using the communication channel to receive commands that allow it to –
- Create temporary file for incoming data (0x1)
- Download file (0x2 / 0x3)
- Cancel download (0x4)
- Establish remote shell via pipe (0x7)
- Receive operator command (0x8)
- Terminate shell (0x9)
- Upload file (0xA / 0xB)
- Cancel upload (0xC), and
- Close connection (0xD)
The development marks the first time TONSHELL has been delivered through a kernel-mode loader, effectively allowing it to conceal its activity from security tools. The findings indicate that the driver is the latest addition to a larger, evolving toolset used by Mustang Panda to maintain persistence and hide its backdoor.

Memory forensics is key to analyzing the new TONESHELL infections, as the shellcode executes entirely in memory, Kaspersky said, noting that detecting the injected shellcode is a crucial indicator of the backdoor’s presence on compromised hosts.

“HoneyMyte’s 2025 operations show a noticeable evolution toward using kernel-mode injectors to deploy TONESHELL, improving both stealth and resilience,” the company concluded.

“To further conceal its activity, the driver first deploys a small user-mode component that handles the final injection step. It also uses multiple obfuscation techniques, callback routines, and notification mechanisms to hide its API usage and track process and registry activity, ultimately strengthening the backdoor’s defenses.”
Source link
12/30/2025
MADD urges safe celebrations as New Year’s Eve approaches

MARYVILLE, Mo. – As people prepare to ring in the New Year, Mothers Against Drunk Driving (MADD) is reminding the public to celebrate responsibly and plan ahead for a safe ride home.

“Go out, celebrate, have a great time, make wonderful memories, but make them responsibly,” said Tabitha Perkins, State Executive Director for MADD Missouri.

While the calendar may be turning, Perkins says MADD’s mission remains the same: preventing and stopping impaired driving.

This New Year’s Eve marks the 30th year MADD Missouri will host its annual awareness event at the Waterway Car Wash in Brentwood. Volunteers will engage with drivers and tie red ribbons to vehicles as a visible reminder of the impact impaired driving can have on families and communities.

“We’re going to tie a red ribbon on your car,” Perkins said. “We’re going to engage with you in a nice manner just to remind you about what the impact impaired driving has.”

Close

Thanks for signing up!

Watch for us in your inbox.

Subscribe Now

She added that the presence of victims and survivors is especially meaningful.

“The most important thing is for our victims and survivors to be able to speak firsthand to the general public and remind them about the impact that it’s had on them,” she added.

The event will take place from 11:00 a.m. to 1:00 p.m. at Waterway Richmond Heights, located at 1200 S. Brentwood Blvd., Richmond Heights, MO 63117.

Law enforcement is also preparing for a busy night.

The St. Louis Metropolitan Police said officers will be patrolling the roads looking for impaired drivers.

“Plan ahead,” said SLMPD’s Sean Mazzola. “Make sure you have a designated driver. Utilize rideshare.”

Perkins echoed that message, encouraging people to budget for a safe ride home.

“When you leave the house tomorrow night, and you have 50, 60 bucks, a couple hundred bucks to go out for the evening, set aside some money for a sober driver,” she said. “In today’s society, you push a button on your phone, and you can have a rideshare vehicle in front of the establishment within five to10 minutes—and that’s what we encourage everybody to do.”

Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

For the latest news, weather, sports, and streaming video, head to FOX 2.

Source link

12/30/2025