scmp.com - The new virtual ID scheme has been in the beta stage since a draft regulation was launched in July last year.

China has officially introduced a controversial national cyber ID system, despite concerns from some experts and netizens over privacy and censorship.

The system aims to “protect the security of citizens’ identity information”, according to regulations that went into effect on Tuesday, backed by the Ministry of Public Security, the Cyberspace Administration of China, and four other authorities.

The app, whose beta version was launched last year, issues an encrypted virtual ID composed of random letters and digits so the person’s real name and ID number are not given to websites when verifying accounts. So far, it is not-mandatory for internet users to apply for the cyber ID.

Starting in 2017, Beijing started ordering online platforms to adopt real-name registration for applications such as instant messaging, microblogs, online forums and other websites that ask netizens to submit their ID numbers. Separately, official ID has been required to register a mobile phone number in China since 2010.

Our first network security analysis of the popular Chinese social media platform, RedNote, revealed numerous issues with the Android and iOS versions of the app. Most notably, we found that both the Android and iOS versions of RedNote fetch viewed images and videos without any encryption, which enables network eavesdroppers to learn exactly what content users are browsing. We also found a vulnerability in the Android version that enables network attackers to learn the contents of files on users’ devices. We disclosed the vulnerability issues to RedNote, and its vendors NEXTDATA, and MobTech, but did not receive a response from any party. This report underscores the importance of using well-supported encryption implementations, such as transport layer security (TLS). We recommend that users who are highly concerned about network surveillance from any party refrain from using RedNote until these security issues are resolved.

An Elon Musk-funded PAC is targeting Republicans with ads that depict a fever-dream caricature of what Harris would do if elected president.

In recent years, cybercriminals have become increasingly professional — fraudsters have consistently been improving their skills, making less crucial mistakes, and creating various “as-a-service” businesses to help lower-skilled threat actors launch scams and attacks, allowing the latter to run full cybercrime operations.

There are different types of cybercrime services that exist today, including malware-as-a-service, where cybercriminals develop and sell malware services to other malicious actors; the service also includes creating and spreading malware types such as ransomware on compromised hosts. Meanwhile, other services require the use of multiple social media accounts to be successfully carried out, such as misinformation, spamming, and malware propagation. Indeed, it’s not uncommon for cybercriminals to send thousands of spam messages using thousands of accounts on social media platforms. But how do they manage to automate all of it?