Security News

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.

The French National Agency for the Security of Information Systems on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks. The agency has shared indicators of compromise to help organizations detect potential attacks.

China has very firmly pushed back against the accusation it paid contractors to attack Microsoft's Exchange Server. The USA, UK, NATO and other nations on Monday named China as the source of the attack.

Three US senators have written to their nation's Olympic Committee with a request that it "Forbid American athletes from receiving or using Digital Yuan during the Beijing Olympics" - a reference to the Winter Games scheduled to commence on February 4th, 2022. "While the Chinese Communist Party insists their efforts are aimed at digitizing bank notes and coins, Olympic athletes should be aware that the Digital Yuan may be used to surveil Chinese citizens and those visiting China on an unprecedented scale," wrote [PDF] Senators Marsha Blackburn, Roger Wicker and Cynthia Lummis.

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security. "In a statement issued by the White House on Monday, the administration said,"with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.

The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors. "CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.

China on Tuesday said the US had "Fabricated" allegations it carried out a massive Microsoft hack, countering that Washington was the "World champion" of cyber attacks while raging at American allies for signing up to a rare joint statement of condemnation. The United States on Monday accused Beijing of carrying out the March cyber attack on Microsoft Exchange, a top email server for corporations around the world, and charged four Chinese nationals over the "Malicious" hack.

The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes. The United States and several allies have officially pointed the finger at China for the recent hack of Microsoft Exchange server as well as an ongoing series of cyberattacks carried out by contract hackers for personal profit.

The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. In a statement, the White House accused China of using "Criminal contract hackers" to conduct cyber operations.