Chinesische #Cyberkriminelle gehören weltweit zu den technisch fähigsten. Teilweise verzahnt mit staatlichen Stellen sind ihre Aktivitäten oft Teil eines Ökosystems aus Kriminalität und Wirtschaftsspionage. #cybercrime #China @z-edian.bsky.social www.golem.de/news/chinesi... (mit Testabo)
Policy Paper on “Assessing Irresponsibility in Cyber Operations” now published.
It introduces a “seven-red-flags” framework designed to help decision-makers & operators assess when cyber activities cross the line into irresponsible or unacceptable behavior.
www.interface-eu.org/publications...
Sneak peek into our upcoming paper on [working title]:
Assessing Irresponsibility in Cyber Operations
A Guide for Operators and Decision-Makers in Times of Strategic Competition
#cybersecurity #PRC #China #CyberOperations
Im Podcast "Cybersecurity ist Chefsache" habe ich mit Nico über Aktive Cyberabwehr in Deutschland gesprochen.
Hier geht es zum Podcast: www.youtube.com/watch?v=g6SP...
One person's backdoor is another person's fucked up update mechanism connecting to a random university's server in #China.
Oh #cybersecurity, you never seize to amaze me.
www.bleepingcomputer.com/news/securit...
Update about #offensive #Chinese #cyber activities.
Mastodon: infosec.exchange/@z_edian/113...
LinkedIn: www.linkedin.com/posts/dr-sve...
#cybersecurity #PRC #China #threat #APT
Aus der Tagesspiegel Background Cybersecurity-Reihe "Cybersicherheit - Forschung & Behörden: Was 2024 wichtig war – und wir uns für 2025 vornehmen sollten".
Link (Paywall): background.tagesspiegel.de/it-und-cyber...
Ein Bild sagt mehr als 1.000 Policy-Texte ...
www.bundesrechnungshof.de/SharedDocs/D...
Chinese APTs Behaving Badly
"We have no idea why attackers would do this or what benefit they would get from torching their victims’ infrastructure."
Via news.risky.biz/fcc-to-deman...
Ein paar kurze Punkte zur neuen Formulierungshilfe zum NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetzes (NIS2UmsuCG) basierend auf meiner schriftlichen Stellungnahme für die Sachverständigenanhörung im Innenausschuss.
www.linkedin.com/feed/update/...
From now on, every time there is a new proposal to backdoor e2ee apps, we're just going to point to this, right?
www.nbcnews.com/tech/securit...
Thank you for all the support!
Hot off the virtual press: our new publication, 'Vulnerability Disclosure: Guiding Governments from Norm to Action', is now available!
Check it out here:: www.interface-eu.org/publications...
#cybersecurity #vulnerability #disclosure
Noch einmal schlafen ;)
Hey everyone, INC Ransom has added A CHILDREN’S HOSPITAL to their list of victims.
Your periodic reminder that people who carry out ransomware attacks are worthless pieces of shit who deserve no mercy.
"Governments could build collaborative programs that bring together AI research institutions and cybersecurity researchers to ensure adequate expertise is dedicated to identifying and remediating security vulnerabilities."
www.aipolicyperspectives.com/p/securing-ai
#AI #vulnerabilities
"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software."
googleprojectzero.blogspot.com/2024/10/from...
#cybersecurity #machinelearning #AI #vulnerabilities
"To protect our nation’s digital infrastructure, we must adopt a “See Something, Say Something” mindset in #cybersecurity. When researchers report #vulnerabilities or evidence of breaches, organizations should engage them as partners rather than adversaries."
www.cisa.gov/news-events/...
"Between 2023 and 2024, more than 35 advisories [...] concerned zero-day vulnerabilities exploited by Chinese threat actors. These account for 41% of all advisories with a high or very high threat level"
research.cert.orangecyberdefense.com/hidden-netwo...
#Cybersecurity #China #Vulnerabilities
"Rapid exploitation of 0day vulnerabilities is the new normal"
news.risky.biz/the-plas-cyb...
#Vulnerabilities #Cybersecurity #CVD #0Day
"Nowadays, the MSS is the big kahuna and, since 2021, has been linked to the majority of cyber operations attributed to the PRC."
"PLA has been retasked to directly support military operations."
news.risky.biz/the-plas-cyb...
#China #Cybersecurity #CyberCampaigns
"Liminal Panda, an advanced persistent threat (APT) hyper-focused on gathering intelligence from telecommunications networks."
www.darkreading.com/threat-intel...
#China #Cybersecurity #APT
I wrote a very timely introduction to digital security for journalists for @gijn.org, this guidance may also apply to activists, lawyers, and anyone else doing at-risk work these days. gijn.org/resource/int...
If you're afraid of the NSA or some Russian group abusing vulnerabilities on your computer, think again.
Game developers are the real threats, and they'll proudly boast about installing rootkits on your system; just so they can make sure that their games run at 15FPS.
Hosting "my" first #UnitedNations side event in #NewYork in Dec 3. Topic: #Vulnerability Disclosure.
Big thank you to our partners, the @cyberseccenter.bsky.social and the German Ministry of Foreign Affairs.
More info: unodaweb-meetings.unoda.org/public/2024-...
#cybersecurity
interface ist jetzt permanentes Mitglied im Nationalen Cyber-Sicherheitsrat.
Mehr Infos: www.linkedin.com/posts/dr-sve...
If you've missed #BigSleep on other platforms:
Project Zero blog:
LLMs find 0days now!
And: our fuzzer setup did *not* reproduce it!
googleprojectzero.blogspot.com/2024/10/from...
If you're part of civil society and received an Apple notification. The Amnesty Security Lab would be happy to test your phone!
The Apple notification looks like this: support.apple.com/en-us/102174
The Security Lab can be contacted here: securitylab.amnesty.org/get-help/
CrowdStrike has identified a new China hacking group that's been targeting telecom networks since at least 2020.
The group has primarily targeted networks in SE Asia and Africa — but it also have the ability to use their access to breach other networks.
www.axios.com/2024/11/19/c...
