It's only fair to share...

To leave a database exposed online for even a brief period of time carries a significant risk for businesses, according to the findings of a recent experiment.

Cybersecurity firm Comparitech set up a honeypot, in the form of a deliberately exposed database hosted on an Elasticsearch instance, which was attacked by unauthorized parties for the first time only 8.5 hours after it was made public.

During the 11-day period in which the fake database remained exposed, hackers attempted to gain access on 175 separate occasions, averaging 18 attacks per day.

• Furloughed workers could be your biggest security threat
• This cruel 'ransomware decryptor' only makes things worse
• These are the global hotspots for coronavirus malware

Unsecured databases

According to the Comparitech report, many hackers rely on IoT search engines such as Shodan.io or BinaryEdge to identify vulnerable databases worthy of attack.

Five days after the honeypot was first deployed, the database was indexed on Shodan, leading to the largest number of attacks in a single day (22). Within just one minute of the honeypot appearing in search listings, two distinct attacks took place.

The report was noted that a significant volume of attacks took place before the database was listed by any search engine, which Comparitech says demonstrates “how many hackers rely on their own proactive scanning tools rather than waiting on passive IoT search engines to crawl vulnerable databases.”

Of the 175 attacks incurred by the honeypot, almost all originated in the United States (89), Romania (38) and China (15). The majority of attacks attempted to gain information about the database and its settings, with hackers using the GET request method in 147 instances and the POST method in 24.

While the company's initial intention was to challenge the assumption that exposing data for a short period is unlikely to result in an attack, the experiment also served to highlight the wide range of cyberthreats businesses face.

After the research had already concluded, a ransomware bot discovered the still public honeypot and deleted the few files that remained – an attack that lasted only five seconds.

“If you want to recover your data send 0.06 TBC to [redacted address] and you must send email to [redacted address] with your IP. If you need a proof about your data just send email (sic). If you don’t do a payment all your data may be used for our purposes and/or will be leaked/sold,” read a note left behind by the malicious bot.

The security firm noted that a portion of the attackers identified as part of the study could well have been fellow security researchers (benign attackers), which are often indistinguishable from malicious actors.

• Here's our list of the best cloud storage services on the market

It's only fair to share...

It's only fair to share...

To leave a database exposed online for even a brief period of time carries a significant risk for businesses, according to the findings of a recent experiment.

Cybersecurity firm Comparitech set up a honeypot, in the form of a deliberately exposed database hosted on an Elasticsearch instance, which was attacked by unauthorized parties for the first time only 8.5 hours after it was made public.

During the 11-day period in which the fake database remained exposed, hackers attempted to gain access on 175 separate occasions, averaging 18 attacks per day.

• Furloughed workers could be your biggest security threat
• This cruel 'ransomware decryptor' only makes things worse
• These are the global hotspots for coronavirus malware

Unsecured databases

According to the Comparitech report, many hackers rely on IoT search engines such as Shodan.io or BinaryEdge to identify vulnerable databases worthy of attack.

Five days after the honeypot was first deployed, the database was indexed on Shodan, leading to the largest number of attacks in a single day (22). Within just one minute of the honeypot appearing in search listings, two distinct attacks took place.

The report was noted that a significant volume of attacks took place before the database was listed by any search engine, which Comparitech says demonstrates “how many hackers rely on their own proactive scanning tools rather than waiting on passive IoT search engines to crawl vulnerable databases.”

Of the 175 attacks incurred by the honeypot, almost all originated in the United States (89), Romania (38) and China (15). The majority of attacks attempted to gain information about the database and its settings, with hackers using the GET request method in 147 instances and the POST method in 24.

While the company's initial intention was to challenge the assumption that exposing data for a short period is unlikely to result in an attack, the experiment also served to highlight the wide range of cyberthreats businesses face.

After the research had already concluded, a ransomware bot discovered the still public honeypot and deleted the few files that remained – an attack that lasted only five seconds.

