Stifling Beijing in cyberspace big focus for UK operatives The Register

Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings.
Various discussions around the future of security technology attracted some of the biggest names in the field to the stage at Birmingham's ICC - those focused on AI and post-quantum cryptography particularly caught the eye.
It was the future threat presented by, and potential future conflict with, China that prevailed as the event's true unspoken theme, seemingly seeping into nearly every discussion over the two-day all-things-cyber bash.
For the past two years the event has felt decidedly Russia-y, despite not explicitly being themed around it.
Russia was again a watchword last year but with more of a focus on the threat Putin's country, and those who support it, poses to allied critical national infrastructure.
GCHQ director Anne Keast-Butler's opening speech hinted at the types of curiosities UK intelligence has spotted in Putinland over the past 12 months, including closer ties to the criminal underworld.
This year's CYBERUK flock of delegates would have been pushed to attend more than a single session that didn't have a China flavor.
While Beijing's ambition for tech dominance is well-documented, the People's Republic of China is very clearly occupying the headspace of national security officials more than ever.
AKB went so far as to say more resources are being spent on tackling China than any other single mission at GCHQ, if you needed any more of a sense of just how seriously it's being taken.
In the UK, APT31 is probably the best-known group of troublemakers-in-chief, having recently been outed for two major attacks on democracy, including the theft of Electoral Register data.
Volt Typhoon will be the group more familiar to those in the US, especially after it was pinned to various attacks on CNI networks.
Xi's cyberspies ten years ago may have just been stealing intellectual property from universities, for example, but the attacks on CNI from multiple groups, not just Volt Typhoon, showed evidence of China trying to set themselves up for destructive attacks in the future.
Couple this with China's 2021 data security law that requires all security vulnerabilities to be handed to Beijing before being disclosed, if at all, and the Middle Kingdom's intentions become much clearer.
Russia is seen as the threat today China is the threat of tomorrow.
Consider again that 10-15-year timeframe AKB outlined regarding China's bid for tech dominance.
Industry calls for vendors to take greater responsibility for the security of their products were being made many years ago, but as NCSC CTO Ollie Whitehouse said, the tech market is broken and he doesn't see material change happening for at least ten years.
The industry also needs to work more collaboratively to out-innovate China, which has scores of intelligence workers dedicated to learning Western cyber tradecraft, and consuming every blog post, article, and speech that offers a glimpse at how we might be countering their work, purely to devise an effective block.
Whitehouse mentioned the need to incentivize boardrooms as well as vendors to assume liability for their security.
There's a limited window of opportunity to act to ensure the threat China presents doesn't escalate beyond control.
China doesn't just want to keep pace with the West, but achieve supremacy in cyberspace and out-innovate it to the extent Western nations can't defend against it.


This Cyber News was published on www.theregister.com. Publication date: Fri, 17 May 2024 00:44:05 +0000


Cyber News related to Stifling Beijing in cyberspace big focus for UK operatives The Register

Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024 - Under the theme 'Advancing Collective Action in Cyberspace,' the event will unite thought leaders, decision makers and experts across the global Cyberspace community to bolster international cooperation, address shared challenges, enhance ...
9 months ago Darkreading.com
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
1 year ago Theregister.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
7 months ago Theregister.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution - F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an ...
1 year ago Securityweek.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
9 months ago Apnews.com
China Says State-Backed Experts Crack Apple's AirDrop - Chinese state-backed experts have found a way to identify people who use Apple's encrypted AirDrop messaging service, according to the Beijing municipal government. AirDrop allows users to send content to Apple devices in close proximity without an ...
11 months ago Securityweek.com
CVE-2015-7393 - dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, ...
8 years ago
CVE-2015-8099 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before ...
5 years ago
US Intelligence Predicts Upcoming Cyber Threats for 2024 - Accelerating competition between nation-states, regional conflicts with far-reaching impact, and non-state threat actors with unprecedented capabilities are three of the main cyber threats the US intelligence community will face over the next few ...
9 months ago Infosecurity-magazine.com
CVE-2016-5022 - F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x ...
5 years ago
New Relic warns customers it's experienced a cyber incident The Register - Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something. "We value our New Relic community and want to make our customers aware of a recent cyber security incident ...
1 year ago Theregister.com
CVE-2015-5516 - Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 ...
5 years ago
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
CVE-2015-7394 - The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, ...
5 years ago
Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
1 year ago Feeds.dzone.com
China warns of AirDrop de-anonymization flaw The Register - In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities. The announcement targeted ...
11 months ago Go.theregister.com
US Gov warn drones can be tools for Chinese espionage The Register - Two US government agencies, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation, warned on Wednesday that drones made in China could be used to gather information on critical infrastructure. Those expanded legal ...
11 months ago Theregister.com
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
1 year ago Securityweek.com
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)