China

Trend Micro anti-virus zero-day exploited in attack on Mitsubishi Electric

There is some egg on the face of Trend Micro after it is revealed their anti-virus software was exploited to steal data from Mitsubishi Electric, but they aren’t the real villains of the story.

Chinese tech firm Huawei says it was hacked by the United States

The Chinese technology giant says the United States has launched hacking attacks against its intranet and internal network.

But attributing a cyber attack to a particular party is notoriously difficult. It would certainly be just as fascinating to see Huawei’s reasons why it believes the USA hacked it, as to see what evidence the United States has against Huawei.

YouTube joins Facebook and Twitter, disabling accounts targeting Hong Kong protests

Good luck to the social media sites playing whack-a-mole as they try to police the activities of state-sponsored groups trying to influence the public’s opinion with co-ordinated campaigns. This isn’t going to be a problem that’s easy to fix.

Smashing Security #133: Cookie cock-ups, Hong Kong protests, and smart TV virus scans

We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won’t believe whose website is not GDPR-compliant.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.

tripwire.com

DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests

An attack which targeted users of the Telegram app on Wednesday might be linked to protests in Hong Kong that turned violent.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #129: Too Long; Didn’t Listen

Don’t hire a hacker, they might scam you! What works and what doesn’t when it comes to protecting your email account? And China’s controversial social credit system comes under the microscope.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

tripwire.com

Unsecured databases found leaking half a billion resumes onto the net, no password required

A staggering 590 million resumes have leaked from poorly-secured Chinese companies in just the last three months.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

FBI boss warns businesses of Chinese hackers stealing their intellectual property

What’s the biggest cybersecurity threat for US businesses?

If FBI chief Christopher Wray is to be believed, it’s China.

Read more in my article on the Bitdefender Business Insights blog.

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Supermicro says independent investigation found no spy chips on its motherboards

An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.

Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail

Scammers want you to send $2000 to help Huawei’s CFO bribe her way out of jail.

bitdefender.com

Chinese headmaster fired after setting up his own secret cryptomining rig at school

A Chinese headmaster has lost his job after it was discovered he was stealing the school’s electricity to power a secret cryptocurrency-mining rig.

Read more in my article on the Hot for Security blog.

Department of Homeland Security and GCHQ back Apple and Amazon’s denials they were hacked by China

The US Department of Homeland Security and UK’s GCHQ have rallied behind the vigorous denials issued by Amazon and Apple, after Bloomberg BusinessWeek reported China had planted malicious computer chips on systems used by the tech giants.

China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards

An extraordinary report released by Bloomberg BusinessWeek, which claims that China has been exploiting the supply-chain, planting a tiny microchip on servers which ended up in the server rooms of almost 30 companies, including the likes of Apple and Amazon.

Amazon staff said to be taking bribes to leak data

Often the biggest problem is not the threat of external hackers, but rather internal staff to whom you have granted access to sensitive data and who might be tempted to exploit it for financial gain.

bitdefender.com

China forces spyware onto Muslim’s Android phones, complete with security holes

Eight million Uyghurs, a Muslim ethnic group, have been ordered by the Chinese authorities to install a spyware app onto their Android smartphones. And it’s insecure…

Read more in my article on the Hot for Security blog.