“If you want to recover your data send 0.06 TBC to [redacted address] and you must send email to [redacted address] with your IP. If you need a proof about your data just send email (sic). If you don’t do a payment all your data may be used for our purposes and/or will be leaked/sold,” read a note left behind by the malicious bot.

The security firm noted that a portion of the attackers identified as part of the study could well have been fellow security researchers (benign attackers), which are often indistinguishable from malicious actors.

• Here's our list of the best cloud storage services on the market

It's only fair to share...

To leave a database exposed online for even a brief period of time carries a significant risk for businesses, according to the findings of a recent experiment.

Cybersecurity firm Comparitech set up a honeypot, in the form of a deliberately exposed database hosted on an Elasticsearch instance, which was attacked by unauthorized parties for the first time only 8.5 hours after it was made public.

During the 11-day period in which the fake database remained exposed, hackers attempted to gain access on 175 separate occasions, averaging 18 attacks per day.

• Furloughed workers could be your biggest security threat
• This cruel 'ransomware decryptor' only makes things worse
• These are the global hotspots for coronavirus malware

Unsecured databases

According to the Comparitech report, many hackers rely on IoT search engines such as Shodan.io or BinaryEdge to identify vulnerable databases worthy of attack.

Five days after the honeypot was first deployed, the database was indexed on Shodan, leading to the largest number of attacks in a single day (22). Within just one minute of the honeypot appearing in search listings, two distinct attacks took place.

The report was noted that a significant volume of attacks took place before the database was listed by any search engine, which Comparitech says demonstrates “how many hackers rely on their own proactive scanning tools rather than waiting on passive IoT search engines to crawl vulnerable databases.”

Of the 175 attacks incurred by the honeypot, almost all originated in the United States (89), Romania (38) and China (15). The majority of attacks attempted to gain information about the database and its settings, with hackers using the GET request method in 147 instances and the POST method in 24.

While the company's initial intention was to challenge the assumption that exposing data for a short period is unlikely to result in an attack, the experiment also served to highlight the wide range of cyberthreats businesses face.

After the research had already concluded, a ransomware bot discovered the still public honeypot and deleted the few files that remained - an attack that lasted only five seconds.

“If you want to recover your data send 0.06 TBC to [redacted address] and you must send email to [redacted address] with your IP. If you need a proof about your data just send email (sic). If you don’t do a payment all your data may be used for our purposes and/or will be leaked/sold,” read a note left behind by the malicious bot.

The security firm noted that a portion of the attackers identified as part of the study could well have been fellow security researchers (benign attackers), which are often indistinguishable from malicious actors.

• Here's our list of the best cloud storage services on the market

China has developed its own service to rival the Global Positioning System (GPS), which is set to be completed later this month. 

The Beidou navigation network will improve services reliant on location data and afford China an additional level of independence from the United States, whose Air Force operates GPS.

The first Beidou satellites were launched twenty years ago, with second and third waves entering orbit in 2012 and 2015. The final satellite will enter operation within the next few weeks, although a specific date has not been announced.

• Microsoft latest to ban police from using facial recognition software
• US agencies have purchased this mysterious mobile eavesdropping device
• Google Incognito mode is not as private as you might like to think

Beidou navigation network

First conceived in the 1990s as an antidote to the Chinese military’s dependence on US technology, the Beidou navigation network is estimated to have cost China in the region of $10 billion.

With the launch of its 35th satellite, Beidou will reinforce its lead over US-owned GPS, which leans on 31 satellites. Beidou is capable of pinpointing a device’s location with an accuracy of 10cm in APAC, compared to the 30cm error margin achieved by the US system.

The Beidou project is designed to secure Chinese communications networks, especially in a military context, and improve weapons targeting. It also mitigates against the risk of interference with the country’s GPS access in the event hostilities between China and the US escalate.

According to Andrew Dempster, Director of the Australian Centre for Space Engineering Research, Beidou benefited from arriving late to the scene, able to both learn from the GPS project and capitalize on technological advances that occurred in the interim.

