Tag: china
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025. First seen on securityboulevard.com Jump to…
-
Chinese Hackers Game Google to Boost Gambling Sites
New threat actor GhostRedirector is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/chinese-hackers-google-boost-gambling-sites
-
China-aligned crew poisons Windows servers to manipulate Google results
Defrauding search with custom malware, Potato-family exploits First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/new_chinaaligned_crew_poisons_windows_servers/
-
Czech Warning Highlights China Stealing User Data
Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/czech-warning-highlights-china-stealing-user-data
-
GhostRedirector Emerges as New China-Aligned Threat Actor
A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ghostredirector-new-china-threat/
-
Czech cyber agency warns against using services and products that send data to China
Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic’s NÚKIB, “making trust in the reliability of the provider absolutely crucial.” First seen on therecord.media Jump to article: therecord.media/czech-nukib-warns-against-products-sending-data-china
-
Czech cyber agency warns against using services and products that send data to China
Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic’s NÚKIB, “making trust in the reliability of the provider absolutely crucial.” First seen on therecord.media Jump to article: therecord.media/czech-nukib-warns-against-products-sending-data-china
-
Google Fined $379 Million by French Regulator for Cookie Consent Violations
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (Euro325 million) and $175 million (Euro150 million), respectively, for violating cookie rules.Both companies set advertising cookies on users’ browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply…
-
France fines Google, SHEIN for undercooked cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
Chinese APT Groups Exploit Router Flaws to Breach Enterprises
Chinese state-sponsored Advanced Persistent Threat (APT) groups have escalated their cyber espionage campaigns, systematically targeting global telecommunications, government, and military networks through sophisticated router exploitation techniques since 2021. Since at least 2021, Chinese state-sponsored cyber actors have been conducting extensive, stealthy operations to infiltrate and control key network devices across critical sectors worldwide. These malicious…
-
France fines Google, SHEIN, for undercooked Cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
France fines Google, SHEIN, for undercooked Cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
US sues robot toy maker for exposing children’s data to Chinese devs
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sues-robot-toy-maker-for-exposing-childrens-data-to-chinese-devs/
-
FTC fines toy manufacturer for allowing Chinese third-party to collect kids’ data
The complaint alleges that the toy manufacturer Apitor published a privacy policy saying that it complied with the Children’s Online Privacy Protection Rule, but in reality violated the law by collecting the location data from children without parental consent. First seen on therecord.media Jump to article: therecord.media/chinese-toy-manufacturer-fine-ftc-kids-data
-
Detecting Data Leaks Before Disaster
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability…
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Silver Fox APT Abuses Windows Driver in Active Campaign
Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected. A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/silver-fox-apt-abuses-windows-driver-in-active-campaign-a-29351
-
CISSP certification: Requirements, training, exam, and cost
Tags: access, business, china, ciso, cloud, computer, credentials, cybersecurity, government, guide, infosec, jobs, linkedin, network, risk, risk-management, skills, trainingWho should get a CISSP?: CISSP has been called the “gold standard” of security certifications. “From the hiring side, the CISSP remains one of the most valued certifications I look for,” says Ankit Gupta, Senior Security Engineer at Exeter Finance. “It shows a candidate has a firm grasp of security principles across multiple domains, and…
-
China Is About to Show Off Its New High-Tech Weapons to the World
On September 3, China will hold a “Victory Day” military parade in Tiananmen Square to celebrate the 80th anniversary of its victory over Japan”, and to send the West a message. First seen on wired.com Jump to article: www.wired.com/story/china-victory-day-parade-weapons/
-
Länderdomain-Ranking: Deutschland auf Platz 2 China global führend
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/laenderdomain-ranking-deutschland-auf-platz-2-china-global-fuehrend
-
DOGE Put Everyone’s Social Security Data at Risk, Whistleblower Claims
Plus: China’s Salt Typhoon hackers target 600 companies in 80 countries, Tulsi Gabbard purges CIA agents, hackers knock out Iranian ship communications, and more. First seen on wired.com Jump to article: www.wired.com/story/doge-social-security-data-at-risk-whistleblower/
-
Chinese hacking group Salt Typhoon expansion prompts multinational advisory
Tags: advisory, attack, authentication, breach, china, cisco, communications, container, corporate, country, cyber, data, exploit, firmware, flaw, government, group, hacking, infrastructure, intelligence, Internet, ivanti, malware, military, monitoring, network, password, router, service, software, technology, threat, update, vulnerability, zero-dayIvanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,”…
-
Pentagon Probes Microsoft’s Use of Chinese Coders
Defense Department Suspends, Reviews Microsoft ‘Digital Escorts’ Program. The Pentagon is reviewing Microsoft’s decade-long use of digital escorts – U.S.-based staff who review code from Chinese engineers – into military cloud systems, a workaround now deemed a breach of trust that may have exposed sensitive but unclassified government data. First seen on govinfosecurity.com Jump to…
-
Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
Tags: access, advisory, attack, authentication, china, cisa, cisco, credentials, cve, cyber, cybersecurity, data, espionage, exploit, firewall, fortinet, germany, government, identity, infrastructure, injection, ivanti, kev, malicious, microsoft, military, mitigation, mitre, network, remote-code-execution, risk, software, tactics, threat, update, vulnerability, zero-dayAn analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ)…
-
Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots
The admin controls were left wide open on Pudu’s robots First seen on theregister.com Jump to article: www.theregister.com/2025/08/29/pudu_robots_hackable/
-
Top FBI official says Chinese reliance on domestic firms for hacking is a weakness
Jason Bilnoski with the FBI’s cyber division told CyberScoop that investigators seized on the mistakes of companies China has used in its widespread cyberespionage. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-domestic-tech-company-hacking-weakness-ccp-fbi/