Just Earth News | @justearthnews | 18 Sep 2020, 08:37 pm Print
New York: Amid reports of snooping by Chinese firms, the US Cybersecurity and Infrastructure Security Agency has released an advisory on the activities of China's Ministry of State Security (MSS) and its associated agencies and contractors, media reports said.
These operations are characterized by collection of open-source intelligence and by the use of readily available exploits, reports The Cyber Wire.
"There’s nothing particularly exotic about the tactics and techniques, but they’ve been proven effective nonetheless. The MSS has tended to concentrate on recently identified vulnerabilities, hoping to catch organizations that have been laggard in patching," reported the website.
"Some of the issues exploited include Microsoft Exchange Server (CVE-2020-0688), F5’s Big-IP remote takeover vulnerability (CVE-2020-5902), Pulse Secure VPN's remote code flaw (CVE-2019-11510) and Citrix VPN’s directory traversal problem (CVE-2019-19781)," it said.
According to a report published by The Guardian newspaper, the personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data.
About 2.4 million people are included in the database, assembled mostly based on public open-source data such as social media profiles, analysts said. It was compiled by Zhenhua Data, based in the south-eastern Chinese city of Shenzhen, the newspaper reported.
- US: Woman dies after she was set on fire in New York subway, suspect arrested
- Ousted Syrian President Bashar al-Assad's wife Asma al-Assad files for divorce, wants to return to UK
- US father beheads his one-year-old child, local media calls his act 'demonic'
- Donald Trump appoints Indian-American entrepreneur Sriram Krishnan as AI advisor
- Brazil: 10 die after small plane crashes in Gramado