The post KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool appeared first on IT Security Guru.

A Rough Day for Colonel Sanders

While many of us in the UK hit send on our final work email and tucked away our laptops to enjoy a well-deserved long weekend break, Yum! Brands – owner of the world-renown fast food triad of KFC, Pizza Hut, and Taco Bell – were in the midst of sending out a flurry of data breach notification letters to an undisclosed number of people.

The company revealed that some individuals’ personal information, including names, driver’s license numbers, and other ID card numbers, had been stolen during its publicly-announced January 13th ransomware attack.

Commenting on the story, Israel Barak, CISO at Cybereason said:

“The recently disclosed ransomware attack on Yum! Brands that led to a day-long closure of 300 KFC, Pizza Hut and Taco Bell restaurants in the UK is significant and resulted in revenue losses and inconvenienced a significant number of customers. Only time will tell if the stolen customer data finds its way onto the dark web. Ransomware gangs have created a lucrative, multi-billion-dollar economy across the globe and are in a sense start-ups with their own venture capital and business models, but they must continue to be treated like the criminals they are and not glorified for breaking the law and causing disruptions around the world.”

“Companies can’t pay their way out of ransomware and the only time organisations should consider paying a ransom is in life and death situations. If more companies refuse to pay, the criminals will move onto softer targets. Over time, intelligent attackers will tune their attacks to move to targets that yield the most return for the least cost and risk. It’s as true of the dark side as it is of traditional business. I advise organisations to prepare for attacks in peacetime and ensure redundancy in network connectivity and have mitigation strategies ready. Practice good security hygiene and regularly update and patch operating systems and other software. Also, conduct periodic table-top exercises and drills including people beyond the security team all the way to the Executive Suite. Organisations should also ensure clear isolation practices are in place to stop ingress on the network and the spreading of ransomware.”

Thomas Richards, principal security consultant, Synopsys Software Integrity Group, added:

“Ransomware attacks continue to be a threat to any organisation. What stands out with this attack is the compromise of employee personal information, whereas other recent attacks have focused on stored customer data such as credit card information. The breach of personal identification documents is more troubling for those affected since it is difficult to get the document numbers changed; much unlike a credit card, where the bank will simply just issue the customer a new number. The documents compromised would allow someone to impersonate those affected for a long time; the standard “one year of credit monitoring” will not go far enough to protect those who have been affected by this breach. While we do not know the details of how the information was compromised, it is concerning this sensitive information might not have been stored securely. Organisations should treat information such as this with the highest level of sensitivity to ensure the data is encrypted both at rest and in transit. Additionally, the principle of least privilege—which specifies that only the minimum level of access should be granted when interfacing with sensitive data—should be followed to reduce the risk of the data being compromised.”

Javvad Malik, lead security awareness advocate at KnowBe4 also shared:

Driving on to Hyundai’s Breach

Yum! group were not the only ones to fall victim to a breach either; just a few days later, the multinational car manufacturer, Hyundai, disclosed a breach impacting its French and Italian customers. Although it’s believed financial data and identification numbers remain safe, email addresses, physical addresses, telephone numbers and vehicle chassis numbers were exposed.

In response, Chris Hauk, Consumer Privacy Champion at Pixel Privacy warned customers “to be wary of any text, email, or other communications appearing to be from Hyundai or its partners.”

He elaborated: “Bad actors may use the information taken in the breach to attempt to glean additional information from Hyundai customers. At this point, it has not been announced when the breach occurred, so we don’t know how long hackers have had access to the info.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech concurred: “Although the breach is unfortunate, it didn’t leak any particularly sensitive information that could lead directly to theft. Phone numbers, addresses, and email addresses might be used by cybercriminals to craft targeted phishing messages. Hyundai owners in France and Italy should be on the lookout for text messages and emails from scammers posing as Hyundai or a related company. For example, you might get more car warranty scam calls. Never click on links in unsolicited messages or emails.”

I Spy with my Little Eye

We also received a warning this week from security researchers at Citizen Lab about the emergence of a previously undiscovered spyware, similar to NSO Group’s Pegasus, that has been used against journalists, political figures as well as an NGO employee. Alarmingly, hackers leveraged previously logged calendar invites to deploy the malware in a “zero-click” attack.

