Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label China. Show all posts
Mobile Applications
AI Chatbot China Cyber Security iOS iOS App Store. Mobile Applications Mobile App Mobile Applications

Tencent’s AI Chatbot Yuanbao Becomes China’s Most Downloaded iOS App

 

Tencent’s AI chatbot, Yuanbao, has surpassed DeepSeek to become the most downloaded free app on China’s iOS App Store. The chatbot, launched in May 2024, gained significant traction following Tencent’s integration of DeepSeek’s R1 reasoning model in February. This move provided users with an additional AI option alongside Tencent’s proprietary Hunyuan model. As a result, Tencent’s Hong Kong-listed shares rose by 1.6% on Tuesday. 

Tencent, which operates China’s largest social media platform, WeChat, further accelerated Yuanbao’s growth by adding a download button for the chatbot within the app. This gave its 1.3 billion users direct access to the AI tool, significantly boosting downloads. By late February, the number of daily active users surged from a few hundred thousand to three million, according to Li Bangzhu, founder of AIcpb.com, a website that tracks AI applications. 

This rise in popularity can largely be attributed to Tencent’s extensive promotional efforts. The company has leveraged WeChat’s vast ecosystem to recommend Yuanbao to users, place ads on its social timeline, and integrate the chatbot across other Tencent applications. In addition to its AI chatbot expansion, Tencent recently reorganized several teams, including those for Yunbao, QQ Browser, Sogou Pinyin, and learning assistant Im, moving them under its Cloud and Smart Industries Group.
  
The company’s aggressive push into AI comes amid intensifying competition from major Chinese tech firms such as Alibaba, Baidu, and ByteDance. Last month, Tencent launched Hunyuan Turbo S, an upgraded AI model designed for faster responses compared to its predecessors and even outperforming DeepSeek. Meanwhile, Baidu announced that it would introduce the latest version of its Ernie 4.5 model this month, which will be made open source on June 30. 

The company will also make its Ernie Bot chatbot free for all users starting April 1. ByteDance is also ramping up its AI efforts, with CEO Liang Rubo prioritizing advancements in generative AI for the first quarter of 2025. The company has launched the Seed Edge project, which focuses on long-term AI research, and has hired AI expert Wu Yonghui from Google to lead its foundational research initiatives. 

With rapid developments in the AI sector, Tencent’s strategic moves indicate its ambition to stay ahead in China’s competitive AI landscape. The success of Yuanbao highlights the increasing importance of AI-powered applications, as well as the role of major tech companies in shaping the future of digital interaction.
Read more »
Ransomware Payload
China Cyber Crime cyber espionage Nailaolocker Ransomware Payload

European Healthcare Entities Targeted With NailaoLocker Ransomware

 

A previously undocumented ransomware payload named NailaoLocker has been detected in assaults targeting European healthcare entities between June and October 2024. 

The attackers employed CVE-2024-24919, a Check Point Security Gateway vulnerability, to obtain access to targeted networks and install the ShadowPad and PlugX malware families, which are closely associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT attributes the attacks to Chinese cyber-espionage tactics, while there is insufficient evidence to assign them to specific groups. 

According to Orange experts, NailaoLocker is a rather rudimentary ransomware strain when compared to the most renowned families in the area. Orange classifies NailaoLocker as a simple ransomware because it does not terminate security processes or operating services, lacks anti-debugging and sandbox evasion methods, and does not search network shares. 

The malware is installed on target systems using DLL sideloading (sensapi.dll), which involves a genuine and signed executable (usysdiag.exe). The malware loader (NailaoLoader) investigates the environment using memory address checks before decrypting and loading the main payload (usysdiag.exe.dat) into memory. 

The NailaoLocker then activates and begins encrypting files with an AES-256-CTR scheme, appending the ".locked" extension to the encrypted files. After the encryption is completed, the ransomware sends an HTML ransom note with the unusually long filename "unlock_please_view_this_file_unlock_please_view_this_file_unlock_please_view_this_file_unlock_please_view_this_file_unlock_please.html.”

Combining ransomware and espionage

After further investigation, Orange claims to have discovered some parallels between the ransom note's content and a ransomware tool sold by a cybercrime company known as Kodex Softwares (previously Evil Extractor). However, there were no obvious code overlaps, thus the relationship was fuzzy. 

Orange has proposed numerous hypotheses for the assaults, including false flag operations designed to distract, deliberate data theft operations combined with income creation, and, most likely, a Chinese cyberespionage organisation "moonlighting" to generate some money. 

Symantec only revealed last week that suspected Emperor Dragonfly (also known as Bronze Starlight) agents were using RA World ransomware to target Asian software companies and demanding a $2 million ransom. 

The shift in strategy is concerning since Chinese state-backed players have not adopted the strategy of North Korean actors, who are known to pursue several objectives concurrently, including financial advantages through ransomware operations.
Read more »
DeepSeek
AI Models AI technology AI Threat China Cyber Security Data Mining Data Privacy data security DeepSeek

DeepSeek AI Raises Data Security Concerns Amid Ties to China

 

The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google. 

However, its rapid rise in popularity has also sparked serious concerns about data security, with critics drawing comparisons to TikTok and its ties to China. Government officials and cybersecurity experts warn that the open-source AI assistant could pose a significant risk to American users. 

On Thursday, two U.S. lawmakers announced plans to introduce legislation banning DeepSeek from all government devices, citing fears that the Chinese Communist Party (CCP) could access sensitive data collected by the app. This move follows similar actions in Australia and several U.S. states, with New York recently enacting a statewide ban on government systems. 

The growing concern stems from China’s data laws, which require companies to share user information with the government upon request. Like TikTok, DeepSeek’s data could be mined for intelligence purposes or even used to push disinformation campaigns. Although the AI app is the current focus of security conversations, experts say that the risks extend beyond any single model, and users should exercise caution with all AI systems. 

Unlike social media platforms that users can consciously avoid, AI models like DeepSeek are more difficult to track. Dimitri Sirota, CEO of BigID, a cybersecurity company specializing in AI security compliance, points out that many companies already use multiple AI models, often switching between them without users’ knowledge. This fluidity makes it challenging to control where sensitive data might end up. 

Kelcey Morgan, senior manager of product management at Rapid7, emphasizes that businesses and individuals should take a broad approach to AI security. Instead of focusing solely on DeepSeek, companies should develop comprehensive practices to protect their data, regardless of the latest AI trend. The potential for China to use DeepSeek’s data for intelligence is not far-fetched, according to cybersecurity experts. 

With significant computing power and data processing capabilities, the CCP could combine information from multiple sources to create detailed profiles of American users. Though this might not seem urgent now, experts warn that today’s young, casual users could grow into influential figures worth targeting in the future. 

To stay safe, experts advise treating AI interactions with the same caution as any online activity. Users should avoid sharing sensitive information, be skeptical of unusual questions, and thoroughly review an app’s terms and conditions. Ultimately, staying informed and vigilant about where and how data is shared will be critical as AI technologies continue to evolve and become more integrated into everyday life.
Read more »
Technology
Artificial Intelligence China DeepSeek Garante Italy Technology

Italy Takes Action Against DeepSeek AI Over User Data Risks

 



Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear that the chatbot’s data practices could pose security risks, leading to its removal from Italian app stores.  


Why Did Italy Ban DeepSeek?  

The main reason behind the ban is DeepSeek’s lack of transparency regarding its data collection policies. Italian regulators reached out to the company with concerns over whether it was handling user information in a way that aligns with European privacy laws. However, DeepSeek’s response was deemed “totally insufficient,” raising even more doubts about its operations.  

Garante stated that DeepSeek denied having a presence in Italy and claimed that European regulations did not apply to it. Despite this, authorities believe that the company’s AI assistant has been accessible to Italian users, making it subject to the region’s data protection rules. To address these concerns, Italy has launched an official investigation into DeepSeek’s activities.  


Growing Concerns Over AI and Data Security  

DeepSeek is an advanced AI chatbot developed by a Chinese startup, positioned as a competitor to OpenAI’s ChatGPT and Google’s Gemini. With over 10 million downloads worldwide, it is considered a strong contender in the AI market. However, its expansion into Western countries has sparked concerns about how user data might be used.  

Italy is not the only country scrutinizing DeepSeek’s data practices. Authorities in France, South Korea, and Ireland have also launched investigations, highlighting global concerns about AI-driven data collection. Many governments fear that personal data gathered by AI chatbots could be misused for surveillance or other security threats.  

This is not the first time Italy has taken action against an AI company. In 2023, Garante temporarily blocked OpenAI’s ChatGPT over privacy issues. OpenAI was later fined €15 million after being accused of using personal data to train its AI without proper consent.  


Impact on the AI and Tech Industry

The crackdown on DeepSeek comes at a time when AI technology is shaping global markets. Just this week, concerns over China’s growing influence in AI led to a significant drop in the U.S. stock market. The NASDAQ 100 index lost $1 trillion in value, with AI chipmaker Nvidia alone suffering a $600 million loss.  

While DeepSeek has been removed from Italian app stores, users who downloaded it before the ban can still access the chatbot. Additionally, its web-based version remains functional, raising questions about how regulators will enforce the restriction effectively.  

As AI continues to make new advancements, countries are becoming more cautious about companies that fail to meet privacy and security standards. With multiple nations now investigating DeepSeek, its future in Western markets remains uncertain.



Read more »
Network Security
Backdoor China Contec Data Breach Healthcare Network Security

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals. 

