Cyber Bites

Researchers have discovered a new way for bad actors to listen to homeowners' private conversations by hacking into their robot vacuums. Robot vacuums, such as Roombas, use smart sensors to autonomously operate. Attackers hack into the targets vacumes using the LiDAR smart sensors, with researchers thus giving the attacks the name “LidarPhone”. LiDAR stands for Light Detection and Ranging and is the remote sensing method robot vacumes use to sense when they are near to...

A critical flaw in Facebook's messenger app allowed Android users to listen to other users surroundings without their permission when calling using the app. Facebook has recently fixed the fatal flaw, but the app had been downloaded by 1 billion Android devices according to the Play Stores official page, putting 1 billion users at risk.

The Russian hacker group REvil have recently launched an attack on famed televangelist Kenneth Copeland. The group are threatening to release 1.2 terabytes of his personal sensitive data if he refuses to pay their ransom demands. REvil published a public statement on Wednesday saying that they had taken over the servers of Kenneth Copelands Ministries, which is the international church of the 83-year-old pastor based in Texas. REvil said in their statement that 'absolutely all...

A vulnerability has been discovered in Cisco's Webex conferencing application which allows meeting attendees to act as 'ghosts'. The flaw (CVE-2020-3419) allows any member of the meeting to spy on potential company secrets being shared. Attacks can be remote, but they would need to access the meeting before joining it, having the meetings 'join' links and passwords. This means that the flaw is only of medium severity, with Cisco giving it a 6.5 out of...

Researchers from the security firm Symantec have discovered a major hacking campaign that is using sophisticated techniques in order to compromise companies networks worldwide. It is thought that the hack has been funded by the Chinese government, with a well-know hacking group initiating the attacks using both off-the-shelf and custom-made tools. One of the tools used exploits Zerologon, one of Windows server vulnerabilities which was patched in August. Once Zerologon is successfully hacked it can...

This week the Senate has unanimously passed a bipartisan legislation bill which aims to increase the cybersecurity of internet-connected devices. The Internet of Things Cybersecurity Improvement Act will require all internet-connected devices purchased by the US government, such as computers, tablets and mobile phones, to comply with the minimum security recommendations which will be issued by the  National Institute of Standards and Technology. The new bill will require any private-sector group that provides devices to...

Security researchers have already begun to see a spike in the number of phishing attacks in the build-up to Black Friday and Cyber Monday, taking place November 27th and 30th. Check Point Software have recently published a new report that has shown a rise in phishing emails, with an increase of over 13 times in the last six weeks. Currently, one in 826 emails delivered are phishing attempts, while at the start of October it...

Canada's federal government are planning to charge fines to any company that violates their privacy laws, with fines running up millions of dollars. Navdeep Bains, the Innovation Minister, has introduced the Digital Charter Implementation Act - officially titled "Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts." This new act aims to refurbish Canada's decades-old privacy laws,...

President Donald Trump has recently fired his head of Cybersecurity and Infrastructure Security Agency (CISA). Christopher Krebs was heading up the federal government's election cybersecurity efforts but was recently fired via Twitter by the president. Krebs began to be a target of Trump's after the November 3rd election. Kreb's agency runs a Rumor Control blog, which has a list of reputed claims about election fraud and hacking. Many of these claims, however, have been stated...

On Monday Twitter assigned Pieter Zatko, also known by his hacker handle name Mudge, as their new head of security. Zatko will be responsible for recommending changes in the structure and functions of the social media giant. Zatko is under a 40 to 60-day review and will be reporting to Twitter's CEO, Jack Dorsey, during this time. During his residency in this role, Zatko will be taking over management of key functions. In an interview,...