US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators…

Read More

CISA, FBI Release Guidance for Improving Cybersecurity

CISA, FBI Release Guidance for Improving Cybersecurity

On Dec. 3, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and international partners issued guidance on strengthening systems against intrusions by threat actors targeting telecommunications. The guidance was informed by recent breaches affiliated with the Chinese government. The recommendations come weeks after the FBI and CISA identified that China-affiliated threat actors had “compromised networks at multiple telecommunications companies.” Initially, the breaches were believed to target specific individuals in government or political…

Read More

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

The number of attempted ransomware attacks on Microsoft customers globally have grown dramatically in the last year, according to Microsoft’s Digital Defense report, released on Oct. 15. However, advancements in automatic attack disruption technologies have led to fewer of these attacks reaching the encryption stage. Microsoft reported 600 million cybercriminal and nation-state attacks occurring daily. While ransomware attempts increased by 2.75 times, successful attacks involving data encryption and ransom demands dropped by three-fold. The inverse…

Read More

A Microsoft under attack from government and tech rivals after 'preventable' hack ties executive pay to cyberthreats

A Microsoft under attack from government and tech rivals after 'preventable' hack ties executive pay to cyberthreats

Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer. One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described a hack of Microsoft last summer attributed to China as “preventable.” The U.S. Department of Homeland Security’s Cyber Safety Review Board pointed to “a cascade of…

Read More

US and UK go after Chinese hackers accused of state-backed operation against politicians, dissidents

US and UK go after Chinese hackers accused of state-backed operation against politicians, dissidents

WASHINGTON (AP) — Hackers linked to the Chinese government launched a sweeping, state-backed operation that targeted U.S. officials, journalists, corporations, pro-democracy activists and the U.K.’s election watchdog, American and British authorities said Monday in announcing a set of criminal charges and sanctions. The intention of the campaign, which officials say began in 2010, was to harass critics of the Chinese government, steal trade secrets of American corporations and to spy on and track high-level political…

Read More

Global security threats in 2022: Looking back to move forward

Global security threats in 2022: Looking back to move forward

Global security threats in 2022: Looking back to move forward | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. …

Read More

Security leaders assess geopolitical events affecting security in 2022

Security leaders assess geopolitical events affecting security in 2022

Security leaders assess geopolitical events affecting security in 2022 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This…

Read More

Cybersecurity Firm: What US Journalists Need To Know About The Foreign Hackers Targeting Them

Cybersecurity Firm: What US Journalists Need To Know About The Foreign Hackers Targeting Them

Photo illustration of a computer hacker. getty In the days just before the January 6 attack at the US Capitol Building in 2021, a flurry of emails with seemingly anodyne subject lines started landing in the inboxes of White House correspondents and other journalists who cover national politics. Those subject lines, pulled from recent US news articles, read like quick blasts of news filtered through a distinctly partisan lens: US issues Russia threat to China….

Read More

State-backed hackers targeted US-based journalists in widespread spy campaigns: report

State-backed hackers targeted US-based journalists in widespread spy campaigns: report

State-sponsored hackers from China, North Korea, Iran and Turkey have been regularly spying on and impersonating journalists from various media outlets in an effort to infiltrate their networks and gain access to sensitive information, according to a report released on Thursday by cybersecurity firm Proofpoint.  The report reveals that government-backed hackers used various tools to target journalists, including sending phishing emails to gain access to reporters’ work emails, social media accounts and networks. The report…

Read More