CIS finds hidden backdoor in Chinese software

Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description. 

The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users. 

Details about three flaws

The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnerabilities “filed under CVE-2024- 12248, which indicates that it could allow an attacker to write data remotely to execute a code” and “CVE-2025-0683, which relates to privacy vulnerability.”

Impact of vulnerabilities

The three cybersecurity flaws can allow threat actors to dodge cybersecurity checks, get access, and also manipulate the device, the FDA says, not being “aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time."

FDA said that Contec Medical Systems is a device manufacturer in China, its products are used in the healthcare industry- clinics, hospitals, etc., in the US and European Union. However, experts found that these can also be bought from eBay for $599. 

About Contec

These devices are also rebranded as Epsimed MN-120, the FDA believes. Contec products are FDA-approved and sold in more than 130 countries. As part of its vulnerability disclosure process, the CISA research team discovered uncovered this flaw. 

The agency has also mentioned that the IP address is not linked with any medical device manufacturer, “Still, it is a third-party university, though it doesn't mention the university, the IP address, or the country it is sending data to,” reports Tom Hardware. 

The CISA has also assessed that the coding was meant to be a substitute update system because it doesn’t include standard update techniques like doing integrity checks or tracking updated versions. Instead, it offers a remote file sent to the IP address. To solve this, the FDA suggests removing the monitoring device from its network and tracking the patient’s physical condition and vital stats.

Read more »
US
China Cyber Security National Security Security States US

US Imposes Ban on Chinese and Russian Tech in Passenger Cars Over Security Risks

 

The United States has introduced a new regulation barring the use of Chinese and Russian technology in passenger vehicles sold domestically, citing national security risks. According to AFP, the ban covers both hardware and software from these countries, forming part of a broader effort to reduce China's influence in critical industries.

Outgoing President Joe Biden initiated the rule after a prolonged regulatory process aimed at tightening controls on foreign-linked technologies. This follows recent debates over restricting drones and other equipment from adversarial nations. Commerce Secretary Gina Raimondo highlighted the growing reliance of modern cars on advanced technology like cameras, microphones, GPS systems, and internet connectivity, which could pose risks if developed using foreign components.

"This is a targeted approach to keep Chinese and Russian-manufactured tech off American roads," said Raimondo.

The rule initially applies to passenger vehicles under 10,001 pounds, with plans to extend it to commercial vehicles, such as buses and trucks, in the future. It prohibits manufacturers with significant ties to China or Russia from selling cars equipped with foreign-made hardware or software for internet connectivity or autonomous driving.

Implementation will occur in two stages:

  • Software ban: Effective from the 2027 model year.
  • Hardware ban: Beginning with the 2030 model year.Imports of such technology from China and Russia will also face restrictions.

The regulation could affect companies like BYD, a Chinese electric vehicle manufacturer operating a facility in California that produces buses and other vehicles. US officials have raised concerns that connected vehicles equipped with foreign technology could be exploited to misuse sensitive data or interfere with critical systems.

National Economic Advisor Lael Brainard warned, "China is attempting to dominate the future of the auto industry," underscoring the need to shield American vehicles from foreign influence.

The new rule aligns with a broader strategy to bolster domestic industries and reduce dependence on foreign technologies. On the same day, President Biden signed an executive order to fast-track the development of AI infrastructure in the US.

"We will not let America fall behind in building the technology that will define the future," Biden stated.

As Biden prepares to leave office, these measures will transition to the administration of President-elect Donald Trump, who takes office next Monday. While it remains uncertain how Trump will handle these policies, significant shifts in strategy are anticipated.
Read more »
TSA
China CISA Cyber Security transport TSA

New TSA Rules to Boost Cybersecurity in Transport






The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements for certain segments last year after a ransomware attack hit Colonial Pipeline, causing fuel shortages along the U.S. East Coast.


Locked In Securely

Since the Colonial Pipeline incident, the Transportation Security Administration has issued a number of temporary rules regarding cybersecurity risks in critical infrastructure. The new proposed rule would bring these temporary rules into permanence and codify a consistent approach throughout transportation on cybersecurity matters. As Administrator Pekoske pointed out, "TSA has been working extremely closely with industry partners to assist in enhancing the cybersecurity resilience of our nation's critical infrastructure."


Key Components of the Proposed Rule

This new law applies to a large scope of pipeline and railroad operators and places restrictions only on some bus companies. Its main emphasis is put on the implementation of cyber risk management plans that shall encompass:

  • Annual Cybersecurity Reviews: These reviews will require assessments and improvements in cyber defences.
  • Vulnerability Assessments: Conduct vulnerability assessments of security weaknesses that have not been remediated. Such assessments shall be conducted either by the covered entity's own personnel or a third party, but such personnel shall have no conflict of interest with respect to the covered entity.
  • Operational Cybersecurity Plans: They would describe the functions of personnel in a cybersecurity company, what is in place to protect critical systems, and procedures in identifying a threat to and responding to it.

