China forbidding anonymous online posts

China’s crackdown on Internet freedom is getting even more intense. Last Friday, the country’s top Internet censor announced a new set of regulations meant to eliminate posts by anonymous users on Internet forums and other platforms. The Cyberspace Administration of China will start enforcing those rules on Oct. 1.

According to the new regulations, Internet companies and service providers are responsible for requesting and verifying real names from users when they register and must immediately report illegal content to the authorities. Tech firms, including Baidu, Alibaba and Tencent, are under more pressure to serve as the government’s gatekeepers as China prepares for the 19th National Congress of the Communist Party this fall, which is expected to place new people in several key leadership positions.

Furthermore, a new cybersecurity law that went into effect at the beginning of June requires tech companies to store important data on servers within China. While this is supposedly meant to protect sensitive information, it can also make it easier for the government to track and persecute Internet users.

Along with announcing its new regulations about anonymous posts on Friday, the CAC also specified what content is forbidden from being published online (link and translation via Google Translate), citing a passage from a bill that was passed in 2000 to regulate Internet information services in China. The list is so broad that it can cover almost anything:

Article 15 of the Measures for the Administration of Internet Information Services stipulates that Internet information service providers shall not make, reproduce, publish or disseminate information containing the following: (1) opposing the basic principles as defined in the Constitution; (2) endangering national security (3) to damage national honor and interests; (4) to incite national hatred, ethnic discrimination and undermine national unity; (v) to undermine national religious policies and to promote cults and (6) spreading rumors, disrupting social order and destroying social stability; (7) spreading pornography, pornography, gambling, violence, murder, terror or abetting a crime; (8) insulting or slandering others and infringing upon others (9) Any other content that is prohibited by laws and administrative regulations.

While China has issued various rules requiring online real-name registration for years, the CAC’s new regulations are another sign that the government is becoming increasingly stringent about censorship. For example, using VPNs to access blocked sites like Facebook and Twitter was relatively easy until earlier this year when the government began a crackdown that many observers believe is much more serious than previous attempts to enforce the ban.

As The Diplomat notes, China is taking a multi-pronged approach as it doubles down on censorship, placing more pressure on international publishers as well.

Source: TechCrunch

Hackers deface Malaysian sites

At least 33 local websites have been hacked and defaced by Indonesian hacker group KidsZonk, who are ostensibly unhappy by the flag blunder in the official souvenir booklet of the Kuala Lumpur SEA Games 2017.

Clicking on the sites redirects users to a splash page which features the booklet that carried the Indonesian flag upside down, along with a message “Bendera Negaraku Bukanlah Mainan” (My national flag is not for playing).

Indonesia’s patriotic song “Indonesia Pusaka” will also play in the background, with users having no option but to exit the website.

However, no official government pages or websites belonging to large corporations were affected, with the hacked sites primarily private and business blogs.

CyberSecurity Malaysia (CSM) chief executive officer Datuk Amirudin Abdul Wahab, in a statement, confirmed the attacks, claiming that 33 sites have been defaced as of 3.40pm today.

“CSM has been receiving several reports of incidents targeting Malaysian websites, confidential information leaks and possible distributed denial of services (DDOS) attacks.

“The incident is real and we are conducting an investigation, monitoring and working closely with other agencies to mitigate this incident,” he said.

CSM, through the Malaysian Computer Emergency Response Team (MyCERT), has also released an advisory for system administrator to take the necessary measures to secure their systems, which can be found on its website.

Following the flag blunder, which was first raised by Indonesian Youth and Sports Minister Imam Nahrawi on Saturday, Youth and Sports Minister Khairy Jamaluddin had publicly apologised for the incident.

Foreign Minister Datuk Seri Anifah Aman, in a statement, had also said Malaysia regretted the error made by the Malaysian Organising Committee (Masoc).

Source: Daily Express Online

‘Dronejacking’ may be the next big cyber threat

Next targets: Companies like Amazon, DHL and UPS are expected to use drones for package deliveries – becoming potential targets for criminals, the report said. — Deutsche Post/DHL

test

WASHINGTON: A big rise in drone use is likely to lead to a new wave of “dronejackings” by cybercriminals, security experts warned.

A report by Intel’s McAfee Labs said hackers are expected to start targeting drones used for deliveries, law enforcement or camera crews, in addition to hobbyists.

”Drones are well on the way to becoming a major tool for shippers, law enforcement agencies, photographers, farmers, the news media, and more,” said Intel Security’s Bruce Snell, in the company’s annual threat report.

Snell said the concept of dronejacking was demonstrated at a security conference last year, where researchers showed how someone could easily take control of a toy drone.

”Although taking over a kid’s drone may seem amusing and not that big of an issue, once we look at the increase in drone usage potential problems starts to arise,” he said.