Asaf Ashkenazi, CEO at Verimatrix, explained:

“Zero-click attacks on mobile devices are highly efficient hacking method that allows a remote attacker to silently take control over a victim’s phone. Unlike common phishing attacks, where the victim is tricked to open an infected file or click on a malicious weblink, zero-click attacks are “silent”, and do not require any user interaction.

Zero-click attacks take advantage of the same mechanism most attacks use: A vulnerability in the attacked software, or in other words, a “mistake” or error the software developer left in the attacked application. These “mistakes” are more common than we think. The traditional security method calls for finding all these errors before the software is released, however this method has proven to be impractical. This is why new security technologies take a different approach, assuming any software will have vulnerabilities. These innovative technologies make it extremely difficult for hackers to find vulnerabilities, and even if they are found, it makes it difficult for hackers to take advantage of a vulnerability without being detected.”

Brian Higgins, Security Specialist at Comparitech, observed:

“This kind of Spyware is very targeted. The Citizen Lab report stated they have only found ‘more than five victims’ and it hasn’t apparently been successfully deployed since 2021. 

That said, the types of customers for this manner of product have deep pockets and very specific targets so it’s more than likely we will see similar revelations every few months or so. 

The small community who think they might be vulnerable should have regular alerts to new exploits and patches set, as well as be vigilant when dealing with jurisdictions of risk, but they already know that.

At the moment, for the vast majority of iOS users this is just a scary story.”

Securing Software by Design

It’s not all bad news though. We also had a win for the good guys, as the US’ Biden administration took its first big step towards making software more secure by design with the release of its “principles and approaches” document.

The post From Data Breaches and Spyware, to New Cybersecurity Guidelines… appeared first on IT Security Guru.

To support businesses with this latest challenge, Verimatrix have recently launched a new cybersecurity microsite (verimatrixcybersecurity.com), where CISOs, SOC teams, fraud departments and developers can find the latest information on mobile app security, including videos and whitepapers.

The launch will be accompanied with the establishment of a new VMX Labs. Led by Klaus Schenk, Verimatrix’s senior vice president of security and threat research, VMX Labs aims to provide ongoing cyber threat advisories, as well as insights and commentary from VMX Lab team members who investigate threat types and information helpful to application developers and even users.

What’s more, customers will benefit from an all-new design of its Extended Threat Defence (XTD) product. The revamped UX and design will allow customers to more easily prevent, detect, respond and predict threats to mobile applications and the devices that connect to the critical infrastructure. The company has expanded its detection capabilities to the network, in addition to the application and device data. New capabilities include the ability to access network risk per application to protect the connection to the company’s critical infrastructure.

Commenting on the announcement, Asaf Ashkenazi, CEO at Verimatrix shared, “I am excited to unveil a new UX for our cybersecurity product, Extended Threat Defence, along with new services from Verimatrix to help our customers secure their mobile app ecosystems, and rapidly detect and respond to threats – including zero day attacks. Today, most companies interact with their customers via mobile applications. If that app is compromised, the connection between the company and their customers is at risk. Verimatrix XTD protects the connection of businesses to their consumers — and there is nothing more important than that.”

The post Verimatrix’s Triple-Threat Initiative Enhances Mobile App Security appeared first on IT Security Guru.

Phishing attacks continue to be a substantial issue within financial industries, with threat actors continuously attempting to steal confidential information. As a matter of fact, Lookout’s report highlighted that the number of attackers seeking to exfiltrate corporate login credentials from mobile applications, is just under 50%. More worryingly, 20% of customers who use mobile banking have application Trojans installed on their devices when attempting to enter their login details, creating a significant security gap that puts individuals and corporations at risk.

Another finding in the report details the dangers behind the failure to update applications on time. Indeed, 21% of iOS devices evaluated were found to be exposed to more than 390 vulnerabilities, while almost a third (32%) of Android devices were potentially subject to 1,060 vulnerabilities, solely for not running on the newest released updates. Devices that aren’t fully up-to-date provide threat actors with an opportune moment to exploit a security gap, access an organisation’s server and steal sensitive data. With the increased use of personal devices for business purposes, attackers are specifically targeting phones, tablets and Chrome-books to widen the attack surface in hopes to find a vulnerable entry point. It’s important to remember that large-scale attacks often start with a simple phishing link that can lead to data theft and give unauthorised users access to confidential company information.

