Security News

Beijing probes security at academic journal database
2022-06-27 05:30

China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure, citing national security concerns. CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China.

Beijing-backed attackers use ransomware as a decoy while they conduct espionage
2022-06-24 07:04

A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks. Cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

Beijing-backed baddies target unpatched networking kit to attack telcos
2022-06-08 07:56

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "Establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers. The advisory states that network devices are the target of this campaign and lists 16 flaws - some dating back to 2017 and none more recent than April 2021 - that the three agencies rate as the most frequently exploited.

Beijing needs the ability to 'destroy' Starlink, say Chinese researchers
2022-05-25 11:01

A researcher from the Beijing Institute of Tracking and Telecommunications advocated for Chinese military capability to take out Starlink satellites on the grounds of national security in a peer-reviewed domestic journal. According to the South China Morning Post, lead author Ren Yuanzhen and colleagues advocated in Modern Defence Technology not only for China to develop anti-satellite capabilities, but also to have a surveillance system that could monitor and track all satellites in Starlink's constellation.

Beijing-backed gang looted IP around the world for years, claims Cybereason
2022-05-05 05:45

Infosec outfit Cybereason says it's discovered a multi-year - and very successful - Chinese effort to steal intellectual property. In the attack Cybereason claims to have spotted, Winnti starts by finding what Cybereason has described as "a popular ERP solution" that had "Multiple vulnerabilities, some known and some that were unknown at the time of the exploitation."

FBI warns of 2022 Beijing Olympics cyberattack, privacy risks
2022-01-31 23:27

The Federal Bureau of Investigation warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. "The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments," the US security service said in a private industry notification issued on Tuesday.

Vulnerabilities and censorship tools among hot new features in Beijing's Olympics app
2022-01-19 18:11

Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords. The playbooks [PDF], which are documents that serve as info guides for Olympics-goers, instruct international visitors to download the app and use it to monitor health for 14 days prior to their departure for China.

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
2022-01-19 13:36

The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a "Devastating" flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information, researchers have found. MY2022 is an app mandated for use by all attendees - including members of the press and athletes - of the 2022 Olympic Games in Beijing.

Beijing 2022 Winter Olympics app bursting with privacy risks
2022-01-18 14:50

The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. Finally, the app violates China's own laws regarding privacy protection.

US bans Chinese firms – including one linked to HPE’s China JV – for feeding tech to Beijing's military
2021-11-25 01:11

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security - and one of the firms is associated with HPE's Chinese joint venture H3C. A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its "Support of the military modernization of the People's Liberation Army.". The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products.