Yazılar

US cybersecurity firm F5 breach linked to Chinese state-backed hackers, sources say

/in /tarafından

A breach at U.S.-based cybersecurity company F5 has been attributed to state-backed hackers from China, according to two people familiar with the investigation. The revelation comes a day after U.S. officials warned that federal networks using F5 products were being targeted by a “nation-state cyber threat actor.”

Sources told Reuters that the hackers had been inside F5’s network for over a year, gaining access to sensitive files, including parts of the company’s source code and details about vulnerabilities that could be exploited to attack government and corporate systems.

The Cybersecurity and Infrastructure Security Agency (CISA) said the breach posed an imminent threat to U.S. federal networks and urged immediate patching and updates to F5 devices. Acting Director Madhu Gottumukkala warned that the same vulnerabilities could lead to “a catastrophic compromise of critical information systems” across sectors.

F5, which provides security and networking products to both public and private clients, has not commented on the attribution. The company previously confirmed unauthorized access to some internal systems but said its operations were unaffected.

Responding to the allegation, Chinese Embassy spokesperson Liu Pengyu said Beijing “opposes and combats hacking activities in accordance with the law” and criticized what it called “false information for political purposes.”

U.S. investigators are continuing to assess the full scope of the breach, which highlights the persistent cybersecurity risks facing key technology providers in both government and industry supply chains.

US warns hackers exploiting F5 vulnerabilities pose imminent threat to federal networks

/in /tarafından

U.S. officials have warned that government networks are being targeted by a nation-state cyber threat actor exploiting vulnerabilities in products made by F5, a major cybersecurity and networking firm. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering federal agencies to locate and patch affected systems immediately.

According to CISA, hackers compromised F5’s internal systems, stealing files that included portions of its source code and information about undisclosed vulnerabilities. Officials said the stolen data could serve as a blueprint for future intrusions, enabling attackers to breach F5 devices and potentially gain full control over government or corporate networks.

“The cyber threat actor presents an imminent threat to federal networks,” said Nick Andersen, CISA’s Executive Assistant Director for Cybersecurity. He urged all organizations using F5 products to apply updates urgently, warning that the risk extends “to every organization and sector.”

F5 said it discovered unauthorized access on August 9 and quickly took “extensive actions” to contain the breach, engaging outside experts including CrowdStrike, Mandiant, and NCC Group. The company said there was no evidence its software development processes were tampered with, and operations remain unaffected. However, information from a few customers was accessed, and those affected have been contacted.

The U.S. Department of Justice delayed public disclosure of the breach until September 12 for national security reasons. The UK’s National Cyber Security Centre also issued a parallel warning urging users to install security updates.

TikTok Collected Sensitive Data on Canadian Children, Probe Reveals

/in /tarafından

TikTok has pledged to strengthen safeguards to keep children off its platform after a Canadian investigation concluded that the company failed to adequately block underage users and protect their personal information.

The inquiry, led by Canada’s federal privacy commissioner Philippe Dufresne along with privacy watchdogs in Quebec, British Columbia, and Alberta, found that hundreds of thousands of Canadian children used TikTok annually despite the platform’s minimum age requirement of 13.

Investigators also determined that TikTok collected sensitive personal data from “a large number” of children and used it for marketing and content-targeting purposes. “TikTok collects vast amounts of personal information about its users, including children. This data is being used to target the content and ads that users see, which can have harmful impacts, particularly on youth,” Dufresne said at a press conference.

In response, TikTok agreed to adopt stricter age-verification systems, improve transparency about how user data is used, and prevent advertisers from directly targeting anyone under 18, except through broad categories such as language or approximate location. The company also expanded the privacy information available to Canadian users.

A TikTok spokesperson said the company was pleased regulators accepted several of its proposals to “further strengthen” protections for Canadian users, while noting disagreement with some of the findings. The spokesperson did not specify which ones.

The case comes amid growing global scrutiny of TikTok due to concerns about its ties to China. TikTok is owned by Beijing-based ByteDance, and governments worldwide—including the EU and the U.S.—have taken steps to restrict or ban the app on official devices.

In Canada, the government launched a review of TikTok’s planned expansion in 2023, which ultimately led to an order demanding the company shut down its Canadian operations over national security risks. TikTok is challenging that order.