Security News
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a...
A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.
Two US government agencies, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation, warned on Wednesday that drones made in China could be used to gather information on critical infrastructure. How Wi-Fi spy drones snooped on financial firm FCC suggests licensing 5GHz spectrum to drone operators Wing, Alphabet's drone delivery unit, designs bigger bird to deliver pasta, faster US lawmakers have Chinese LiDAR on their threat-detection radar.
Over the past few administrations, the US government has worked tirelessly to rid its national networks of Chinese-made equipment from the likes of Huawei and ZTE over fears its presence could give Beijing insights into, or access to, networks relied on by the United States and its allies. RAN deployments by US carriers most feature kit from Samsung, Nokia, and Ericsson.
Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that, in concert with crypto exchanges, have led to an explosion of money laundering, cyberfraud, and cybercrime across the region and beyond. The scenario above was outlined on Monday by the United Nations Office on Drugs and Crime in a new report [PDF] titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."
Protestors reportedly used AirDrop to share anti-government material during China's long and strict COVID-19 lockdowns. Which is why Chinese authorities last week admitted that the use of AirDrop is considered problematic after police previously found inappropriate material being shared on the Beijing subway using the protocol.
Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. Ivanti believes fewer than ten victims have been successfully attacked thus far, but according to a Shodan scan by Beaumont, the number of vulnerable gateways exposed to the internet is just north of 15,000.
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of censoring its people, requesting Apple block access to mobile apps, blocking encrypted messaging apps, such as Signal, and creating the Great Firewall of China to control what sites can be visited in the country.
Shadow Play advanced six distinct narratives, with two dominant themes: that China is "Winning" a technology war with the US; and the competition for rare earth minerals. Other narratives include that "The US is headed for collapse and its alliance partnerships are fracturing; that China and Russia are responsible, capable players in geopolitics; that the US dollar and the US economy are weak; and that China is highly capable and trusted to deliver massive infrastructure projects," outlined ASPI. Infosys loses fourth senior exec.
China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The...