The report noted that many consumer drones lack adequate security, which makes it easy for an outside hacker to take control.

Companies like Amazon and UPS are expected to use drones for package deliveries – becoming potential targets for criminals, the report said.

”Someone looking to ‘dronejack’ deliveries could find a location with regular drone traffic and wait for the targets to appear,” the report said.

”Once a package delivery drone is overhead, the drone could be sent to the ground, allowing the criminal to steal the package.”

The researchers said criminals may also look to steal expensive photographic equipment carried by drones, to knock out surveillance cameras used by law enforcement.

Intel said it expects to see dronejacking “toolkits” traded on “dark web” marketplaces in 2017.

”Once these toolkits start making the rounds, it is just a matter of time before we see stories of hijacked drones showing up in the evening news,” the report said.

Other predictions in the report included a decrease in so-called “ransomware” attacks as defences improve, but a rise in mobile attacks that enable cyber thieves to steal bank account or credit card information.

The report also noted that cybercriminals will begin using more sophisticated artificial intelligence or “machine learning” techniques and employ fake online ads. — AFP

Source: The Star Online

Apple lists top 25 apps hit by malware in first major attack

 An Apple logo hangs above the entrance to the Apple store on 5th Avenue in the Manhattan borough of New York City, July 21, 2015. Reuters/Mike Segar


An Apple logo hangs above the entrance to the Apple store on 5th Avenue in the Manhattan borough of New York City, July 21, 2015.
Reuters/Mike Segar

Apple Inc said the WeChat messaging app and car-hailing app DiDi Taxi were among the 25 most popular apps that were found to be infected with malicious software, the first-ever large-scale attack on its App Store.

The company had not previously disclosed which apps had been affected, although many had been identified by third parties.

Apple said on Sunday it was cleaning up its App Store after several cybersecurity firms reported that unknown hackers had embedded a malware, dubbed XcodeGhost, in hundreds, possibly thousands, of Chinese apps.

“We have no information to suggest that the malware has been used to do anything malicious,” Apple said in its XcodeGhost Q&A Web page on Thursday.

Other infected apps include Baidu Inc’s Baidu Music app, a music app from Internet portal NetEase Inc and the 58 Classified-Job, Used Cars, Rent app.

Tencent Holdings Ltd owns WeChat.

This is the first reported case of large number of malicious software programs making their way past Apple’s stringent app review process.

Cyber security firm FireEye Inc said earlier this week that the security breach was much bigger than previously thought, affecting more than 4,000 apps on the App Store, compared with the earlier estimate of 39.

Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

Apple said on Thursday it was working with developers to get the apps back on the App Store and was blocking new apps that contained the malware.

The company also said some of the affected apps could be fixed through updates.

The hackers targeted the App Store using a counterfeit version of Xcode “toolkit”, Apple’s app-building software.

Many Chinese app developers downloaded the tainted software kit instead of the original one because of the slow download speeds from Apple’s official servers located overseas.

Apple said it was working to make Xcode faster for Chinese developers to download.

Source: Reuters

WhatsApp bug opened door to hacking

Fixed: A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information. — AFP

Fixed: A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information. — AFP

SAN FRANCISCO: WhatsApp recently patched a flaw that left 200 million users vulnerable to being hacked using booby-trapped digital cards for contact details, according to a US computer security firm.

Facebook-owned messaging application WhatsApp boasts more than 900 million users, some 200 million of them who access the service on computer browser software that mirrors activity from mobile devices.

A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information.

Opening tainted cards allowed viruses to infect computers, potentially allowing hackers to steal control or information, according to an online post by Check Point computer security firm.

Hackers would only need a target’s smartphone number and for the person to open the “vCard.”

Check Point said that it disclosed the vulnerability to WhatsApp last month and that an updated version of the application was released. — AFP

Source: The Star Online

Google Malaysia service disrupted by hackers

A computer user poses in front of a Google search page in this photo illustration taken in Brussels

A computer user poses in front of a Google search page in this photo illustration taken in Brussels, May 30, 2014. Reuters/Francois Lenoir

 

Internet users were denied access to Google Inc’s Malaysia website on Tuesday, and were redirected to a hacked page saying “Google Malaysia Hacked by Tiger-Mate #Bangladeshi Hacker.”

The company has reached out to the organization that manages the domain name to resolve the issue, MYNIC, a Google Malaysia spokesperson said in a statement to Reuters.

MYNIC is operated by the country’s ministry of communications and multimedia, and is the administrator for all websites ending with “.my,” according to the company’s website.

The website for Malaysia Airlines experienced a similar problem in January, but the airline quickly reassured users that their bookings and private data had not been compromised.

Source: Reuters