Welcome reader to your CybersecurityHQ report.

Headlines

A significant leak from I-Soon, a security contractor linked to China's Ministry of Public Security, has unveiled a comprehensive surveillance and hacking operation targeting both Chinese citizens and foreign individuals. The leaked documents reveal the monitoring of ethnic minorities and dissidents, particularly in sensitive regions like Hong Kong and Xinjiang, and detail I-Soon's cyber espionage efforts across Asia, including hacking foreign networks and manipulating social media narratives in favor of Beijing.

The leak also shows tools and techniques for cyber surveillance and espionage — implicating  I-Soon and suggesting ties to China's Ministry of State Security and the People's Liberation Army. The breach has sparked widespread concern over China's cyber capabilities and their extensive reach.

In more China-related news this week, President Biden is set to sign an executive order aimed at enhancing the cybersecurity of U.S. ports. The order focuses on the cybersecurity of maritime operations and infrastructure — with the biggest ticket item being ship-to-shore cranes, 80% of which are manufactured in China and use Chinese software.

The move is part of a broader effort to safeguard America's ports, which account for upward of 31 million jobs and an enormous swathe of the economy, from cyber threats that could disrupt domestic and global supply chains.

Apple has introduced PQ3, a “post-quantum” cryptographic protocol for iMessage. The company says it offers protection against potential future quantum computing threats. PQ3 will hopefully ensure that iMessage communications remain secure, even if an encryption key is compromised, by automatically updating post-quantum keys.

This protocol, which combines post-quantum algorithms with traditional Elliptic Curve cryptography, aims to safeguard against both current and future cyber threats, including 'Harvest Now, Decrypt Later' attacks. PQ3, currently in beta, will be a default feature in the upcoming iOS, iPadOS, macOS, and watchOS updates, marking a significant leap in messaging security.

Interesting Read

In this post by Brian Keeter, writing for DarkReading, four steps to reevaluate cybersecurity priorities provide a wake-up call for some. The main gist of the article involves making sure to involve leadership, audit info, create an incident response plan, and keep cyber hygiene training fresh at every level of your organization.

So much of cybersecurity comes down to the fundamentals, and this article reminds us that significant drift can often occur in companies — especially when they get to be over the 100-employee mark. For that reason, goin

Employment Tip: Soft Skills

In a field like cybersecurity, technical skills are obviously crucial. But that means that everybody looking for a career has them. That makes soft skills a place where you can easily outshine your competition. Don’t be afraid to take up real estate on your resume with your abilities to problem-solve, communicate, and work well as a member of a team.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team