The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities,” alerting IT professionals to 25 vulnerabilities that Chinese state-sponsored hackers are using against U.S. businesses that “can be exploited to gain initial access to victim networks using products that are directly accessible from the … Continue Reading
The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Flash Alert to U.S. based businesses doing business in China about a remote targeting campaign whereby the tax software that Chinese domestic banks require foreign companies to install is loaded with malware. Trustwave researchers warned in June … Continue Reading
This week, China-based DJI, the drone industry’s leading manufacturer of drones, issued a public statement regarding the recent reports released by cybersecurity researchers (neither Synacktiv nor GRIMM) about the security of its drones’ control app. In two reports, the researchers claimed that an app on Google’s Android operating system that powers DJI drones collects large … Continue Reading
Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a … Continue Reading
Last week, a medical delivery drone flying from the People’s Hospital of Xinchang County to the disease control center there successfully completed the air transport of needed medical quarantine supplies and patient samples in the coronavirus outbreak. This is the first launch of Antwork’s “urban air transportation channel” to help fight the coronavirus outbreak in … Continue Reading
Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China. As we have seen with other public concerns, cyber criminals and threat actors … Continue Reading
The U.S. Interior Department (the Interior) authorized government officials to buy drones from DJI Technology (DJI) after a previous warning that the company may act as a channel for Chinese government espionage. However, Mark Bathrick, Director of the Office of Aviation Services, said, “[This authorization is] a very narrow, very specific, very limited authorization. We’re … Continue Reading
DJI, a supplier of approximately 70 percent of all drones in the United States, announced this week that it will begin manufacturing some of its products in the U.S. DJI plans to repurpose a warehouse in Cerritos, California to assemble a new version of a drone that has been popular among federal and local government … Continue Reading
Earlier this month, a federal grand jury returned an indictment charging a Chinese national and another individual as part of an extremely sophisticated hacking group operating in China that targeted large businesses in the United States, including health insurer Anthem. The indictment stemmed from an investigation by the FBI in which Anthem cooperated, earning praise … Continue Reading
Vicious malware continues to be deployed by China-based attackers. A new strain of malware, dubbed “HiddenWasp,” which has the ability to remotely infect computers, has been discovered by a security researcher at Intezar. The malware is believed to have originated from a Chinese forensics firm; the malware is hosted by servers owned by a Hong … Continue Reading
I attended a meeting of cybersecurity professionals recently and overheard several of them talking about their new security cameras and how great it is to see everyone who comes up the driveway and to the front door, and monitors the family members and pets in the home. One mentioned how his wife doesn’t approve of … Continue Reading
In an effort to phase out what many in the security world believe are threats to the cybersecurity posture of governmental agencies and private entities alike, John Quinn, the Chief Information Officer of the State of Vermont, recently issued a memo to all state offices requesting that they determine whether any hardware or software manufactured … Continue Reading
Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading
Chinese cyber espionage and cyber-attack capabilities will continue to support China’s national security and economic priorities,” says Dan Coats, the Director of National Intelligence “Americans should not buy Huawei or ZTE products.” In March 2017 the Chinese Telecom company, ZTE, plead guilty to shipping US technology to Iran and North Korea, and reached a settlement … Continue Reading
Just before the false alarm last weekend in Hawaii when residents were erroneously warned of an impending missile attack, think tank Chatham House issued a report stating that it had identified vulnerabilities in nuclear weapons systems located throughout the world that made them susceptible to malware and ransomware attacks that could lead to inadvertent missile … Continue Reading
Last week, the U.S. Army issued a memorandum discontinuing the use of DJI drone products due to cybersecurity concerns. The memorandum said, “Due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt use of all DJI products. This guidance applies to all DJI UAS and any … Continue Reading
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye. Simplistically, it is because those who pay attention to security patches that they receive from technology vendors … Continue Reading
On January 17, 2017, officials in Farmington, Connecticut disclosed that the town was recently the victim of a multi-million dollar theft likely perpetrated by sophisticated cybercriminals operating in China. The thieves intercepted a $2 million dollar Automated Clearing House (ACH) transfer that was intended as payment to a local company for work on a large … Continue Reading
JW Marriott Hotel & Resorts (Marriott) and DJI, one of the world’s largest drone makers, have partnered up to launch the hotel chain’s first Drone Experience Program; a program which will provide guests with the opportunity to test drive DJI’s innovative drone technology. Marriott guests will use a DJI drone to view the Marriott’s properties, … Continue Reading
TruShield released its 2015 Annual Cyber Threat Intelligence Report, and the outlook: 2016 will see even more ransomware and phishing attacks than last year. And guess who is facing the biggest threat? Law firms. Paul Caiazzo, principal, chief security architect for TruShield says, “The attackers know law firms process highly sensitive information for their clients, … Continue Reading
United Airlines has confirmed that it has suffered a data and network breach that occurred during the same time frame as the OPM breach. Investigators suspect the same Chinese state-sponsored hackers are responsible for both breaches. One theory being advanced about the connection between the two breaches is that the Chinese state-sponsored hackers are targeting specific … Continue Reading
