Security News

Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day
2021-09-20 01:14

Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids. In a weekend post to Tencent-operated portal qq.com, Douyin's owner ByteDance revealed that it has moved all users who have authenticated with their real names, and are under 14 years of age, into "Youth mode".

This is AUKUS for China – US, UK, Australia reveal defence tech-sharing pact
2021-09-16 03:27

Australia, the United States of America, and the United Kingdom have signed a new defence and technology-sharing pact. Dubbed AUKUS, the headline item of the pact is assistance from the UK and US to help Australia build nuclear-powered submarines that are interoperable with their own fleets.

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
2021-09-09 14:30

The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that's been around for quite a while: namely, China-linked Grayfly espionage group. According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico.

US officials, experts fear China ransacked Exchange servers for data to train AI systems
2021-08-31 19:23

The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.

UK's Surveillance Camera Commissioner grills Hikvision on China human rights abuses
2021-08-20 09:54

The China-based surveillance equipment manufacturer accused of being linked to the human rights abuse of the Uyghur ethnic minority in Xinjiang has denied any wrongdoing in a heated exchange with the UK's Surveillance Camera Commissioner. Eye-catchingly, Hikvision's denials came in a series of letters published by Surveillance Camera Commissioner Professor Fraser Sampson on the GOV.UK website.

China orders annual security reviews for all critical information infrastructure operators
2021-08-18 07:58

China's government has introduced rules for protection of critical information infrastructure. An announcement by the Cyberspace Administration of China said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe.

China stops networked vehicle data going offshore under new infosec rules
2021-08-13 06:58

China has drafted new rules required of its autonomous and networked vehicle builders. Data security is front and centre in the rules, with manufacturers required to store data generated by cars - and describing their drivers - within China.

China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems
2021-08-05 13:24

A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems. Symantec, a division of Broadcom, reported on Thursday that its threat hunter group had seen attacks launched by a threat actor against four critical infrastructure organizations in an unnamed Southeast Asian country.

Huawei to America: You're not taking cyber-security seriously until you let China vouch for us
2021-08-02 06:15

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
2021-07-29 06:26

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.