Finally, Lookout’s Chief Revenue Officer, Gert-Jan Schenk states: “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud.”

The post Risk to Financial Services and Insurance Organisations increased by 125% in 2020, report reveals appeared first on IT Security Guru.

As the pace and complexity of software development increases, security and development teams in all industries have recognized that integrating and automating security testing within their development toolchains and workflows is essential. However, they often find that doing this can slow development pipelines and overwhelm development teams with large volumes of testing results, many of which do not require immediate attention.

The concepts and technology behind Intelligent Orchestration were developed and refined through years of experience helping customers navigate these challenges, including a Fortune 500 financial services company undergoing a significant digital transformation effort:

“Testing your business-critical applications for security vulnerabilities is essential, but when it comes to producing actionable results and earning developers’ trust in a DevOps environment, the tests you don’t run can be equally as important as the tests you do run,” said the director of application security for the financial services client. “Avoiding extraneous testing cycles and prioritizing the critical vulnerabilities that present the most risk to your organization is key to embracing the benefits of DevSecOps. We worked closely with Synopsys as they developed their Intelligent Orchestration solution to address the DevSecOps bottlenecks we were grappling with.”

Intelligent Orchestration provides the following capabilities and benefits:

• Dedicated “continuous security” pipeline

Intelligent Orchestration is a dedicated continuous integration (CI) pipeline that runs in parallel to build and release pipelines to perform necessary application security tests.

• Seamless integration with existing pipelines and development toolchains

Intelligent Orchestration does not require build and release pipelines to be reimplemented. Instead, it easily integrates with CI pipelines via simple API calls.  In addition, extensible DevOps integrations enable teams to incorporate application security tests performed by Synopsys tools as well as open source and third-party tools, and deliver results via the development, risk management, and issue tracking tools they already use.

• Ensures the right tests are run at the right time

Teams can define their application security policies as code, specifying rules for security analysis, notification, and remediation. Using innovative technology, Intelligent Orchestration then uses that policy to evaluate code changes and other SDLC events to intelligently trigger the appropriate security tests, maximizing velocity by performing only the tests that are needed when they are needed.

• Delivers the right information to the right teams

Intelligent Orchestration optimizes and standardizes application security reporting across the gamut of security testing tools. Results are automatically filtered and prioritized based on risk and delivered directly within the development and defect tracking tools development teams already use, preventing “vulnerability overload” and enabling teams to achieve the maximum risk impact at minimum cost.

• Automates the workflow for manual or out-of-band testing activities

Intelligent Orchestration policies can also trigger manual security activities such as penetration tests, through defect tracking systems and communication channels, enabling security teams to coordinate security compliance with development workflows.

“Every organization embracing DevOps encounters friction when they integrate and automate security testing into their DevOps environments,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Automating the enforcement of application security policies across your portfolio and managing high volumes of security testing results, while trying to keep pace with the accelerating speed of development, can be a daunting task. These challenges are precisely what Intelligent Orchestration is designed to address. Through policy-driven intelligence, automation, and extensive integrations, Intelligent Orchestration streamlines security testing programs based on risk and continuous iteration.”

Find out more here.

The post Synopsys Launches New Tool for Automated Application Security appeared first on IT Security Guru.

The analysis of over 3,000 popular Android mobile apps showed information leakage to be commonplace. Passwords, user credentials, email addresses and tokens are among the information found. With this information, malicious actors can access someone’s servers, systems or sensitive data and plant malware or even access banking apps.

In addition to this, many of these apps demand excessive use of mobile permissions. Indeed, CyRC found an average of 4.5 sensitive permissions per application. Tools for teachers is one category that posed a significant concern. In fact, one application with over a million downloads was found to require 11 permissions that Google classifies as “Protection Level: Dangerous”.