Under these proposed regulations, operators would have to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) to receive faster response to and support of a threat.


Impact and Cost

The TSA estimated that the rulemaking would affect about 300 transportation operators-from pipelines, freight railroads, to public transportation agencies. These include 73 freight railroads, 34 public transportation systems, 71 over-the-road bus companies, and 115 pipeline facilities. Compliance and TSA oversight are estimated to cost the industry $2.1 billion over the next ten years.

The TSA attributed the regulations to the emerging threats of cyber attacks posed by nation-state actors and cybercriminals, who often target U.S. infrastructure in efforts to disrupt it and further inflict economic damage. Countries, according to the TSA, "such as Russia and China" were cited as frequent sources of cyberattacks on American critical infrastructure.

The agency's proposal underlines the need for uniform cybersecurity measures to be taken as soon as possible as cyber threats are becoming more advanced: they are now set to use artificial intelligence to deliver faster, undetectable attacks.


Industry Reaction and Flexibility

The proposal takes place on the grounds that the earlier directions were considered too elaborative by the transporters who had imparted them. The TSA will be more agile and results-driven now, allowing the companies to engage themselves in security solutions pertaining to the specific needs of each one.

The proposed rule will be open to comments from the industry until February 5 while reviewing all the responses the TSA will have before finalising the rule. The agency looks forward to providing enhanced cybersecurity and resilience within U.S. surface transportation systems by defeating the increasing cyber threats.


Read more »
Winos4.0
China Hackers malware Windows Winos4.0

Growing Use of Winos4.0 Toolkit Poses New Threat to Windows Users

 



Advanced hacking toolkit Winos4.0 spreads across the globe, security experts warn. Originally reported by Trend Micro, this new toolkit-just like known kits Cobalt Strike and Sliver-was connected to a string of recent cyber attacks in China, having initially spread through fake software downloads. This year, Fortinet reported that the toolkit is also disseminated through game-themed files, which now tends to expand and might pose a risk to a larger user base.


Attack Framework

Winso4.0 is a post-exploitation toolkit: after successfully gaining initial access to a system, the attackers use it for further invasion and domination. First, it was discovered inside the applications downloaded by users who considered it software in their interest, including VPNs or Google Chrome downloads for the Chinese market. Under the aliases Void Arachne or Silver Fox, the attackers entice users with these very popular applications full of malicious components designed to compromise their systems.

New strategies involve attackers using game applications, via which they have broadcasted Winos4.0, again targeting Chinese users mainly. This way, hackers change and utilise attractive downloads to penetrate devices.


Infection Stages

When one of such benign-looking files is downloaded by a victim, the Winos4.0 toolkit initiates a four-phase infection:

1. Stage 1: After installation, a DLL file you.dll, was retrieved from a remote domain. This file installed persistence on the device by setting values in the Windows Registry such that the malware would persist after the system restarts:.

2. Stage 2: At this step, the injected shellcode is loaded to download necessary APIs and communicate with a C2 server, which enables hackers to send commands and retrieve files from the infected device.

3. Stage 3: It fetches more encoded data from the C2 server in a second DLL file named上线模块.dll which saves to the Windows Registry to be used later, apart from updating server addresses to maintain an active link between the malware and its operators.

4. Final Stage: The last stage (login module.dll) will activate all main functions of the toolkit, including detailed system data gathering (like IP address and type of OS), detection of security tools, searching for crypto-wallets, and keeping a hidden backdoor. Through this backdoor connection, hackers can exfiltrate data, execute commands, and sustain their activity monitoring.

 

Evasion Techniques

Winos4.0 already has an inbuilt scanner for the detection of security products, including commercial products by Kaspersky, Avast, Bitdefender, and Malwarebytes. It will then change its behaviour to avoid detection or even quit if the toolkit finds itself running in an environment that is under surveillance. This versatility makes the tool very dangerous when it gets into cybercriminals' hands.

 

Emerging Menace

The fact that the toolkit Winos4.0 is still being used and fine-tuned points towards the growing importance of this toolkit in cyberattack strategies. As explained by Fortinet, it is a versatile and powerful framework "designed for remote control of compromised systems." Ongoing activity like this indicates that Winos4.0 is becoming a tool hackers like to use to gain control over Windows machines.


Preventive Actions

Always ready for downloading is a constant warning from the security experts to users, especially when it comes to free softwares or games which seem popular.

Avoid downloading applications and other forms of files from unknown sources. Even verifying if the software or file is coming from a legitimate source may also save it from infection. Moreover, one's security software must be updated frequently.

Knowing the threats of Winos4.0 would prevent many users from this malicious software by making them aware of this sophisticated malware.


Read more »
Subscribe to: Posts (Atom)