“It has some signals that have higher bandwidth, giving better accuracy [and] has fewer orbit planes for the satellites, making constellation maintenance easier,” Dempster explained.

According to Chinese state media, services enabled by the Beidou network have been delivered to customers spanning roughly 120 countries to date. Thailand and Pakistan were reportedly the first foreign nations to utilise the service, signing on in 2013.

By 2019, meanwhile, more than 70% of smartphones in operation within China itself were reliant upon the state-owned navigation network.

• Here's our list of the best VPN services on the market

Via Reuters

Tech giant Microsoft has announced it will refuse to sell facial recognition technology to police until appropriate federal regulation has been introduced to prevent its misuse.

The announcement follows similar steps taken by fellow tech titans IBM and Amazon. The former will no longer sell or develop the controversial technology, nor engage in any related research activities, while the latter has implemented a year-long moratorium on police use.

Neither Microsoft nor Amazon has yet confirmed whether their respective bans extend to police forces outside of the United States.

• IBM abandons all facial recognition work over potential for misuse
• Amazon forbids police from using its facial recognition tech
• Apple blocks Clearview AI facial recognition app for violating policies

Microsoft also said it will reassess its process for vetting customers that enquire about using its facial recognition software, even outside of a law enforcement context.

Microsoft facial recognition

While facial recognition technology has evolved considerably in recent years and has the potential to assist in legitimate police investigations, its application has always been contentious.

Concerns about the opportunity for mass surveillance and social scoring are only furthered by the issue of AI bias, which could see individuals discriminated against based on their physical attributes, such as age or skin color.

Methods for auditing data sets that underpin AI models (including facial recognition software) for bias remain inconsistent and unregulated, increasing the possibility the technology could further disadvantage minority demographics.

Driven to action by country-wide protests in the US following the death of George Floyd, tech giants are calling for the introduction of new regulations to prevent facial recognition contributing to discrimination.

“As a result of the principles that we’ve put in place, we do not sell facial recognition technology to police departments in the United States today,” said Brad Smith, Microsoft President.

“This is a moment in time that really calls on us to listen more, to learn more and most importantly to do more. Given that, we’ve decided that we will not sell facial recognition technology to police departments in the United States until we have a national law in place, grounded in human rights, that will govern this technology.”

Amazon, meanwhile, said it hoped the ban on police use would give governments ample opportunity to introduce the necessary legal frameworks around the application of facial recognition.

“We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge,” said Amazon.

“We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested.”

• Here's our list of the best VPN services on the market

Via TechCrunch

Babylon Health has confirmed its telehealth consultation platform was subject to a data breach that exposed the medical records of a number of users.

The incident was not the result of a cyberattack, but rather a software error that led to a handful of users being able to access recordings of other patients’ virtual consultations.

The bug, already known to Babylon engineers prior to the incident, was reportedly introduced alongside a new feature that allows patients to switch between audio and video modes in the middle of a consultation.

• Data breach victims aren't changing their passwords
• easyJet faces huge class action lawsuit over data breach
• Adult streaming site leaks info on millions of users

The firm has informed and apologized to the patients whose data was compromised in the breach, all of whom are UK residents.

Babylon Health data breach

Telehealth services have been under the spotlight since coronavirus lockdown measures were introduced, with routine visits to hospitals and GPs made difficult - if not impossible - by the pandemic.

As a result of this shift, analysts at Forrester expect general medicine care interactions via these platforms to surpass 200 million this year, more than quadruple the original estimate.

UK-based Babylon Health allows patients to video chat with doctors via smartphone and arrange for digital prescriptions to be delivered to their local pharmacy. The app also allows users to monitor various health-related metrics to better assess their physical and mental condition.

Babylon Health has acknowledged the embarrassing incident, but has not confirmed the total number of patients affected by the breach. 

“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording,” reads a statement issued by the firm.

“Our investigation showed that three patients, who had booked and had appointments, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.”

The company later rectified its statement to reflect that three users in total gained access to recordings, one of which viewed another patient’s consultation.

