Security News

Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.

TikTok, the controversial and wildly popular social video app maker, announced on Thursday that Roland Cloutier will join the company as Chief Information Security Officer. Cloutier joins TikTok from ADP where he served as SVP and Chief Security Officer, overseeing the company's cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. Senator Josh Hawley, who convened the hearing, said he was introducing a bill to ban TikTok from all US government devices, calling it "a major security risk for the American people."

The Chinese company claims it's aware of attacks launched by the CIA between September 2008 and June 2019. "In the CIA's attack against Chinese aviation organizations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns," Qihoo said in an English-language blog post.

Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The claims made by the company are based on the evidential connection between tools, tactics, and procedures used by a hacking group, dubbed 'APT-C-39' against Chinese industries, and the 'Vault 7' hacking tools developed by the CIA. As you may remember, the massive collection of Vault 7 hacking tools was leaked to the public in 2017 by the whistleblower website Wikileaks, which it received from Joshua Adam Schulte, a former CIA employee who is currently facing charges for leaking classified information.

The latest in a string of China-linked hacking incidents came with the Monday indictment of four members of the Chinese military for breaking into the credit-reporting agency Equifax in 2017. The motives, as with several others hacks that preceded it, appear to be more about espionage than stealing trade secrets, cybersecurity experts say.

The takedown of Equifax begs the question of whether attackers might also have been camping out in the networks of other consumer credit reporting agencies - Experian, TransUnion and others - as well as other data brokers. Interesting overlay: In 2015, President Barack Obama threatened China with severe sanctions if it didn't cease its hack attack ways, and in September of that year, he reached a landmark agreement with Chinese President Xi Jinping, which aimed to put intellectual property off limits for nation-state espionage operators.

The US Justice Department on Monday accused the hackers of stealing the sensitive personal information of some 145 million Americans, in one of the world's largest-ever data breaches. Since then hotels giant Marriott lost data on some 500 million global customers to hackers believed to be Chinese.

British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed. On top of that, the supersonic stealth jet project's move towards Agile methodology for "Minimum viable product"-phased development of critical flight and weapons software every six months is a "High risk" strategy, according to DOTE. The F-35B fleet worldwide needs to rack up 75,000 flight hours before DOTE thinks it has gathered enough data to meet the contract spec.

A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong. Researchers at security shop ESET say the Winnti Group, a hacking operation believed to be backed by the Chinese government, has begun targeting the networks and accounts of at least five universities in Hong Kong.