The report also found that the majority of apps (63%) contained open source components with known security vulnerabilities, with an average of 39 vulnerabilities per vulnerable app. Nearly half of these (44%) have been identified as high risk because they either have been actively exploited or are associated with documented proof-of-concept (PoC) exploits. Just under five percent of the vulnerabilities are associated with an exploit or PoC exploit and have no fix available. One percent of the vulnerabilities are classified as remote code execution (RCE) vulnerabilities—which is recognized by many as the most severe class of vulnerability. 0.64% are classified as RCE vulnerabilities and are associated with an active exploit or PoC exploit.

Top free games, top-grossing games, banking apps, budgeting apps, payment apps and top paid games ranked in the top 6 most vulnerable apps; which is highly concerning considering their immense increase in popularity during the pandemic.

Remarkably, however, 94% of the vulnerabilities detected have publicly documented fixes, meaning there are security patches or newer, more secure versions of the open-source component available. Furthermore, 73% of the 3,137 unique vulnerabilities detected were first disclosed to the public more than two years ago, indicating that app developers simply aren’t considering the security of the components used to build their apps.

“Like any other software, mobile apps are not immune to security weaknesses and vulnerabilities that can put consumers and businesses at risk,” shared Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Today, mobile app security is especially important when you consider how the pandemic has forced many of us—including children, students, and large portions of the workforce—to adapt to increasingly mobile-dependent, remote lifestyles. Against the backdrop of these changes, this report underscores the critical need for the mobile app ecosystem to collectively raise the bar for developing and maintaining secure software.”

To learn more, download the report, Peril in a Pandemic: The State of Mobile Application Security Testing.

The post Popular Android Apps Putting Consumer Privacy and Security At Risk appeared first on IT Security Guru.

Given the rise in the number of remote users and the rapid adoption of cloud technology, the need for an integrated endpoint-to-cloud security solution has never been greater, especially when you consider the amount of data transitioning out of the corporate data centre into the cloud. This presents significant security obstacles that need to be addressed and a solution that can track activity and enforce policies across the entire data path – from the endpoint device to cloud-based applications – is much desired.  

“We couldn’t be more excited to welcome the CipherCloud team to Lookout”, said Jim Dolce, CEO, Lookout. “Our two organisations share a common passion for accelerating cloud adoption with cloud-native solutions that secure mission-critical data. Joining forces with CipherCloud is the next phase of our enterprise market expansion, extending our reach from the endpoint into the cloud where the applications and data reside. Through this combination, we will deliver endpoint-to-cloud security by tying together elements of our individual solutions into a single cloud-delivered offering.” 

Indeed, the purchase of CipherCloud is ideal as the solutions span several developing SASE categories, including Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA), Secure Web Gateway (SWG) and Data Loss Prevention (DLP). Together these solutions deliver comprehensive visibility, data security, threat protection, and compliance for cloud-based applications. Many of the world’s largest global enterprises and government institutions protect and secure their cloud information with CipherCloud. 

“As a pioneer of the Cloud Access Security Broker market, CipherCloud has enabled organisations around the world to achieve their digital transformation,” said Pravin Kothari, Founder and CEO, CipherCloud. “Today, we take the exciting next step on the road to SASE by integrating our strengths with those of Lookout to deliver endpoint-to-cloud security for the modern workforce.” 

The acquisition broadens the Lookout product portfolio as well as its community of customers and partners including carrier, cloud, channel, distributor and managed security service providers (MSSP). CipherCloud Founder and CEO Pravin Kothari will join Lookout as EVP, Product and Strategy, SASE. As a part of the transaction, CipherCloud will operate under Lookout brand and leadership.  

Financial terms have not been disclosed. 

The post Lookout Acquires CipherCloud to Deliver Security from Endpoint to Cloud    appeared first on IT Security Guru.

With digital transformation and cloud being swiftly adopted by organisations, smartphones, tables and laptops have become integral for the everyday working individual. For mobile devices, this is extremely critical given that they have replaced more traditional devices as our main productivity tool which has meant there is now a heavy reliance on Android and iOS devices. A Zero Trust model had now become a necessity and so the BeyondCorp Remote Access was created by Google to help make access to internal Google applications easier and more secure.

In a statement released this week, Google announced the names of the partners added to the roster and the capabilities expected to be used in the BeyondCorp Alliance:

Device Management: Enterprise Mobility Management (EMM) vendors can provide device context and telemetry such as whether a device is managed or corporate-owned to aid in policy evaluation.

