Cyber Security Headlines: China hacked Japan’s NISC, trafficking fuels cyber scams, China approves generative AI

Chinese threat actors breached Japan’s cybersecurity agency

Earlier this month, Japan’s National Center of Incident Readiness and Strategy, or NISC, disclosed a data breach exposed emails to a third-party. The Financial Times’ sources say the Japanese government believes China’s People’s Liberation Army orchestrated the attack. It’s believed the hack took place in October 2022, but not discovered until June. The NISC warned citizens of “suspicious phone calls and emails” claiming to come from the agency. In response to the attack, Japan plans to boost its cybersecurity budget 1000% over the next five years.

(Financial Times)

Human trafficking into cyber scams

A new report from the UN’s Office of the High Commissioner for Human Rights documented the scale of human trafficking operations that force people to run cyber scams. It found “credible sources” in Cambodia and Myanmar that over 200,000 people are involuntarily involved in these schemes. It also found evidence of the practice in East Africa, Egypt, Turkey, and Brazil. Often people become ensnared in these scams by accepting “job offers” in another country. Upon arrival, the traffickers keep employees in compounds and force them to work scams to “repay” so-called relocation costs. Victims that escape can often face prosecution in their home country for their “crimes” while imprisoned. 

(The Record)

China set to approve first generative AI services

It might feel like we’ve hit a saturation point on news about generative AI. It seems like we’ve had months of wall to wall coverage on LLMs of late. But large parts of the world will soon get their first taste of this potential disruptive tech. Bloomberg’s sources say the Cyberspace Administration of China will soon approve a small number of firms to launch generative AI services to the public. The search giant Baidu will reportedly receive the first regulatory approval, announcing on WeChat it will launch its Enie Bot on August 31st. As part of new regulations in China, companies must pass a security review and file algorithms used for generative AI services. 


VMware Aria vulnerable to authentication bypass

ProjectDiscovery Research published a report detailing the flaw, impacting all Aira 6 branch versions. The flaw opens the door for bypassing SSH to access endpoints, due to a lack of unique cryptographic key generation. VMware released patches and an updated 6.11 version to resolve the bug, but provided no immediate workarounds. Because of Aria’s market position, used for managing virtualized environments and hybrid clouds for large enterprises, VMware notes attackers will be quick to exploit the flaw. 

(Bleeping Computer)

Thanks to our sponsor, AppOmni

SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk.

Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at

Cisco VPNs breached with brute force campaign

Security researchers at Rapid7 report that a campaign began targeting Cisco Adaptive Security Appliance VPNs with brute force and credential stuffing attacks. These attacks targeted appliances not requiring MFA. Researchers found the campaign began in March by the Akira ransomware group. Cisco researchers said many appliances lacked properly configured logging, making investigating the attacks challenging. It’s estimated 11 customers saw breaches over the last five months. 

(Bleeping Computer)

The slow response time of Meta’s Oversight Board

On Platformer, Casey Newton profiled the timeline for Meta’s Oversight Board to review a takedown decision regarding a post inciting violence by Cambodia’s prime minister Hun Sen. Meta reviewed the video when it posted in January. It decided to keep the video online under its “newsworthiness exception,” but referred it to the board for review. The board did not accept the case until two months later in March, releasing a decision to remove the most and suspend Hun Sen’s accounts in late-June. The video itself received over 600,000 views. Meta ultimately decided to remove the post but not suspend the accounts. Newton also noted that as of October, the board only accepted 3 cases for appeal out of hundreds of thousands. 


Rackspace’s ransomware cleanup costs

 Back in December, the cloud hosting company Rackspace experienced a ransomware attack, disrupting its email service to customers. The Play ransomware organization took credit, exploiting a Microsoft Exchange server zero-day. The company disclosed that it estimated the attack cost it $10.8 million in damages. This came from both costs in investigating and remediating the actual attack, as well as from multiple lawsuits from customers. The company expects significant reimbursement on these costs from cyber insurance policies. It’s disclose did not state whether it paid a ransom or not. 

(Dark Reading)

It’s not malware, it’s Microsoft!

Getting unexpected weird pop-ups generally indicates you’re either on a website that doesn’t respect its users, or you’re on a malware-infested machine. But it turns out, you might just be using Windows 11. Microsoft implemented a unique pop-up that sits outside of its notification center, encouraging Chrome users to change their default search to Bing. Adding to the spammy behaivor, the notification comes from a executable installed in the Windows temp folder. After users reported this as possible spam, or at least annoying, Microsot’s director of communications Caitlin Roulston told The Verge it paused the notification to investigate this “unintended behavior.” 

(The Verge)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.