This is your Red Alert: China's Daily Cyber Moves podcast.I’m Ting, let’s jack straight into today’s Red Alert on China’s daily cyber moves against the United States.Over the past 72 hours, the loudest alarm is the China‑nexus exploitation of Cisco Secure Email Gateway and Secure Email and Web Manager, tracked as zero‑day CVE‑2025‑20393. Cisco Talos and Cisco’s advisory say a state‑backed Chinese group, tagged UAT‑9686 by researchers, has been quietly owning these appliances since late November, using them as beachheads to read, reroute, or poison email flows for government, finance, and critical infrastructure in the US and allies. Security Affairs and TechCrunch‑summarized reporting note hundreds of potentially exposed systems globally, with dozens in the United States, and no patch yet on the table.Timeline check: late November, initial exploitation; early December, Cisco’s internal detection; this past week, public disclosure and emergency guidance; today, Shadowserver and Censys still see over a hundred vulnerable Cisco email devices online, many in US government and enterprise networks. No patch plus active exploitation equals worst‑case “persistent Chinese foothold in your mail perimeter” if you’re not ripping and rebuilding those boxes like Cisco bluntly recommends.According to CyberWire’s December 18 briefing, CISA has quietly pushed federal agencies to treat this as a priority‑one incident: assume compromise if the devices were exposed with spam quarantine enabled, hunt for custom webshells and log‑wiping utilities, and stand up out‑of‑band email routing until you’re clean. CISA’s broader ICS advisories and Known Exploited Vulnerabilities updates this week also highlight Chinese‑manufactured tech in maritime and port systems, echoing an April cyber analysis bulletin warning that US maritime networks are soft targets for Chinese vendors with hidden access.Meanwhile, researchers at ESET, via HelpNetSecurity’s week‑in‑review, just detailed LongNosedGoblin, a China‑aligned espionage cluster abusing Windows Group Policy for stealthy lateral movement. They’re aiming mostly at governments in Southeast Asia and Japan, but the tooling—policy‑based malware deployment, long‑term credential theft—maps perfectly to US targets if Beijing decides to pivot.Here’s how this escalates if listeners don’t move: step one, persistent access through Cisco email gear; step two, credential harvest from mailboxes and SSO links; step three, push LongNosedGoblin‑style payloads via compromised admin accounts; step four, position inside US critical infrastructure for sabotage options during a Taiwan, South China Sea, or trade crisis.Defensive actions, rapid‑fire: inventory and isolate every Cisco Secure Email Gateway and Web Manager; if internet‑exposed with quarantine on, treat as breached and rebuild; enable full packet capture around mail perimeters; enforce phishing‑resistant MFA and strict admin segmentation; monitor Group Policy for unexpected new objects or scripts; and subscribe to CISA, FBI, and sector ISAC alerts so you hear the siren the second it sounds.I’m Ting, thanks for tuning in—stay patched, stay paranoid, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios