Cyber Bites

In China, one of the most successful enterprises to come from their sharing economy has been power bank rentals. However, police in China are warning that mobile battery packs can be used to spread malware.  On Sunday the Ministry of Public Security's online security department published a warning on their official WeChat account which said that shared power banks can be used to transmit Trojan horses and other forms of malware, with power banks of...

A new smartphone tool which can track live side-effect of those vaccinated with the new American coronavirus vaccine is thought to be vulnerable to manipulation. This has raised concerns that malicious actors could access the tools system in order to undermine confidence in the shots, according to both federal and state health officials. The text-messaging system, V-safe, has been designed to provide early indications of possible adverse reactions to the vaccines. V-safe's messaging program will...

A security bug has been found on the PlayStation Now cloud gaming Windows application which has allowed malicious actors to put arbitrary code on Windows devices which are running vulnerable app versions. PlayStation Now has over 2.2 million subscribers in 2020, with this bug potentially harming a large number of users. A bug bounty hunter, Parsia Hakimian, uncovered the vulnerabilities, discovering that the bug affects PlayStation Now version 11.0.2 and earlier on computers running Windows...

A hacker has forced open 2,732 package delivery lockers in Moscow using a cyber-attack. The attack by an unknown hacker too place on Friday afternoon, December 4, targeting PickPoint's network, a local delivery service which looks after a network of over 8,000 package lockers in Moscow and Saint Petersburg. PickPoint's service allows Russians to order products online and have them delivered to any  PickPoint locker instead of their home address. When their package arrives at a...

The government of Kazakhstan is forcing citizens in Nur-Sultan, the countries capital, to install digital certificates on their devices in order to access foreign internet services. The initiative is working under the guise of a "cybersecurity exercise", however, once the certificate is installed it allows the government access to a users device in order to intercept any HTTPS traffic from the devices via a MitM (Man-in-the-Middle) technique. From December 6, 2020, Kazakh internet service providers...

United Arab Emirates government’s cyber security chief has said that the Middle East region is currently facing a “cyber pandemic” after a rise in COVID-19 related attacks. On Sunday Mohamed al-Kuwaiti, head of UAE Government Cyber Security said “As we moved into a full online life, we saw a huge increase in many of those attacks,” when talking to a CNBC-moderated panel at the Gulf Information Security Expo and Conference in Dubai. In 2020 the...

Users of the MetaMask cryptocurrency wallet have been targetted by a phishing scam over the past week which has been luring in victims with Google search ads. MetaMask has a user base of over one million customers. They offer an Ethereum cryptocurrency wallet in the Google browser via an extension which allows distributed applications to read from the blockchain. When installing the extension, a user can either import an existing wallet or create a new...

The construction firm RMD Kwikform has been targeted by a cyber-attack. The company based in Walsall said that they are investigating the breach, which took place in November. RMD Kwikform provides engineering services globally for major infrastructure projects, with 1,400 employees, and around 300 of their employees are based in the UK. The incident was originally reported to the National Cyber Security Centre and Information Commissioner's Office when it took place in November. A spokesman...

TrickBot has released a new “TrickBoot” module which scans for vulnerable firmware and also has the ability to read, write and erase it on devices. The TrickBot malware has once again morphed and adapted, with the malware now being able to inspect the UEFI/BIOS firmware of targeted systems. TrickBot has seen a major resurgence after it experienced a takedown of its infrastructure, headed by Microsoft and others, in October. The Windows Unified Extensible Firmware Interface...

An Israeli insurance company has suffered a data breach with the attackers demanding almost $1 million in bitcoin as a ransom to prevent the companies stolen data being exposed. On November 30 the cybercrime group BlackShadow tweeted that they hacked into Shirbit, an Israeli insurance company, and had stolen files during the attack. "A huge cyberattack has been taken place by Black Shadow team. There has been a massive attack on the network infrastructure of...