Parent company, ByteDance, says action is ‘misguided’ and has contacted commission to ‘set the record straight’ The EU’s executive body has banned its thousands of staff from using TikTok over cybersecurity concerns, a decision the Chinese-owned social video app has criticised as “misguided” and based on “fundamental misconceptions …
Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life …
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself …
A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm …
Today I have some squid geopolitical news. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
Privacy policy update confirms data of continent’s users available to range of TikTok bases including in Brazil, Israel and US TikTok is spelling out to its European users that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about …
China claims that it is “engaging in responsible squid fishing”: Chen Xinjun, dean of the College of Marine Sciences at Shanghai Ocean University, made the remarks in response to recent accusations by foreign reporters and actor Leonardo DiCaprio that China is depleting its own fish stock and that Chinese …
This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The …
Personal information allegedly taken from Shanghai police database would be one of biggest data breaches in history A hacker has claimed to have stolen the personal information of 1 billion Chinese citizens from a Shanghai police database, in what would amount to one of the biggest data breaches in …
Enlarge (credit: FT montage | Getty Images | Dreamstime ) Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching Western targets for spying and translating hacked documents as part of Beijing’s industrial-scale intelligence regime. The Financial Times has …
China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games …
Enlarge (credit: Matejmo | Getty Images) Hackers including Chinese state-backed groups have launched more than 840,000 attacks on companies globally since last Friday, according to researchers, through a previously unnoticed vulnerability in a widely used piece of open-source software called Log4J. Cyber security group Check Point said the attacks …
Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and …
Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s …
LightBasin hackers were able to obtain subscriber information and call metadata, says CrowdStrike At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said. The roaming hackers – known as LightBasin – were …
The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they …
We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. [...]
I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents. [...]
China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than …
News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down several PLA …
Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. [...]
Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance. [...]
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that …
Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and …
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. [...]