Cyber Bites

A GPS tracker used by elderly people and young kids has a security hole that could allow others to track and secretly record their wearers. It has an in-built SIM card that it used to pinpoint the location of the user, as well as provide hands-free communications through a speaker and mic. As such it is most commonly used by elderly people in case of a fall and on children whose parents want to be...

The Chinese state could cut off cars and household appliances from Britain's 5G network if the country's telecoms giant is allowed to help build the system, according to a former government security adviser. Peter Varnish, who was a senior Ministry of Defence official, suggested a decision by Theresa May to allow Huawei to help build even limited parts of the network such as antennas and other “non-core” infrastructure, could allow Beijing to "shut down" signals...

The latest quarterly data breach report from the Office of the Australian Information Commissioner (OAIC) has revealed over 10 million individuals had their information compromised in one single incident. The current population of Australia is around 25.4 million. While the report did not detail the origin of the breach that affected over 10 million individuals, it did show that the most number of affected individuals from a single finance-related breach was less than 500,000 and...

As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. Data generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark — with most of the vulnerable devices in the U.S. But that only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices...

The cybersecurity skills shortage has gotten worse for the third consecutive year, impacting 74% of organizations worldwide, according to a Thursday report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). The report surveyed 267 cybersecurity professionals worldwide, and respondents reported that they believe the skills gap to be a primary cause for the rise in cybersecurity incidents. Nearly half (48%) of respondents said they experienced at least one security incident over the past...

A successful family of ransomware which has been terrorising organisations around the world has been updated with a new trick to lure victims into installing file-locking malware: posing as anti-virus software. Dharma first emerged in 2016 and the ransomware has been responsible for a number of high-profile cyber incidents, including the takedown of a hospital network in Texas late last year. Source: ZDNet

A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs. Last year, we reported that fake sites were created to promote popular software, but when we analyzed the distributed files, we found that they were pushing adware bundles on unsuspecting visitors. Source: Bleeping Computer

Almost two years since the ransomware attack that brought the NHS (National Health Service) to a halt, healthcare IT professionals feel more confident in their ability to respond to a cyber-attack, according to new research from Infoblox. As healthcare providers continue to undertake digital transformation initiatives in an effort to improve efficiencies and the quality of care they deliver, the risk of falling victim to cyber attack increases. Source: Helpnetsecurity

Well-organised cybercriminals lust after the big bucks, so hijacking business systems for cryptocurrency mining is on the decline, and business email compromise (BEC) is now the thing. Sure, surreptitious mining continues to be feasible when the goal is shifted from the now processor-heavy Bitcoin to Monero and other currencies. But the payoff can still be bigger elsewhere, according to Chris Tappin, a Sydney-based principal consultant with Verizon's Threat Research Advisory Centre (VTRAC). Source: ZDNet

The U.S. Department of Justice has formally charged two members of a hacking group operating in China for illegally accessing computer systems of health insurer Anthem and stealing personally identifiable information (PII) of 78.8 million people. One of the hackers has been identified by his real name, Fujie Wang (a.k.a. Dennis Wang), while another is known only by aliases (a.k.a. Zhou Zhihong, Kim Young, Deniel Jack) and charged as John Doe. They were part of...