According to Kate Bevan, Computing Editor at consumer rights watchdog Which?, although cybersecurity is an important consideration for any business, telehealth platforms have an additional responsibility to protect customer data, given its highly sensitive nature.

“No one would invite a complete stranger to sit next to them in the doctor’s surgery, which is why this Babylon Health breach is so alarming,” she said.

“If consumers are to trust new digital health services and feel comfortable accessing health services online, security must be second to none.”

The Information Commissioner’s Office (ICO) confirmed it has been informed of the incident and that Babylon Health will soon provide a full breach report.

• Here's our list of the best antivirus software on the market

Via BBC

In a letter delivered to the United States Congress, IBM CEO Arvind Krishna has declared the company will no longer provide any form of general purpose facial recognition software.

IBM also later confirmed it will halt all research and development activities associated with the controversial technology over concerns it can be misused.

The decision, according to Krishna’s letter, was motivated by the potential for facial recognition to facilitate mass surveillance, aggravate racial prejudices and result in the miscarriage of justice - as well as worldwide protests following the death of George Floyd.

• IBM publishes free data set to assist AI developers
• IBM, HP announce major job cuts
• IBM: Transition to cloud now 'an existential question'

Facial recognition software

While facial recognition technology has evolved dramatically in recent years and has the potential to assist in legitimate police investigations, its application has always been contentious.

Concerns about the opportunity for mass surveillance and social scoring are compounded by the issue of AI bias, which could see individuals discriminated against based on their physical attributes and is particularly problematic in the context of law enforcement.

Methods for auditing data sets that underpin AI models (including facial recognition software) for bias remain inconsistent and unregulated, increasing the possibility the technology could serve to further disadvantage minority demographics.

“IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with out values,” wrote Krishna.

“We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”

In 2018, IBM published a diversity-optimized data set for public use, designed to minimize bias in facial recognition products. But its latest announcement suggests the firm has reevaluated the viability of bias-free facial recognition software.

Krishna is not proposing a blanket abandonment of AI, which he sees as pivotal to the future success of business, but rather reiterated earlier calls for transparency and responsible use.

“Artificial intelligence is a powerful tool that can help law enforcement keep citizens safe. But vendors and users of AI systems have a shared responsibility to ensure that AI is tested for bias, particularly when used in law enforcement, and that such bias testing is audited and reported,” he said.

• Here's our list of the best VPN services on the market

Via The Verge

Privacy-focused web browser Brave has been directing users to cryptocurrency websites via affiliate links, from which the company profits.

Built upon the notion that advertisements should be optional and web browsing private, Brave stands accused of violating the trust of its users, who were not actively notified of the practice.

As discovered by Twitter member @cryptonator1337, when a user enters the URL for popular cryptocurrency exchange Binance, the browser directs the individual to the relevant page via an auto-completed affiliate link. Should the user then make a purchase via the website, Brave would then receive a sum for the referral.

• Google Incognito mode is not as private as you might like to think
• Opera browser adds built-in VPN
• Chrome will soon block risky downloads

Further digging by other Twitter users revealed that the practice is consistent across a number of high-profile cryptocurrency websites, including Coinbase, Ledger and Trezor.

Brave browser

In response to outrage expressed by members of the cryptocurrency community on Twitter, Brave CEO Brendan Eich issued a public apology: “We made a mistake...we will never revise typed in domains again, I promise.”

His justification for the approach was that the company is “trying to build a viable business”, which is currently built upon serving its users optional advertisements that pay out cryptocurrency rewards.

Affiliate revenue generated via these auto-completed links was designed to supplement the company’s existing income streams. “We are not depending for our survival on any affiliate revenue share, [but] our users want Brave to live,” he said.

Eich also claimed the practice did not reveal any user data to the affiliate partners - in line with the stated objectives of the Brave browser - and pointed out that the company made no attempt to actively conceal the system.

“‘Sneak’ & ‘covertly’ are wrong, given we develop with all browser code open source on github (sic), and users who type binance dot us can see the default autocomplete add the affiliate code,” said the Brave CEO.

While Eich’s extensive Twitter thread offers some explanation of the thinking behind the affiliate linking practice, some users will still be left sore by the discovery, which could be said to undermine the spirit of transparency on which the project is founded.

• Here's our list of the best VPN services on the market

Via Decrypt

Businesses across the globe have been strong-armed by the coronavirus pandemic into overhauling established ways of working.

Many firms previously hesitant to allow employees off the leash have come to recognize that the benefits of a remote-first model - including access to a wider talent pool and improved work-life balance - do not come at the expense of productivity.

However, as countries begin to relax lockdown measures, it remains to be seen to what extent the changes made necessary by the pandemic will remain in place in the long term.

• Dell's latest business laptops combine raw power with portability
• Google Cloud and Dell want to bring hybrid storage to businesses everywhere
• Dell Technologies offers billions in financing in bid to encourage IT spending

According to Richard Rawcliffe, VP & GM, UK Public Sector at Dell Technologies, it is vital that ground gained in the march towards modernization as a result of the unhappy pandemic isn’t surrendered once restrictions on life and work have been lifted.

“We’ve all learned a lot [since the start of lockdown], and it would be almost a tragedy if we then went backwards and reverted to the way things were,” he told TechRadar Pro.

Future of work

Unlike many businesses, Dell Technologies has long been a proponent of remote and flexible working. The company’s flirtation with remote work began circa 11 years ago with the introduction of its Connected Workplace initiative.

According to Rawcliffe, roughly 65% of the Dell workforce were afforded a level of flexibility even prior to the pandemic, with 40,000-50,000 employees working remotely at any given time.

For this reason, the firm was as well equipped as any when the need arose to transition to a universal remote working system. But Rawcliffe recognizes that many businesses weren’t so lucky.

“There are a number of organizations that probably thought their infrastructure was good enough, and are now finding that good enough isn’t actually good enough,” he said. “It was built for the way in which they were working [prior to the pandemic], without offering that crucial level of flexibility.”

“The reality is that the global pandemic has been more influential in driving digital transformation than almost any other factor. Where the opportunity has been taken to modernize infrastructure and automate processes that surround existing working practices - those are the [companies] that have transformed their businesses.”

For Rawcliffe, who himself has worked from home on and off for 30 years, the move back to some semblance of normality represents a pivotal moment for businesses, which must decide whether to lean in to remote-first culture, or not.

“[The widespread transition to remote working] has validated the things we’ve always wanted to talk about with our customers. We’ve all got a chance now to change how we think about work - and work is no longer all about going to the office.”

• Here's our list of the best business laptops on the market

UK citizens will neither be able to purchase nor hold .eu domain names, as per a revision to rules set out by the top-level domain’s (TLD) operator, EURid.

The update marks the fourth instance in which statutes around UK citizens holding .eu domains have been altered since the 2016 referendum, with the EU flitting between proposed cut-off dates and grounds for exemption.

As recently as October, EURid said it would postpone plans to withdraw the domain from UK users, but has since had a change of heart - and the ban will now take effect on January 1 2021.

• Microsoft buys .corp to save it from criminals
• New web registrations see huge spike
• GoDaddy suffers embarrassing phishing attack

EU domain names

According to the latest rules, the move to revoke .eu domains will not apply to EU passport holders living in the UK, nor UK citizens that continue to reside in EU member nations.

“United Kingdom undertakings or organisations established in the United Kingdom but not in the Union, United Kingdom citizens who are not resident of a Union Member State, and United Kingdom residents who are not Union citizens will no longer be eligible to hold a .eu domain name,” the new rules stipulate.

EURid will deliver notice to owners of affected domains on October 1 2020 and again on December 21 2020 to those who fail to prove their compliance with the new requirements. Those who fail to meet the new criteria by the cut-off date will see their websites go dark.

On January 1 2022, one year after British citizens have had their .eu domains withdrawn, all dispossessed domains will be made available for purchase to EU residents.

