Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids. In a weekend post to Tencent-operated portal qq.com, Douyin's owner ByteDance revealed that it has moved all users who have authenticated with their real names, and are under 14 years of age, into "Youth mode".
Australia, the United States of America, and the United Kingdom have signed a new defence and technology-sharing pact. Dubbed AUKUS, the headline item of the pact is assistance from the UK and US to help Australia build nuclear-powered submarines that are interoperable with their own fleets.
The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that's been around for quite a while: namely, China-linked Grayfly espionage group. According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico.
The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.
The China-based surveillance equipment manufacturer accused of being linked to the human rights abuse of the Uyghur ethnic minority in Xinjiang has denied any wrongdoing in a heated exchange with the UK's Surveillance Camera Commissioner. Eye-catchingly, Hikvision's denials came in a series of letters published by Surveillance Camera Commissioner Professor Fraser Sampson on the GOV.UK website.
China's government has introduced rules for protection of critical information infrastructure. An announcement by the Cyberspace Administration of China said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe.
China has drafted new rules required of its autonomous and networked vehicle builders. Data security is front and centre in the rules, with manufacturers required to store data generated by cars - and describing their drivers - within China.
A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems. Symantec, a division of Broadcom, reported on Thursday that its threat hunter group had seen attacks launched by a threat actor against four critical infrastructure organizations in an unnamed Southeast Asian country.
Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.
Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.