Endpoint Security: Endpoint Detection and Response Vendors (EDR) or Mobile Threat Defense (MTD) vendors can provide device posture information, such as whether a device is compromised to aid in policy evaluation.

Gateways: Infrastructure vendors can provide more secure access to hosted infrastructure (e.g., virtual desktops, etc.) via BeyondCorp.

Vendors:

Lookout continuously assesses a smartphone, tablet or Chromebook’s risk level and provides it to Cloud Identity and BeyondCorp from the Lookout Security Graph. Device risk levels of “high, moderate or low” are set based on the organization’s security policies. When Lookout detects a threat on a mobile device, the risk level is changed accordingly and delivered in real-time to Cloud Identity via API. This integration enables Google Workspace to block risky or non-compliant devices from accessing applications and data. This functionality is now available in preview via the Google Admin console. Learn more by reading Lookout’s blog.

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Mobile (SEP Mobile) report on the security posture of an organization’s traditional and mobile endpoints, including both managed and unmanaged devices. With the upcoming integration, customers can leverage Symantec’s endpoint signals such as indications of compromise, operating system configuration risks, app risks, anomalous network behavior, and more, to create more granular and customized access policies for Google Workspace, web apps, and Google Cloud infrastructure.

Citrix and Google Cloud are extending our deep collaboration to include BeyondCorp. Google Cloud has always been one of the best places to run Citrix Workspace, and the first step, bringing together Citrix Workspace and BeyondCorp, is coming soon. It will allow customer applications, whether they are deployed on-premises, on GCP, or delivered as a service (SaaS), to be exposed through Citrix Workspace with BeyondCorp’s access controls and policy enforcement. Users get a single pane of glass for all of their applications, which can now be accessed from BYOD and non-corporate devices without the need for a VPN. We’re also exploring the sharing of endpoint signals and further extending policy enforcement to virtual desktops.

CrowdStrike will deliver real-time endpoint posture assessments from endpoints regardless of location, network, or user so that BeyondCorp adopters can prohibit access from untrusted or compromised hosts as part of conditional access policies, reducing risk for users and the organization. This integration is coming soon.

Tanium and Google Cloud recently announced a strategic partnership with the goal of delivering security transformation for the distributed IT era. As part of the BeyondCorp Alliance, Tanium will be providing device identity information through Tanium Endpoint Identity, which is available today. Tanium monitors and evaluates the health of endpoints in real-time, providing comprehensive visibility and control from a single platform no matter where the device is located. Through the combined solution, coming soon, organizations will be able to ensure that devices connecting to network resources and applications are authorized, secured, and up-to-date.

VMware is working to bring Workspace ONE and Google Cloud’s BeyondCorp solution together to keep devices under control and compliant with policies that protect corporate data. Workspace ONE will continually feed device compliance status information to Google Cloud’s context-aware access engine, allowing access to be revoked at any time if a device becomes non-compliant. This integration is coming soon.

Check Point SandBlast Mobile is a mobile threat defense solution that detects and stops attacks on iOS and Android devices before they start. Integration with the Google Admin console can be used to selectively prevent compromised devices from accessing applications and resources, helping to keep sensitive data secure. The integration is now available to customers in preview in the Google Admin console.

Jamf is working to extend its device compliance capabilities for organizations leveraging Google Cloud and BeyondCorp. In the past, organizations have expressed concerns about unprotected Mac devices accessing cloud and on-premises resources. Now, through a unique Jamf preview, customers can ensure that only trusted users, from managed devices, using approved apps, are accessing company data.

The post Google Adds list of New Partners to BeyondCorp Alliance appeared first on IT Security Guru.

Zix a provider of cloud email security, productivity and compliance solutions has announced the release of its Advanced Email Threat Protection service for the UK market. This new offering sees the utilisation of machine learning capabilities to offer multi-layered filtering that promises to safeguard corporate inboxes from malicious threats.

The introduction of this service comes at a crucial time as more people begin to work from home. The rise in remote working has seen an increase of malicious attacks including phishing, impersonation, malware, ransomware and spam-type messages. The Advanced Email Threat Protection Service from Zix fills a gap in enterprise threat prevention, promising to deliver a more intrinsic level of security than traditional email filtering solutions.

