china – Page 3 – SSL and internet security news

MacOS Zero-Day Used against Hong Kong Activists

November 12, 2021 infossl

activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised … Read More “MacOS Zero-Day Used against Hong Kong Activists” »

Nation-State Attacker of Telecommunications Networks

October 22, 2021 infossl

attribution, china, cyberespionage, espionage, hacking, Security technology, Uncategorized

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the … Read More “Nation-State Attacker of Telecommunications Networks” »

The Proliferation of Zero-days

September 24, 2021 infossl

china, exploits, hacking, Security technology, Uncategorized, zero-day

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the … Read More “The Proliferation of Zero-days” »

More Detail on the Juniper Hack and the NSA PRNG Backdoor

September 9, 2021 infossl

backdoors, china, firewall, hacking, Juniper, nsa, random numbers, Security technology, Uncategorized

We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. Powered by WPeMatico

Tetris: Chinese Espionage Tool

August 18, 2021 infossl

china, cyberespionage, espionage, Security technology, spyware, Uncategorized

I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents. Powered by WPeMatico

AI-Piloted Fighter Jets

June 25, 2021 infossl

artificial intelligence, china, cyberwar, cyberweapons, Security technology, Uncategorized

News from Georgetown’s Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down several PLA pilots during a handful of virtual exercises … Read More “AI-Piloted Fighter Jets” »

The Story of the 2011 RSA Hack

May 27, 2021 infossl

china, cybersecurity, hacking, rsa, Security technology, supply chain, Uncategorized

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. Powered by WPeMatico

Apple Censorship and Surveillance in China

May 19, 2021 infossl

apple, censorship, china, privacy, Security technology, surveillance, Uncategorized

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance. Powered by WPeMatico

More on the Chinese Zero-Day Microsoft Exchange Hack

March 10, 2021 infossl

china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

Four Microsoft Exchange Zero-Days Exploited by China

March 4, 2021 infossl

china, microsoft, patching, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Powered by WPeMatico