Researchers at Proofpoint have detected a resurgence of Mustang Panda activity directed against Chinese Catholics. The Chinese intelligence service threat actor has long been active against ethnic and religious minorities. CyberScoop notes that the group spoofs Catholic journalists’ email headers in its phishbait. Mustang Panda’s present efforts represent a resumption of targeting Recorded Future called out in July.
The FBI yesterday warned of another trend in spoofing: phony domains registered to mislead people into thinking they’re visiting a Bureau site.
CyberNews reports that a number of Chinese-manufactured home routers, including models available from Walmart and Amazon, come with backdoors. The Walmart model named is Jetstream; the device available from Amazon is Wavlink. Walmart says it’s looking into the matter, and that in any case Jetstream is out of stock, and it won’t be reordered.
British consumer group Which? reports having tested eleven smart doorbells and found them wanting. In addition to unbranded Ring knockoffs, the models included systems from Qihoo, Ctronics, and Victure. The BBC says that Victure’s Smart Video Doorbell, “was found to send users’ home network names and passwords unencrypted to servers in China.” The other marques tested were accused of other, lesser but still serious, security misdemeanors.
US President-elect Biden’s transition enters its formal stage. Some of the incoming Administration’s senior appointments will have significant responsibility for cybersecurity and related matters. Prospective appointees mentioned by NPR include Alejandro Majorkas to the Department of Homeland Security, Janet Yellen to Treasury, and Avril Haines to Director of National Intelligence.