News

30% of people say that typing in a password is still their preferred method of logging in to their online accounts according to a survey of 1,050 people in the UK carried out by email services company GMX. Compared to a similar GMX survey in 2016, this number has almost halved from 61%. Despite this, alternative login methods have not yet become widely accepted. The most favoured biometric authentication method in 2019, fingerprint recognition, is...

Cloud infrastructure presents new risks, new systems, and less control for security teams that are already overwhelmed by security alerts, manual processes and siloed security tools that complicate decision-making and the hand-off of remediation to IT counterparts. To help solve this challenge, ServiceNow, the digital workflow company that creates great experiences and unlocks productivity, has extended its security operations portfolio with the release today of two integrations with AWS Security Hub. ServiceNow is aligned with AWS’s strategy...

Multiple antivirus companies are now explicitly flagging in their products an app that Chinese authorities were planting onto the phones of tourists at the country's border. Tuesday, a collaboration between Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR revealed Chinese authorities are installing the malware—called BXAQ or Fengcai—onto travelers' Android devices at a border crossing into Xinjiang, a Western part of China. https://www.vice.com/en_in/article/neayxd/anti-virus-companies-now-flag-malware-china-installs-on-tourists-phones-xinjiang

A 23-year-old man from Utah was sentenced this week to 27 months in prison for a series of DDoS attacks that took down online gaming service providers like Sony's PlayStation Network, Valve's Steam, Microsoft's Xbox, EA, Riot Games, Nintendo, Quake Live, DOTA2, and League of Legends servers, along with many others. Named Austin Thompson, but known online as DerpTrolling, the man is the first hacker who started a trend among other hackers and hacking crews...

New Zealand’s government has pledged a further NZ$8 million ($5.3m) to implement a revised cybersecurity strategy released yesterday. The Cyber Security Strategy 2019 (PDF) will “enable New Zealand to thrive online” by working with public and private sector companies to implement a cybersecurity culture and response to threats. It follows two previous strategies, launched in 2011 and 2015, which were both criticized for not going far enough. The government responded to this by also increasing support for...

A new report has concluded that the United Kingdom’s NHS remains vulnerable to cyberattacks two years on the from WannaCry ransomware attack that cost the healthcare provider £92m in damages and lost productivity. According to a new report on NHS Cyber Security by Imperial College London’s Institute of Global Health Innovation, outdated computer systems, lack of investment and the technology skills deficit has left the NHS open to further attacks. https://www.verdict.co.uk/nhs-cyberattack-third-party-risk/

YouTube recently decided that instructional content in the realm of cybersecurity, including hacking how-to videos, were not acceptable on the ad-driven video platform. There is a gray area to be sure when it comes to teaching people not only how to hack but also educating users more broadly about the infosec industry -- and this fine line between educational purposes and guides for more nefarious activities needs to be publicly maintained https://www.zdnet.com/article/youtube-ban-on-instructional-hacking-causes-infosec-community-outrage/

Foreign cyber attackers tried to hack police and council computers immediately after the Salisbury novichok poisonings. Up to 90,000 attacks a day were launched in the days after the assassination attempt after Sergei Skripal was targeted by the nerve agent in March 2018. Wiltshire Council has revealed it was subjected to the 'well coordinated' hack which saw staff locked out of email and forced them to stop wearing Bluetooth devices such as Fitbit bracelets in...

Amazon has confirmed that the voice recordings produced by customers of the Amazon Alexa smart assistant are held forever unless users manually remove them. Alexa, which is found in products including the Echo smart speaker and Echo Dot, has been the subject of privacy and security concerns in the past -- such as listening in on private conversations and sharing them -- and now, Amazon's confirmation of particular privacy practices may make you think twice about where you...

A senior U.S. official told the Commerce Department’s enforcement staff this week that China’s Huawei should still be treated as blacklisted, days after U.S. President Donald Trump sowed confusion with a vow to ease a ban on sales to the firm. Trump surprised markets on Saturday by promising Chinese President Xi Jinping on the sidelines of the G20 summit in Japan that he would allow U.S. companies to sell products to Huawei Technologies Co Ltd....