Security News

State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "Establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers. The advisory states that network devices are the target of this campaign and lists 16 flaws - some dating back to 2017 and none more recent than April 2021 - that the three agencies rate as the most frequently exploited.

A researcher from the Beijing Institute of Tracking and Telecommunications advocated for Chinese military capability to take out Starlink satellites on the grounds of national security in a peer-reviewed domestic journal. According to the South China Morning Post, lead author Ren Yuanzhen and colleagues advocated in Modern Defence Technology not only for China to develop anti-satellite capabilities, but also to have a surveillance system that could monitor and track all satellites in Starlink's constellation.

Infosec outfit Cybereason says it's discovered a multi-year - and very successful - Chinese effort to steal intellectual property. In the attack Cybereason claims to have spotted, Winnti starts by finding what Cybereason has described as "a popular ERP solution" that had "Multiple vulnerabilities, some known and some that were unknown at the time of the exploitation."

The Federal Bureau of Investigation warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. "The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments," the US security service said in a private industry notification issued on Tuesday.

Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords. The playbooks [PDF], which are documents that serve as info guides for Olympics-goers, instruct international visitors to download the app and use it to monitor health for 14 days prior to their departure for China.

The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a "Devastating" flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information, researchers have found. MY2022 is an app mandated for use by all attendees - including members of the press and athletes - of the 2022 Olympic Games in Beijing.

The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. Finally, the app violates China's own laws regarding privacy protection.

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security - and one of the firms is associated with HPE's Chinese joint venture H3C. A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its "Support of the military modernization of the People's Liberation Army.". The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products.

China's Ministry of State Security released details this week of three alleged security breaches that saw sensitive data illegally transferred abroad. State-sponsored Xinhua News Agency described the breaches as "Endangering the security of important data" and said by disclosing them, the Ministry sought to build awareness of non-traditional security and, by doing so, better maintain national security. The announcement, which deliberately coincides with the seventh anniversary of the country's anti-espionage law, described airline data stolen by an overseas intelligence agency, shipping data collected by a consulting firm that provided it to a foreign spy agency, and the construction of weather devices to transfer sensitive meteorological data abroad. It is unclear whether one or more foreign intelligence agencies conducted the alleged attacks, or if the actions were linked.

China's Ministry of Industry and Information Technology has responded with mild indignation to the USA's decision to revoke the operating licence that allowed China Telcom to operate in the land of the free. In a Wednesday statement, the Ministry accused the USA of using national security as a pretext for banning Chinese companies, complained that evidence of China Telecom's alleged misdeeds has not been furnished, and that the ban breaches international trade rules.