Chinese regulators have suspended cybersecurity cooperation with Alibaba Cloud Computing, a subsidiary of the Alibaba Group, according to online sources. The reason for this was accusations of the company withholding information about security problems. This was reported by the Reuters news agency, citing data from the Chinese government media.
The report said that Alibaba Cloud did not immediately provide the Ministry of Industry and Information Technology of China with data on vulnerabilities in the popular logging tool Log4j, which is distributed as a library along with Apache. In response, the regulator decided to suspend cooperation with Alibaba Cloud, which provides for joint work in the field of cybersecurity and data exchange.
The possibility of renewal of cooperation will be considered in six months, if the company carries out during this time some reforms aimed at changing a number of work processes. Alibaba Cloud officials refrain from commenting on the matter.
The refusal of the regulator to cooperate with a private company underlines the intentions of the Chinese authorities to tighten control over key network infrastructure and user data to protect national security interests. Earlier, the Chinese government asked state-owned companies to migrate their data from the cloud structures of private companies such as Alibaba and Tencent to a government-backed cloud system next year.
As for the mentioned vulnerability, it was named Log4Shell and was found to be extremely dangerous. The fact is that an exploit based on it can be used to attack devices without any interaction with the victim. In this case, the attacker gains full control over the device, including the ability to execute arbitrary code bypassing security systems.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated