Cyber Bites

Multiple antivirus companies are now explicitly flagging in their products an app that Chinese authorities were planting onto the phones of tourists at the country's border. Tuesday, a collaboration between Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR revealed Chinese authorities are installing the malware—called BXAQ or Fengcai—onto travelers' Android devices at a border crossing into Xinjiang, a Western part of China. https://www.vice.com/en_in/article/neayxd/anti-virus-companies-now-flag-malware-china-installs-on-tourists-phones-xinjiang

A 23-year-old man from Utah was sentenced this week to 27 months in prison for a series of DDoS attacks that took down online gaming service providers like Sony's PlayStation Network, Valve's Steam, Microsoft's Xbox, EA, Riot Games, Nintendo, Quake Live, DOTA2, and League of Legends servers, along with many others. Named Austin Thompson, but known online as DerpTrolling, the man is the first hacker who started a trend among other hackers and hacking crews...

New Zealand’s government has pledged a further NZ$8 million ($5.3m) to implement a revised cybersecurity strategy released yesterday. The Cyber Security Strategy 2019 (PDF) will “enable New Zealand to thrive online” by working with public and private sector companies to implement a cybersecurity culture and response to threats. It follows two previous strategies, launched in 2011 and 2015, which were both criticized for not going far enough. The government responded to this by also increasing support for...

A new report has concluded that the United Kingdom’s NHS remains vulnerable to cyberattacks two years on the from WannaCry ransomware attack that cost the healthcare provider £92m in damages and lost productivity. According to a new report on NHS Cyber Security by Imperial College London’s Institute of Global Health Innovation, outdated computer systems, lack of investment and the technology skills deficit has left the NHS open to further attacks. https://www.verdict.co.uk/nhs-cyberattack-third-party-risk/

YouTube recently decided that instructional content in the realm of cybersecurity, including hacking how-to videos, were not acceptable on the ad-driven video platform. There is a gray area to be sure when it comes to teaching people not only how to hack but also educating users more broadly about the infosec industry -- and this fine line between educational purposes and guides for more nefarious activities needs to be publicly maintained https://www.zdnet.com/article/youtube-ban-on-instructional-hacking-causes-infosec-community-outrage/

Foreign cyber attackers tried to hack police and council computers immediately after the Salisbury novichok poisonings. Up to 90,000 attacks a day were launched in the days after the assassination attempt after Sergei Skripal was targeted by the nerve agent in March 2018. Wiltshire Council has revealed it was subjected to the 'well coordinated' hack which saw staff locked out of email and forced them to stop wearing Bluetooth devices such as Fitbit bracelets in...

Amazon has confirmed that the voice recordings produced by customers of the Amazon Alexa smart assistant are held forever unless users manually remove them. Alexa, which is found in products including the Echo smart speaker and Echo Dot, has been the subject of privacy and security concerns in the past -- such as listening in on private conversations and sharing them -- and now, Amazon's confirmation of particular privacy practices may make you think twice about where you...

A senior U.S. official told the Commerce Department’s enforcement staff this week that China’s Huawei should still be treated as blacklisted, days after U.S. President Donald Trump sowed confusion with a vow to ease a ban on sales to the firm. Trump surprised markets on Saturday by promising Chinese President Xi Jinping on the sidelines of the G20 summit in Japan that he would allow U.S. companies to sell products to Huawei Technologies Co Ltd....

Video-sharing app TikTok says it is "sorry" that some children and other young people have felt pressured into sending money to their favourite influencers on the app. TikTok lets fans send their favourite videomakers "digital gifts", which can cost up to £48.99. A BBC investigation found influencers promising to share their phone numbers with fans in exchange for the gifts. TikTok said it would strengthen its policies and guidelines but did not explain exactly how....

The US has unveiled plans to use ‘retro' technologies to protect its power grid against cyber attacks. The Securing Energy Infrastructure Act is intended to defend the US energy grid by "partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems". https://www.computing.co.uk/ctg/news/3078333/us-power-grid-cyber-security-retro-defence