“In recent months, there has been no evading the constant stream of reports indicating a sharp spike in cyberattacks as bad actors look to take advantage of the commotion surrounding the coronavirus pandemic,” said Paul Balkwell, VP of international sales at Zix. “What’s more, according to the 2020 Verizon DBIR, 90% of these threats start with an email. Crucially, it also works seamlessly with their other security, compliance and productivity services.”

Zix’s comprehensive service aims to tackle email threats throughout their full lifecycle. As a first line of defence, Zix ensures that social engineering attempts are identified and blocked. This includes implementing time-of-click analysis, which aids in spotting malicious phishing links. Another interesting offering from Zix’s new solution is the option of subjecting email attachments through thorough inspection in a ‘sandboxed’ environment. This keeps potentially harmful files isolated from critical system software upon installation, avoiding the spread of malware, while providing insight into the email.

In a rather apropos move, users are also offered the ability to ‘quarantine’ or retract suspicious emails through a simple web interface. From this interface, users can also implement threat mitigation, review analytics as well as receive real-time updates when zero-day, or never before seen, attacks are found. Moreover, users maintain full visibility into their email environments as traffic is monitored 24/7 for existing and evolving threats with the help of live threat analysts and machine learning.

These services are further enriched by the Zix Phenomenal Care support team that has a 97% first call resolution with 24/7, 365 days a year support.

“Zix’s Advanced Email Threat Protection has been a saving grace for keeping our clients secure,” added Connor Papp, Projects Engineer at Total Group International Ltd, a Zix partner. “By utilising the various features Zix’s Advanced Email Threat Protection has to offer, we are able to gain a deeper insight into the types of attacks our customers face and build policies and rules to automate the remediation and mitigation of the endless bombardment of email-based threats. Our customers truly value the level of self-service the suite offers them for managing potentially dangerous attachments and mail, as well as the peace of mind they have knowing that our team is looking right over their shoulder at each point of contact.”

Noting the expanse of Zix’s offering to the UK market, Balkwell went on to state: “we are delighted to see our offering enthusiastically embraced by many organisations across the world. More importantly, we can do our part in safeguarding them from the unrelenting efforts of cybercriminals.” Balkwell concluded: “the security landscape has evolved, and gone are the days of bad guys simply sending out nuisance spam email. Today, email is the gateway to all manner of attack and cybercriminals are getting crafty.” As always, the solution is to stay one step ahead of the game and tackle threats as they evolve.”

The post Securing Emails in the Modern Age appeared first on IT Security Guru.

First discovered by mobile cybersecurity providers Lookout, the primary aim of these apps is to track, gather and exfiltrate personal user data to attacker-operated command-and-control servers, with the surveillance attributed to the Chinese government’s national security and counter-terrorism efforts.

Threat researchers state the spyware exploits the victim’s Android device through targeted phishing and fake-third party app stores. It had also been found that the malware was in ten different languages: Uighur, English, Arabic, Chinese, Turkish, Pashto, Persian, Malay, Indonesian, Uzbek and Urdu/Hindi.

The San Francisco based  company named the four Android survellianceware tools SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, and found that these interconnected malware tools are elements of a much larger mAPT (mobile advanced persistent threat) campaign originating in China, with activity of these surveillance campaigns been observed as far back as 2013.

Lookout also noted that past activity of this mAPT is connected to previously reported desktop APT activity in China, which is linked to GREF, a China-based threat actor also known as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon.

It was also revealed that many samples of these malware tools were trojanized legitimate apps, i.e., the malware maintained complete functionality of the applications they were impersonating in addition to its hidden malicious capabilities.

Out of the list of countries targeted by the hackers, 12 are said to be on the Chinese government’s official list of “26 Sensitive Countries,” which according to public reporting, are used by authorities as 5 targeting criteria.

Muslim minorities have been widely persecuted suppressed in China and, in the Xinjiang region, they are being forced into government-mandated concentration camps in an attempt to “re-educate” them.

The post Chinese-state-sponsored hackers spying on ethnic minorities worldwide appeared first on IT Security Guru.