Chinese hackers confirmed In the year This week, new discoveries will be even more intrusive, as Beijing-backed hackers breached the email servers of the Association of Southeast Asian Nations, a government body of 10 Southeast Asian nations, in February 2022. The security alert, first reported by WIRED, comes as China ramps up its hacking amid rising tensions in the region.
Meanwhile, as Russia faces economic sanctions over its invasion of Ukraine, the Kremlin is scrambling to address gaps in the tech sector. Now, we’ve learned that there’s a rush to get a homegrown Android phone off the ground this year. Russian IT giant National Computer Corporation says it will sell 100,000 smartphones and tablets by the end of 2023. While Android is an open source platform, there are steps Google is taking to limit new licenses. Finally, the Russian phone, which forces the project to look for a different mobile operating system.
Researchers from Ruhr University Bochum and CISPA’s Helmholtz Center for Information Security presented the findings at the Network and Distributed Systems Security Symposium in San Diego this week. Also the GPS coordinates of their operators. The researchers discovered the exposed communications by reverse engineering DJI’s radio protocol, DroneID.
In the US, the long-awaited national cyber security plan from the White House was finally launched on Thursday. It focuses on partially recognized priorities, such as strengthening defenses for critical infrastructure and expanding efforts to disrupt the activities of cybercriminals. But the plan includes a proposal to shift legal liability for vulnerabilities and security failures to companies such as software makers or institutions that fail to make reasonable efforts to protect sensitive data.
If you want to do something good for your cyber hygiene this weekend, we’ve got the most important software fixes to download ASAP. Seriously, now go install them, we’ll be waiting here.
And there is more. Each week, we round up security news that we haven’t covered in depth ourselves. Click on headlines to read full stories and stay safe there.
In December, password manager Laspas revealed in late November that the August breach was worse than the company had initially thought, and that encrypted copies of some users’ passwords were more than other personal data. Now, the company has disclosed a second incident that began in mid-August and allowed attackers to compromise the company’s cloud storage and extract sensitive data. Attackers gained such unusual access to LastPass by targeting employee deep system privileges
“This was done by targeting. [a] Using a DevOps engineer’s home computer and a vulnerable third-party media software package enabled remote code execution and allowed the threat actor to install keylogger malware, LastPass wrote in the statement. “Once the threat actor entered the employee’s master password, the employee was authenticated with MFA, and a DevOps engineer gained access to the LastPass corporate vault.”