Posts

US officials, experts fear China ransacked Exchange servers for data to train AI systems • The Register

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


In brief The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.

The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement.

It’s said the crew exploited four zero-days in Redmond’s mail software in a chain to hijack the servers and siphon off data. And what started small turned into what Chang Kawaguchi, CISO for Microsoft 365, told NPR this month was the fastest scale-up of a cyber-attack he’d ever seen.

US government officials, and those in the infosec industry, are apparently concerned that, given the wide range of organizations targeted – from big biz to shops, dentists, and schools – the Chinese government could be trying to train machine-learning systems on mountains of Americans’ messages, calendars, and files.

And this Exchange harvesting is on top of the huge databases of personal information already swiped from the US government and the private sector.

“The Chinese have more data than we have on ourselves,” William Evanina, a former director of the National Counterintelligence and Security Center, was quoted as saying.

“So you have the OPM data breach,” he continued, “you have an entire security clearance file for someone, you have Anthem records, you have his Marriott point record, credit cards, Equifax, his loans, his mortgages, his credit score. They know everything about you before they even bump you on a cruise or on a vacation.”

Evanina spoke more on the threat from China here [PDF] before the Senate intelligence committee at the start of August, if you’re interested.

We hope you’ve patched ProxyToken, aka CVE-2021-33766, in July’s Patch Tuesday patch from Microsoft for Exchange…

Source…

How China’s new data laws will make cross-border business much harder – South China Morning Post

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360



How China’s new data laws will make cross-border business much harder  South China Morning Post

Source…

China eyes pushing US IPO-bound firms to hand over data control: Sources

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


HONG KONG: Chinese regulators are considering pressing data-rich companies to hand over management and supervision of their data to third-party firms if they want US stock listings, sources said, as part of Beijing’s unprecedented scrutiny of private sector firms.

The regulators believe bringing in third-party information security firms, ideally state-backed, to manage and monitor IPO hopefuls’ data could effectively limit their ability to transfer Chinese onshore data overseas, one of the people said.

That would help ease Beijing’s growing concerns that a foreign listing might force such Chinese companies to hand over some of their data to foreign entities and undermine national security, added the person.

The plan is one of several proposals under consideration by Chinese regulators as Beijing has tightened its grip on the country’s internet platforms in recent months, including looking to sharpen scrutiny of overseas listings.

The crackdown, which has smashed stocks and badly dented investor sentiment, has particularly targeted unfair competition and internet companies’ handling of an enormous cache of consumer data, after years of a more laissez-faire approach.

A final decision on the IPO-bound companies’ data handover plan is yet to be made, said the sources, who declined to be identified due to the sensitivity of the matter.

The regulatory officials have discussed the plan with capital market participants, said one of the sources, as part of moves to strengthen supervision of all Chinese firms listed offshore.

IPO advisers are hopeful a formal framework on the data handover issue could be delivered in September, said the source.

The China Securities Regulatory Commission (CSRC) and the Cyberspace Administration of China (CAC) did not respond to faxed requests for comment.

Chinese regulators have recently put companies’ overseas listing plans, particularly in the United States, on hold pending new rules on data security.

Last month, the CAC proposed draft rules calling for companies with over 1 million users to undergo security reviews before listing overseas.

The US Securities and Exchange Commission, which oversees US-listings, did not immediately respond to a request for…

Source…

Is China’s Communist Party killing initiative with top-down command chain? – South China Morning Post

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360



Is China’s Communist Party killing initiative with top-down command chain?  South China Morning Post

Source…