Subterms
Image: Getty/iStockphoto Apple has released patches to address kernel flaws affecting iOS/iPadOS 15 and macOS Big Sur and Catalina that are under attack. Apple in an advisory says the two newly disclosed kernel flaws “may have been actively exploited”. One kernel flaw, tracked as CVE-2022-32917, is addressed in iOS/iPadOS 15.7, macOS Monterey 12.6 and macOS […] More
China has released a report that reveals the US National Security Agency (NSA) used multiple cybersecurity tools in its recent attacks against a Chinese university. Amongst these are sniffing and Trojan programs, which Chinese researchers say led to the theft of a “large amount of sensitive data”. China’s National Computer Virus Emergency Response Center (CVERC) on Tuesday said “41 types of cyber weapons” were tapped by NSA’s hacking unit, Tailored Access Operations (TAO), in the cyber attacks targeting China’s Northwestern Polytechnical University. Located in the Chinese city of Xi’an, the university describes itself as a research-focused institution with disciplines in aeronautics, astronautics, and marine technology engineering. It is affiliated with China’s Ministry of Industry and Information Technology.The university is on the US government’s Entity List alongside several other Chinese educational institutions, including Sichuan University and Beijing University of Aeronautics and Astronautics. US companies are prohibited from exporting or transferring specific items to companies on the list unless they have procured a licence from their government to do so.According to a report by state-owned news agency Xinhua, CVERC revealed that amongst the security tools TAO used was a sniffing program CVERC dubbed “Suctionchar”. One of the key components that resulted in the data theft, Suctionchar was capable of stealing accounts and passwords used in remote management and file transfer services on targeted servers, CVERC said in its report, which was released in collaboration with Chinese cybersecurity vendor, Beijing Qi’an Pangu Laboratory Technology.”Suctionchar can run stealthily on target servers, monitor in real-time users’ input on the terminal program of the operating system console, and intercept all kinds of user names and passwords,” the report noted, adding that these credentials then could be used to breach other servers and network devices.In its attacks against Northwestern Polytechnical University, TAO had used Suctionchar with other components of a Trojan program, Bvp47, which Pagu Lab referred to as a backdoor tool developed by the Equation Group, which reportedly was linked to TAO.According to the Chinese security vendor, Bvp47 had been deployed in attacks targeting 45 global markets for more than a decade and had breached 64 systems in China. Attack tools not newA cybersecurity vendor, though, noted that the technical research detailed in the report appeared to focus on “years-old implants” that had been widely known for several years now. Speaking to ZDNET on the condition of anonymity, a spokesperson from the security vendor said there was consensus amongst cybersecurity experts from the West that the attacks targeting Northwestern Polytechnical University appeared to be an espionage operation. He noted that the Chinese university seemed to be involved in the development of modern weapons, which might make it an attractive target. Pointing to the report released by CVERC and Pangu Labs, he said the details appeared to focus on hacking tools used in previous leaks that were uncovered in 2016, collectively known as Shadow Brokers. He added that it remained unclear what new technical evidence was disclosed in Tuesday’s announcement, but noted that he drew his reference from information that was available in English. He said cyber espionage was “nothing new” and the US had not denied their involvement in such operations. China first unveiled the breach against Northwestern Polytechnical University early last week, with the national State Council Information Office publicly condemning the cyberattacks. The Chinese foreign ministry’s spokesperson Mao Ning said NSA’s cyber attacks and data theft had involved 13 personnel from the US government agency. She revealed that more than 1,000 attacks were launched against the university, during which “core technical data” was stolen. Mao said: “Security of the cyberspace is a common issue facing all countries in the world. As the country that possesses the most powerful cyber technologies and capabilities, the US should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries, [and] responsibly participate in global cyberspace governance and play a constructive role in defending cybersecurity.” She added that the US had “long carried out indiscriminate audio surveillance” against Chinese users, stealing text messages and conducting geolocation positioning. She said the US posed a “serious danger” to China’s national security and citizens’ personal data security.RELATED COVERAGE More
monticello/Shutterstock Those of you who use Microsoft Edge want to make sure that your security is as tight as possible. And Edge offers a variety of settings to help you reach that goal. A SmartScreen option will protect you from malicious websites and files. An option for potentially unwanted apps blocks downloads of suspicious or […] More
Windows 11 is about to celebrate its first birthday and deliver its first big feature update. Based on my reading of the feedback from early adopters, though, I’m not sure how many people are going to show up for the party. You don’t have to spend a lot of time in support forums and other […] More
From a consumer perspective, not much. Yes, it’s easier to pick a menu item than swap those fiddly little nano-SIM cards, but that’s about it. SIMlessness isn’t really a feature that will sell iPhones.From Apple’s perspective, had they only one variant, you could say that it was simplifying the circuit. But since Apple appears to be supporting some SIM-free phones, some with SIM and eSIM, and dual SIM in China, that simplification benefit isn’t there.From the perspective of major carriers, it somewhat herds users into the premium carrier club, preventing iPhone 14 users in the US from using cheap seat carriers like Ting.From the perspective of law enforcement, iPhones 14s will be easier to trace back to their owners, but all of the other legendary iPhone privacy features remain intact.So there you go. Are you concerned about losing physical SIM cards? Do you travel? Will using your iPhone 14 in China be an issue for you? Let us know in the comments below. More
<figure uuid="d87dd592-287c-4a03-99a7-e61544b589b0" size="original" float="none" image-caption=" A woman looking stressed out in front of a laptop in an office meeting room. ” image-credit=”Image: Getty/VioletaStoimenova” image-alt-text=”a-woman-looking-stressed-out-in-front-of-a-laptop-in-an-office-meeting-room” image-filename=”a-woman-looking-stressed-out-in-front-of-a-laptop-in-an-office-meeting-room.jpg” image-date-created=”2022/09/09″ image-width=”2141″ image-height=”1401″ image-do-not-crop=”false” image-do-not-resize=”false” image-watermark=”false” lightbox=”false” preload=”true” class=”c-shortcodeImage u-clearfix c-shortcodeImage-large c-shortcodeImage-hasCaption”> A woman looking stressed out in front of a laptop in an office meeting room. Image: Getty/VioletaStoimenovaRansomware is […] More
ExpressVPN specificationsSimultaneous connections: 5Kill Switch: YesPlatforms: Windows, macOS, iOS, Android, Linux, and moreLogging: No browsing logs, some connection logsSupports torrenting/P2P: YesCountries: 94Money-back guarantee: 30 daysExpressVPN has an exceptionally large network of servers in 94 countries. Not only that, but it’s an exceptionally fast VPN, our sister site CNET found that it only cut speeds by 2%. Because of the encryption and server you route through, a VPN will slow down your internet connection, but 2% is unreasonably low.Exclusive offer: Get an additional three months free More
Getty State-back hackers behind the infamous crypto-stealing group Lazarus are now using the Log4shell flaw to breach energy firms in North America and Japan for espionage. Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open source application logging component — in unpatched internet-facing VMware’s Horizon servers to gain initial […] More
