Cyber Bites

Winnti Group hackers have updated their arsenal with a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. The hacking group's ShadowPad malware also received some updates, with random module IDs and some extra obfuscation being the most noteworthy additions according to ESET researchers who monitored the hackers' attacks throughout the year. Source: Bleeping Computer

A couple in the UK experienced a weird bug on their Samsung Galaxy S10 that allows bypassing the fingerprint reader to unlock the phone regardless of the biometric data registered in the device. Endeavors in the past tricked biometric protection in phones from multiple brands. Hackers were able to recreate a fingerprint from high-resolution photos and transfer them onto a thin film. Source: Bleeping Computer

Numerous people are reporting that they have been locked out of Facebook after reporting fake user profiles to the social site. Some users claim that this has been happening for over a week. According to claims by many users under the Twitter #FacebookLockout hashtag, when people report a fake account to Facebook, about 30 minutes later they find that they have been locked out of their account. Source: Bleeping Computer

Pitney Bowes reported today that it was hit with malware that has made some files inaccessible, but stopped short of calling it a ransomware attack. Pitney Bowes said the attack has encrypted some corporate information and disrupted customer access to certain services, but at this time the company does not believe any customer or employee information has been exfiltrated from its network. Company executives have made no mention of a ransom being demanded. Source: SC...

The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government. Apple is sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. The data shared is tied to the Safari Safe Browsing technology. Revelations of the relationship have drawn criticism from security and privacy experts. Source: Threatpost

In order to understand what people are doing to protect themselves from the risk of compromised smart home devices, such as internet-connected TVs, smart thermostats, home assistants and more, ESET polled 4,000 consumers. Key findings include: Over a third of all respondents indicated they are concerned about unauthorized access of their home networks via connected home devices (smart TVs, smart thermostats etc.). 35% of Americans and 37% of Canadians indicated so in our survey. When purchasing a smart home device, most...

Security vulnerabilities in systems used by several South African banks exposed the personal data of people who applied for home loans. Information about the flaw came from a source who spoke to MyBroadband on condition that they remain anonymous. The existence of the flaws were confirmed by E4 Strategic, the company which develops and maintains the systems. The company also stated that the vulnerabilities were discovered and fixed, and that there is no evidence of any...

The rollout of fifth-generation mobile networks — which offer the potential for downloads speeds of up to 10 times faster than today’s — will change how we communicate, work and stream video. However, the faster speeds are also likely to present an opportunity for hackers to target more devices and launch bigger cyber attacks, experts say. The problem is unlikely to be the security of 5G technology itself. Despite researchers uncovering apparent flaws in 5G’s...

NATO and Japan held cyber defence staff talks this week to assess current cyber threats and policy developments. “Cyber threats are becoming more complex, destructive, and coercive. Their enduring and evolving nature demands that we continue to adapt and respond appropriately. To adapt to this quickly changing environment, NATO must leverage our unique network of Allies, partner countries and organizations,” said Christian Liflander, Head of the Cyber Defence Section at NATO Headquarters. Source: UK Defence Journal

The standards for Internet email have never evolved to include robust sender identity validation. As cyber-attack become more sophisticated, this places enterprises at an increased risk, according to a new report from Valimail. The new report is titled "Email Fraud Landscape: BEC explodes as attackers exploit email’s identity crisis", and the Valimail analysis surveys the current vulnerabilities impacting on businesses. BEC represents "business email compromise." A key risk identified in the report comes from impersonation. The collated...