The EU’s decision, which will serve to plug a source of income for the .eu registry, has bemused commentators, who are struggling to identify a clear benefit to the Union beyond political posturing.

The decision to actively revoke .eu domains, as opposed to simply preventing further purchases, also runs against tradition - and could be said to involve more effort than it is worth.

• Here's our list of the best web hosting services on the market

Via The Register

Tens of thousands of dangerous Android apps are putting mobile users at heightened risk of fraud and cyberattack, a report has claimed. 

Mobile security firm Upstream identified over 29,000 malicious Android apps in active use during Q1 2020, double the number logged in the same quarter last year (just over 14,500).

The investigation also showed that almost all (90%) of the ten most malicious apps were - or are still - present on the official Google Play Store. This suggests, according to Upstream, that hackers consistently found ways to dance their way through Google’s vetting system.

• This devious Android ransomware pretends to be the FBI
• Uninstall these dangerous Android apps now - they could be stealing data
• Google launches fresh attack on Android fleeceware

In line with this trend, this time period also saw a 55% rise in fraudulent transactions on Android platforms, as well as a spike in the number of malware-infected devices.

Malicious Android apps

The dramatic rise in the number of malicious Android apps in circulation has been put down to the effects of the coronavirus pandemic on the way users consume content and utilise mobile platforms.

According to Geoffrey Cleaves, who leads Upstream’s anti-fraud offering, the rise in dangerous apps correlates directly with the introduction of coronavirus lockdown measures.

“With the majority of the world having shifted indoors, there were some darker forces acting to make a profit from the lockdown situation,” he explained.

“We’ve seen a sharp increase in bad actors publishing ‘leisure’ apps on the Google Play Store, which trick users into subscribing for premium services.”

The firm claims six of the top ten most dangerous apps of the quarter fall under “leisure” - a broad category that includes video and audio, news media, games and social apps. Hackers and fraudsters, it seems, pounced on the opportunity presented by a renewed appetite for ways to pass the time and connect with friends.

The most potent Android app of the quarter was Snaptube, which allows users to download video content to their devices and has been installed more than 40 million times worldwide.

Upstream published a report on the threat posed by Snaptube in October 2019, but the app remains available via a number of third party Android app stores to this day.

Although some dangerous apps make their way onto Google Play Store, Android users are still advised to refrain from downloading software via third party app stores, which likely subject app submissions to a lower level of scrutiny.

• Here's our list of the best Android antivirus apps on the market

Google has been hit with a $5 billion class action lawsuit in relation to its collection of user data via web browsers operating in private mode.

Many users consider private or “Incognito” mode a refuge from prying eyes, but Google stands accused of collecting user data irrespective of browser settings.

According to the official complaint, the company uses Google Analytics, Google Ad Manager and some website plug-ins to gather information that allows the firm to better profile users, in support of its advertising efforts.

• Google unveils new system for measuring your site's quality
• Google Meet update takes the fight to Zoom
• Google bans major Chinese app maker from Play Store

Google privacy lawsuit

Filed with a federal court in California, the class action lawsuit seeks a minimum of $5 billion in damages (or $5,000 per affected user) and is founded on the belief Google’s data collection practices violate federal wiretapping laws and Californian privacy rules.

“[Google] cannot continue to engage in the covert and unauthorized data collection from virtually every American with a computer or phone,” reads the official complaint.

Incognito mode is mooted as a more private way to surf the web, because the user’s internet history is not logged, web pages are not cached and cookies not saved to the user’s computer. However, security experts have long believed private browsing data could be harnessed to map users’ tastes, preferences and interests.

Google, however, intends to fight the accusation tooth and nail, and believes it is sufficiently transparent about the types of data it collects - and in which context. 

“As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity,” said Jose Castaneda, a company spokesperson.

• Here's our list of the best VPN services on the market

Via Reuters

Appetite for deepfake scams is expanding among users of underground forums, leading to concerns the technology could be used as part of extortion-based ransomware attacks.

