The Cyber Week in Review will not be published for the next two weeks, Happy Holidays!
Log4j vulnerability a serious threat to hundreds of millions of devices
A new vulnerability was detected this week in a widely used open-source software. The effects of the Log4j vulnerability, known as Log4Shell, will likely be felt for years to come, and Biden administration officials have called it one of the most severe vulnerabilities they have ever seen. Nation-state actors, including Iranian and Chinese hackers, are already exploiting the vulnerability. Log4j is used widely throughout the infrastructure of the internet, and companies may fail to realize how deeply their systems are impacted. The Equifax hack, which leaked the sensitive information of over 143 million U.S. consumers, was enabled by a similar vulnerability in open-source software, which Equifax had failed to apply an already available patch for.
Huawei documents reveal alleged sale, use of surveillance technologies
According to internal documents accessed by The Washington Post, the Chinese telecommunications giant Huawei actively marketed voice recording analysis, prison and detention center monitoring, and location tracking which abetted Beijing’s repressive crackdown on ethnic Uyghurs in Xinjiang Province. Although Huawei has denied knowledge of the projects described in the report, the revelations come at a time when Chinese surveillance technologies have come under immense public scrutiny. Last month, it was revealed that China’s Henan Province launched a sprawling surveillance system to track journalists and “suspicious individuals”.
Ukraine arrests dozens accused of selling data of more than 300 million people
Ukraine announced the arrests of a number of illegal data brokers within the country. The police also shut down and seized the servers for some of the most popular sites used to sell data in Ukraine. The fifty-one individuals arrested are accused of selling names, addresses, phone numbers, vehicle registration numbers, and other personal data on more than 300 million people from across Europe, the United States, and Ukraine. The arrests are part of a larger campaign against cybercriminals in Ukraine, as police arrested a group of five men accused of hacking into mobile devices and stealing credit card information.
Biden administration ramps up restrictions on Chinese technology firms
The Biden administration placed eight Chinese technology companies on a blacklist earlier this week, which bars U.S. individuals and companies from investing in the companies, including the AI company SenseTime, over their involvement in surveillance of the Uyghur minority. In addition the U.S. Treasury and Commerce Department issued an updated entity list featuring dozens of Chinese companies for their support of military modernization and development of surveillance technologies , including DJI Technology, world’s largest commercial drone-maker. The updated list reflects U.S. officials growing concern about biotechnology. It sanctions the Academy of Military Medical Sciences and research institutes under its control for work on “brain-controlled weaponry”.
Oppo launches first in-house chip
A week after an initial announcement on December 8, Chinese smartphone brand Oppo officially unveiled its first in-house semiconductor line on December 14. The MariSiliconX chip, built using 6-nanometer process manufactured by Taiwan Semiconductor Manufacturing Co (TSMC), has been under development since 2019 and is expected to be released in Q1 of 2022. Oppo’s move to build in-house chips is part of Beijing’s efforts for semiconductor self-reliance amidst global supply chain disruptions. The smartphone maker joins fellow Chinese tech giants Huawei and Xiaomi, who in recent months have also doubled down on efforts to reduce foreign dependence in the chip sector.