Cyber Bites

New research has found that it’s possible to use 3D printing technology to create “fake fingerprints” that can bypass most fingerprint scanners used by popular devices. But, creating the attack remains costly and time-consuming. Researchers with Cisco Talos created different threat models that use 3D printing technology, and then tested them on mobile devices (including the iPhone 8 and Samsung S10), laptops (including the Samsung Note 9, Lenovo Yoga and HP Pavilion X360) and smart...

Video conferencing service Zoom has released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app's title bar. The update comes after the company's users have often leaked their meeting IDs, and even meeting passwords, when sharing screenshots of their meetings on social media. Famous incidents include when UK Prime Minister Boris Johnson shared the meeting ID of a UK cabinet meeting, and when members of the Belgium...

NASA has seen "significantly increasing" malicious activity from both nation-state hackers and cybercriminals targeting the US space agency's systems and personnel working from home during the COVID-19 pandemic. Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing attempts, an exponential increase in malware attacks, and double the number of malicious sites being blocked to protect users from...

Google has addressed a security concern with the Face Unlock system on its Pixel 4 smartphones, more than five months after the devices went on sale. In October 2019, a BBC News test found the Face Unlock system allowed access to a person's device even if they had their eyes closed. Security researchers criticised the feature, as it could allow unauthorised access to a smartphone. Google updated the Pixel software on 6 April to address...

In the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. To soften the economic blow dealt by the deadly virus, the US Senate approved a $2tn stimulus package on March 25....

A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place. In a blog post published today, Igor Golovin, malware analyst at Kaspersky, finally...

Cybercriminals are increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019, Menlo Security researchers report. Nearly all (96.7%) user-initiated online visits are served over HTTPS; however, only 57.7% of URLs in...

  On April 1st, 2020, Berkine became a victim of cyber-attack by the notorious Maze ransomware group that is known for its unique blackmailing practices. The attackers managed to steal the entire database containing over 500MB of confidential documents related to budgets, organizational strategies, production quantities, and similar sensitive data. The Maze ransomware group leaked the database containing information about the Sonatrach oil firm. Source: Hackread

  The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time. As reports of “Zoom bombing” explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. Authorities say that anyone who hacks into a teleconference meeting can be charged at the state and federal level. Charges can include the disruption of...

  Facebook has launched a set of tools that use anonymised location data collected from users in a bid to help researchers better understand where the coronavirus outbreak could spread next and the effectiveness of social distancing measures. The new tools, collectively called Disease Prevention Maps, are three separate aggregated datasets that provide information on how people move and interact with each other. Source: ZD Net