Security News
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD (3/12): Exchange Online is not affected.
Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers. Gain access to an Exchange Server either using stolen passwords or by using zero-day vulnerabilities, and disguise themselves as a legitimate user.
An artificial intelligence commission led by former Google CEO Eric Schmidt is urging the U.S. to boost its AI skills to counter China, including by pursuing "AI-enabled" weapons - something that Google itself has shied away from on ethical grounds. "We have to develop technology that preserves our Western values, but we have to be prepared for a world in which not everyone is doing that," said Andrew Moore, a commissioner and the head of Google Cloud AI. The group has the ear of top lawmakers from both parties, but has attracted criticism for including many members who work for tech companies with big government contracts, and who thus have a lot at stake in federal rules on emerging technology.
Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid. The attack is considered the probable source of Mumbai's power outage in October of the same year.
Concerns have been raised about the security of audio data on the popular new social media app Clubhouse, according to reports from the Stanford Internet Observatory and McAfee's Advanced Threat Research team. Clubhouse did not respond to requests for comment from TechRepublic but previously told the Stanford Internet Observatory that due to concerns about data privacy breaches, the company initially banned the app from Chinese users.
A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed. Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.
Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday. In late December, a few weeks after it came to light that Texas-based IT management solutions provider SolarWinds was targeted in a sophisticated supply chain attack, researchers from several organizations revealed that one of the pieces of malware they had analyzed, dubbed Supernova, had apparently been used by a second group that was not related to the supply chain attack.
China's recent upgrades to its content-blocking Great Firewall can be circumvented, according to censorship fighters from the Great Firewall Report. Members of the group last year published a paper [PDF] detailing how China had improved the firewall to detect the use of Shadowsocks, a tool for using SOCKS5 proxies outside the Middle Kingdom to avoid the nation's internet blockades.
Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom. Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managing security threats against U.S. networks from Chinese espionage will be the "Biggest national security issue that regulators will face in the next four years."
The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters of Southwest Atlantic Ocean for maintenance and repair. These vessels left the port of Mawei on December 17, 2020 and are sailing to the fishing grounds in the international waters of the Southeast Pacific Ocean for operation.