Security News

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps. A ban on 34 apps was among the nuggets of news revealed, with their banishment from local app stores the result of a departmental trawl of 320,000 apps offered in local download-marts.

The bug exists in the Citrix Application Delivery Controller and Gateway, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web. Microsoft bugs are well-represented, including the BlueKeep RCE bug in Remote Desktop Services, which is still under active attack a year after disclosure.

Sweden is banning Chinese tech companies Huawei and ZTE from building new high-speed wireless networks after a top security official called China one of the country's biggest threats. The Swedish telecom regulator said Tuesday that four wireless carriers bidding for frequencies in an upcoming spectrum auction for the new 5G networks must not use equipment from Huawei or ZTE. Wireless carriers that plan to use existing telecommunications infrastructure for 5G networks must also rip out any existing gear from Huawei or ZTE, the Swedish Post and Telecom Authority said.

NATO needs a new strategic concept adjusted to the global rise of new technologies, terrorism and China to replace a plan developed a decade ago, the head of the alliance said on Wednesday. Stoltenberg urged the Western defensive alliance of 30 states to "Develop common principles and standards for new technologies" to meet security challenges related to "Disruptive technologies" using big data and cyber telecommunications.

Russian antivirus maker Kaspersky has said it uncovered "Rogue UEFI firmware images" seemingly developed by black hats with links to China. The firm explained that UEFI firmware is "Typically shipped within SPI flash storage that is soldered to the computer's motherboard", and thus any malware injected into it is "Resistant to OS reinstallation or replacement of the hard drive." The technique shot to public prominence in 2015 when malware-for-governments purveyor Hacking Team was itself hacked, with details of its firmware-level spyware becoming public knowledge.

A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday. Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.

Britain's enemies are investing more and more in cyber warfare capabilities, the UK's top general has warned - singling out Russia and its "Digital authoritarianism". "China's new Strategic Support Force is designed to achieve dominance in the space and cyber domains," said the professional head of the armed forces.

The China-linked BlackTech cyber-spies have adopted new malicious tools in recent attacks, and they have started targeting the United States, Symantec security researchers revealed on Tuesday. Despite the use of undocumented malware, other artefacts observed in these attacks, including the use of previously employed infrastructure, suggest that the BlackTech threat actor is behind them.

Microsoft Reports Evolution of China-Linked Threat Actor GADOLINIUM. Microsoft this week announced that it recently removed 18 Azure Active Directory applications that were being abused by China-linked state-sponsored threat actor GADOLINIUM. Also known as APT40, TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, and Kryptonite Panda, the adversary has been active since at least 2013, mainly operating in support of China's naval modernization efforts, through targeting various engineering and maritime entities, including a U.K.-based company. The threat actor was recently observed leveraging Azure cloud services and open source tools in attacks employing spear-phishing emails with malicious attachments.

Facebook said Tuesday it derailed a network of fakes accounts out of China that had recently taken aim at the US presidential race. The takedown came as part of the social networks fight against "Coordinated inauthentic behavior" and marked the first time Facebook had seen such a campaign based in China targeting US politics, according to head of security policy Nathaniel Gleicher.