Security News Roundup: Chinese Take-away

The biggest story this week. Chinese military unit behind ‘prolific and sustained hacking’ says security report.  A highly-skilled team of intelligence gatherers working systematically to steal confidential information from organisations around the globe?  Shocking stuff – we can’t imagine for a moment that our government is doing the same thing.

But things move fast in the murky world of  attack and counter-attack. The widely-touted report  itself  has become a security risk, and is being used as bait in a phishing attack.  Naturally, that’s the level of entrepreneurial, free-market thinking that one automatically associates with communist China.

Speaking of Chinese ingenuity, malware is getting smarter says anti-virus vendor McAfee; a revelation that presumably comes as no surprise to competitor Symantec, whose own products apparently failed to spot (and here’s that phrase again) the prolific and sustained hacking of the NY Times. Can anyone else see a pattern emerging here?

If security products can’t help us, we have to defend ourselves against the data breach apocalypse. Better not start with Sharepoint then. According to a recent survey, two thirds of Sharepoint users have no security policy.  We know it’s called Sharepoint, but really there are some things that one shouldn’t be sharing. Like the fact that you have no security policy, for example.

Finally, if that’s not apocalyptic enough, we now know that the emergency TV broadcast systems used to address the US public in the event of a real apocalypse are riddled with default passwords and other poor configuration choices. We know this because during a recent spate of zombie uprisings across three US states, community-spirited citizens were able to alert the general public to the imminent danger posed by the walking dead.

What a relief.

 

Useful links:

https://www.ambersail.com/blocking-your-penetration-tester/
https://www.ambersail.com/gdpr-now-the-dust-has-settled/

 

Leave a Reply