Loading

The Story of the 2011 RSA Hack

SecurityJune 2, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.Read more: schneier.com

The FBI Is Now Securing Networks Without Their…

SecurityApril 15, 2021

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities…

Chinese Hackers Stole an NSA Windows Exploit in…

SecurityMarch 5, 2021

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline:…

National Security Risks of Late-Stage Capitalism

SecurityMarch 2, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer…

Loading

Chinese Supply-Chain Attack on Computer Systems

SecurityFebruary 15, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost…

Another SolarWinds Orion Hack

SecurityFebruary 5, 2021

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion…