The Ministry of Industry and Information Technology notified 50 APPs (SDKs) that infringe on user rights; the US government will enforce quantum-resistant encryption | Niu Lan

News

dot China's Cyberspace Administration and Indonesia's National Cyber ​​and Cryptography Agency renew cooperation memorandum in the field of cybersecurity

dot “Implementation Rules for Data Security Risk Assessment in the Field of Industry and Information Technology (Trial)” was officially issued

dot The Ministry of Industry and Information Technology notified 50 apps (SDKs) that infringe on user rights

dot The mandatory national standard “Basic Requirements for Secure Processing of Spatiotemporal Data of Intelligent Connected Vehicles (Draft for Comments)” is open for public comments

dot US government to mandate quantum-resistant encryption starting in July

dot FCC proposes new rules for BGP security management

dot Illegal input of sensitive data into AI models increased by 156%

dot Tesla's upgraded ultra-wideband still poses a risk of relay attacks

dot WinRAR flaw lets attackers exploit ANSI escape sequences to trick users

dot Threat Intelligence Innovation Company SOCRadar Announces the Completion of US$25.2 Million Series B Funding

dot Bugcrowd acquires attack surface management startup Informer

dot China Telecom Security Releases Version 2.0 of the Micro Security Model

Special attention

China's Cyberspace Administration and Indonesia's National Cyber ​​and Cryptography Agency renew cooperation memorandum in the field of cybersecurity

On May 26, the Cyberspace Administration of China and the National Cyberspace and Cryptography Agency of the Republic of Indonesia renewed the Memorandum of Understanding on Developing Cybersecurity Capacity Building and Technical Cooperation in Denpasar, Indonesia. The two sides will further deepen and expand China-Indonesia cooperation in the field of cybersecurity.

Original link:

https://mp.weixin.qq.com/s/2VegL-FDPrk7tx1gfLuf8g

“Implementation Rules for Data Security Risk Assessment in the Field of Industry and Information Technology (Trial)” was officially issued

Recently, the Ministry of Industry and Information Technology has formulated and officially issued the “Implementation Rules for Data Security Risk Assessment in the Field of Industry and Information Technology (Trial)” in accordance with the “Data Security Law of the People's Republic of China”, “Cybersecurity Law of the People's Republic of my country” and other laws, and in accordance with the relevant requirements of the “Measures for Data Security Management in the Field of Industry and Information Technology (Trial)”. The rules will apply to data security risk assessments conducted on data processing activities of important data and core data processors in the field of industry and information technology in China.

Original link: https://www.miit.gov.cn/zwgk/zcwj/wjfb/tz/art/2024/art_414d957b786c4a549c37acd5c6e80c71.html

The Ministry of Industry and Information Technology notified 50 apps (SDKs) that infringe on user rights

The Ministry of Industry and Information Technology attaches great importance to the protection of user rights and interests. In accordance with the Personal Information Protection Law, the Cybersecurity Law, the Telecommunications Regulations, the Telecommunications and Internet User Personal Information Protection Regulations and other laws and regulations, it continues to rectify APPs' violations of user rights and interests. Recently, the Ministry of Industry and Information Technology organized a third-party testing agency to conduct spot checks and found that 50 APPs and SDKs had violated user rights and interests, and notified them. The notification requires that these APPs and SDKs should be rectified in accordance with relevant regulations. If the rectification is not in place, the Ministry of Industry and Information Technology will organize relevant disposal work in accordance with laws and regulations.

Original link: https://www.miit.gov.cn/jgsj/xgj/fwjd/art/2024/art_5738a1fd95fd443a88fbbe7051bf1c2a.html

The mandatory national standard “Basic Requirements for Secure Processing of Spatiotemporal Data of Intelligent Connected Vehicles (Draft for Comments)” is open for public comments

Recently, according to the National Standardization Administration's standard formulation and revision plan, the Ministry of Natural Resources (Land) Natural Resources Map Technology Review Center has organized and completed the draft of the national standard “Basic Requirements for Secure Processing of Spatiotemporal Data of Intelligent Connected Vehicles”, which is now open for public comments. All relevant units can feedback their opinions to the drafting department before July 20, 2024.

Contact: Bai Jinghui Tel: 13716382383 Email:(email protected)

Original link:

https://std.samr.gov.cn/gb/search/gbqSuggestionDetail?id=C10125EB0EECE8EFF1AA714AF794C7C7

Hot Spot Observation

US government to mandate quantum-resistant encryption starting in July

According to the latest news from Bloomberg, the US government may enforce quantum-resistant encryption from July. Once the post-quantum encryption standard is determined, it will gradually become a mandatory standard for government contractors. NIST (National Institute of Standards and Technology under the U.S. Department of Commerce) recommends that organizations develop a quantum readiness roadmap as soon as possible to prepare for the implementation of the PQC standard in the future.

On May 22, 2024, NIST announced that it will release encryption algorithms (CRYSTALS-Khyber, CRYSTALSDilithium and SPHINCX+) in July this year that it believes are sufficient to protect data from quantum computer attacks, and develop an internationally recognized standard to help various organizations respond to evolving cybersecurity threats.

These algorithms mark a key step for the United States and NIST towards “post-quantum cryptography (PQC)”, which will establish a new international standard for everything from national security agencies to financial online transactions. Anne Aubergine, deputy national security adviser to the White House, said: “Breaking encryption systems is not only a threat to national security, but also a great threat to the way we protect the Internet, online payments and banking transactions. The introduction of these standards will start the transition to the next generation of encryption technology.”

Original link:

https://www.csoonline.com/article/2119505/us-government-could-mandate-quantum-resistant-encryption-from-july.html

FCC proposes new rules for BGP security management

Recently, the Federal Communications Commission (FCC) of the United States proposed new regulations requiring large broadband service providers to strengthen the security management of Border Gateway Protocol (BGP). BGP is a key system for Internet routing, but it lacks a reliable security mechanism and is easily exploited by hackers, posing a threat to national security. FCC Chairman Jessica Rosenworcel said that despite some efforts in the past to mitigate BGP security risks, stronger measures are still needed.

According to the FCC's proposal, the nine largest broadband service providers will be required to submit a confidential BGP security risk management plan to the FCC, detailing their implementation of industry standards and best practices, and report progress to the public every quarter. This proposal aims to address the risks posed by BGP security flaws, including personal information leakage, theft, extortion, espionage, and critical service interruptions. To this end, the FCC requires the use of technical means such as source verification and RPKI (Resource Public Key Infrastructure) to strengthen the verification of BGP routing information. By strengthening BGP security, the FCC hopes to ensure the security of Internet communications and guard against potential national-level cyber attacks.

Original link:

https://www.networkworld.com/article/2111862/fcc-proposes-bgp-security-measures.html

Illegal input of sensitive data into AI models increased by 156%

Recently, according to the “Artificial Intelligence Adoption and Risk Report” released by Cyberhaven, the use of AI in the workplace has grown exponentially, and the frequency of employees entering sensitive data through chatbots such as ChatGPT and Gemini has more than doubled compared to last year. From March 2023 to March 2024, the total amount of company data entered by employees into AI tools increased by 485%. Employees of technology companies are the largest users of AI tools, sending data to robots at a rate of more than 2 million times per 100,000 employees and copying AI-generated content at a rate of more than 1.6 million times. Of the data submitted by employees to chatbots, 27.4% was sensitive data, compared to 10.7% last year, an increase of 156%.

The report also mentions the problem of shadow AI, where employees use personal accounts to access AI tools, which lack the security and privacy protection measures of corporate accounts. Most ChatGPT (73.8%) and Google tools (95% of which use personal accounts) are used on personal accounts, which not only puts sensitive data such as legal documents, source code, and R&D materials at risk of leakage, but also makes it impossible for organizations to have visibility control over employees' use of AI.

Original link:

https://www.scmagazine.com/news/shadow-ai-on-the-rise-sensitive-data-input-by-workers-up-156

Network attacks

Tesla's upgraded ultra-wideband still poses a risk of relay attacks

Recently, a new study showed that although Tesla's latest Model 3 keyless entry system has been upgraded to ultra-wideband (UWB) radio technology, which is believed to solve the relay attack problem, researchers found that it is still vulnerable to relay attacks. Relay attacks trick the car into unlocking by relaying signals from the owner's key fob or smartphone (usually from a distance). This technique has been used to steal many models of cars for many years because it tricks the car entry system into thinking that the real owner is nearby.

Original link:

https://thecyberexpress.com/tesla-ultra-wideband-vulnerable-relay-attacks/

WinRAR flaw lets attackers exploit ANSI escape sequences to trick users

Recently, a serious flaw (CVE-2024-36052) was discovered in the file compression tool WinRAR, affecting all WinRAR versions before version 7.00, allowing attackers to use ANSI escape sequences to deceive users.

The flaw stems from WinRAR's lack of proper validation and sanitization of file names in ZIP archives. When a specially crafted ZIP archive is used to extract a file name containing ANSI escape sequences, WinRAR fails to properly handle these escape sequences and instead interprets them as control characters. This allows an attacker to manipulate the displayed file name and trick the user into thinking they are opening a harmless file such as a PDF or an image. However, as soon as a user attempts to open such a seemingly harmless file from WinRAR, the flaw is triggered. WinRAR's ShellExecute function receives incorrect parameters and instead of launching the expected file, it executes a hidden malicious script such as a batch file (.bat) or command script (.cmd) that can install malware on the victim's device while simultaneously displaying a decoy document to avoid raising suspicion.

This flaw is specific to WinRAR on Windows and is different from CVE-2024-33899 that affects WinRAR Linux and UNIX versions. Linux and UNIX versions of WinRAR are also vulnerable to screen output spoofing and denial of service attacks caused by ANSI escape sequences. To reduce the risk of this flaw, WinRAR users are advised to immediately update to version 7.00 or later, which contains a fix for this issue. In addition, being cautious when opening archives of unknown origin and enabling file extension visibility in Windows are effective mitigation measures.

Original link:

Industry News

Threat Intelligence Innovation Company SOCRadar Announces the Completion of US$25.2 Million Series B Funding

Recently, SOCRadar, an enterprise-level end-to-end threat intelligence and brand protection provider, announced the successful completion of its Series B financing, raising $25.2 million. This round of financing was led by PeakSpan Capital and participated by Oxx, reflecting investors' confidence in SOCRadar's innovative cybersecurity approach. This round of financing will be used to expand the US market, strengthen business in Europe, deepen the MSP and MSSP market, and continue to invest in research and development, especially in artificial intelligence.

SOCRadar is dedicated to providing preemptive defense against cyber threats such as ransomware, phishing and BEC, as well as attacks from all external sources, and most importantly, detecting and preventing attacks before they occur. With the latest financing, SOCRadar is expected to further consolidate its position as a trusted partner in the field of external cyber threat defense and digital asset protection.

Original link:

https://www.darkreading.com/cybersecurity-operations/socradar-secures-25-2m-in-funding-to-combat-multibillion-dollar-cyber-security-threats

Bugcrowd acquires attack surface management startup Informer

Bugcrowd, a crowdsourced security services provider, recently announced the completion of its acquisition of Informer, an external attack surface management (ASM) and continuous penetration testing service provider. This acquisition expands Bugcrowd's innovative advantages in providing crowdsourced security services to customers of all sizes in various industries, which are provided through a flexible, data- and AI-driven SaaS platform. By integrating Informer's expertise and technology into its product portfolio, Bugcrowd will further accelerate its global coverage and ability to address customers' changing proactive security needs. Further terms of the transaction were not disclosed.

Informer automatically identifies the external attack surface of an organization and provides customers with dedicated penetration testing services. The company combines continuous asset discovery and penetration testing on a single platform, a SaaS solution that combines the power of machine learning and expert penetration testing. Informer has built a powerful external ASM platform that provides organizations with real-time boundary visibility. The combination of the two platforms will enhance the value obtained by customers by bringing the best asset discovery and monitoring capabilities to Bugcrowd.

Original link:

https://www.darkreading.com/cyberattacks-data-breaches/bugcrowd-acquires-informer-to-enhance-attack-surface-management-penetration-testing

China Telecom Security Releases Version 2.0 of the Jianwei Security Model

Recently, the 7th Digital China Summit Intelligent Computing Cloud Ecosystem Conference and Security Forum was successfully held in Fuzhou. The forum was themed “Intelligently Start a New Data Engine and Build a New Security Ecosystem Together”, focusing on hot areas such as data security and artificial intelligence security. At this conference, China Telecom Security Company launched a number of new products including the Jianwei Security Big Model 2.0.

According to reports, Jianwei Security Big Model 2.0 takes actual attack and defense scenarios as the entry point, and focuses on the research and development of key capabilities such as log noise reduction and judgment, intelligent attack and defense terrain analysis, big model guardrails, automatic report generation and interpretation, and security service operation assistants. By deeply embedding in the actual security operation process, Jianwei Security Big Model 2.0 not only adds the accumulation of operation data, but also expands the collection source and RAG data driven by scenario applications, and forms a close two-way empowerment closed loop with Qianmo Data Aggregation Solution. At present, Jianwei Security Big Model 2.0 has been actually applied in China Telecom Security's five internal production lines and more than a dozen provincial professional security service companies.

Original link:

https://mp.weixin.qq.com/s/MQRygbgZkM2GRqHXLY-6EQ