Reuters: Cyber firms warn on suspected Russian plan to attack Ukraine. “Cisco Systems Inc (CSCO.O) on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine.”
Washington Post: Banning Chinese phones won’t fix security problems with our electronic supply chain. “Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users. It’s a legitimate fear, and perhaps a prudent action. But it’s just one instance of the much larger issue of securing our supply chains.”
Ars Technica: Report: Chinese government is behind a decade of hacks on software companies. “Researchers said Chinese intelligence officers are behind almost a decade’s worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location.”
Bleeping Computer: Chinese Intelligence Agencies Are Doctoring the Country’s Vulnerability Database. “Chinese intelligence agencies are doctoring the Chinese National Vulnerabilities Database (CNNVD) to hide security flaws that government hackers might have an interest in, according to a report released on Friday by US threat intelligence firm Recorded Future. The US company says it noticed in recent months mass edits to the CNNVD website. Recorded Future says CNNVD operators have been backdating the publication dates for hundreds of vulnerabilities.”
Ars Technica: Potent malware that hid for six years spread through routers. “Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide. Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.”
The Daily Beast: Russians Used Reddit and Tumblr to Troll the 2016 Election. “A leak of internal data from the Kremlin-backed Internet Research Agency discovered by The Daily Beast serves as the first confirmation that the Russian troll farm deployed its online agitators on Reddit as part of its campaign to interfere in American politics. The leak also reveals 21 Tumblr accounts, including login credentials, run by the Internet Research Agency (IRA). The listing for the leak offers ‘American proxies’ for Reddit and viral meme site 9Gag. The leak comes after months of speculation from Reddit users that the site had been targeted by a foreign influence campaign.”
TechCrunch: Fake news is an existential crisis for social media . “The claim and counter claim that spread out around ‘fake news’ like an amorphous cloud of meta-fakery, as reams of additional ‘information’ — some of it equally polarizing but a lot of it more subtle in its attempts to mislead (for e.g., the publicly unseen ‘on background’ info routinely sent to reporters to try to invisible shape coverage in a tech firm’s favor) — are applied in equal and opposite directions in the interests of obfuscation; using speech and/or misinformation as a form of censorship to fog the lens of public opinion. This bottomless follow-up fodder generates yet more FUD in the fake news debate. Which is ironic, as well as boring, of course. But it’s also clearly deliberate.” One of those articles that deserves a better headline than it gets. A deep dive with lots of links to other news articles and background. Very good stuff.