Deepfakes are AI-generated videos and images that transplant the face of another individual - traditionally a celebrity or politician - into a scene in which they were not originally present. 

In recent years, deepfakes have been used primarily in the dissemination of fake news and the creation of hoax pornography - and have become increasingly convincing.

• Here's why you shouldn't watch 'inappropriate content' on remote working devices
• Adult streaming site leaks info on millions of users
• Stalkerware now poses a greater privacy risk than ever

According to a report from security firm Trend Micro, deepfake technology could soon be used to blackmail members of the public or workforce into divulging sensitive information or paying significant ransom fees.

Deepfake ransomware

As part of a wider investigation into trends in underground cybercriminal forums and marketplaces, Trend Micro found that interest is growing among forum members in the ability to monetize deepfake technology.

According to the firm, underground forum users often discuss how AI could be used for “eWhoring” (or sextortion) and for circumventing Face ID authentication, especially on dating websites.

While sextortion attacks traditionally rely on social engineering techniques to manipulate the victim into paying a cryptocurrency ransom, Trend Micro fears the increasing sophistication of deepfakes could make reputation scams of this kind all the more potent. 

“A real image or video would be unnecessary. Virtually blackmailing individuals is more efficient because cybercriminals wouldn’t need to socially engineer someone into a compromising position,” explains the report.

“The attacker starts with an incriminating Deepfake video, created from videos of the victim’s face and samples of their voice collected from social media accounts. To further pressure the victim, the attacker could start a countdown clock and include a link to a fake video...If the victim does not pay before the deadline, all contacts in their address books will receive the link.”

Based on its analysis of underground communities, Trend Micro believes the use of deepfakes for extortion-based ransomware is set to take off in the near future.

While attacks of this kind have not yet been identified in the wild, it is thought a range of different demographics could be at risk - from political candidates to senior executives, celebrities and teenage civilians.

• Check out our list of the best antivirus services around

Within the next few weeks, the UK government is expected to table the National Security Investment Bill, designed to protect home-grown technology firms from aggressive foreign takeover.

First discussed in 2017, the bill will see foreign acquisition bids come under an increased level of scrutiny and introduce a harder stance on both takeovers and mergers.

The proposed rules will apply to any deal involving a purchase of more than 25% of any British firm classified as central to the national security effort - including select technology outfits.

• Imagination Technologies to be grilled over China security issues
• Tech sector suffers steepest decline since global financial crisis
• Huawei could still be removed from UK 5G networks

While draft proposals from 2018 indicate no specific foreign nation will be named in the bill, it is clear to most commentators the measure is designed to limit Chinese investment in UK technology.

Chinese investment

Recent years have seen UK politicians grow increasingly vexed with the number and quality of home-grown technology businesses acquired by foreign companies and governments - namely, China.

Chinese investment into UK businesses has increased significantly in recent years, with investments by Chinese venture capitalists into UK-based startups trebling between 2015 and 2017. In 2019, meanwhile, Chinese investment into UK firms hit almost $5 billion - the most of any European country.

The issue is epitomised by the purchase of UK network intelligence firm Imagination Technologies by China-owned investment firm Canyon Bridge, approved by Theresa May’s government in 2017 on the grounds the acquiring party was based in the US.

Canyon Bridge has since shifted its headquarters to the Cayman Islands and MPs are now concerned the firm could become a puppet of Beijing, which is thought to be intent on relocating key technology patents to China.

While the National Security Investment Bill is set to curtail the ability of foreign powers to gather significant stakes in UK businesses, it is feared unspecific language may affect the ability of startups to gather funding from well-intentioned sources.

Sir Hossein Yassaei, former CEO at Imagination Technologies, believes each deal should be assessed on an individual basis and exceptions made in instances in which the purchasing party’s intent is clear and unobjectionable.

“If there are other connotations - if their intent is untoward and they’re trying to move the tech out of the country - that’s when it becomes risky and dangerous, and that’s when we should be asking questions,” he said.

• Here's our list of the best VPN services on the market

Via The Telegraph

Researchers have uncovered two severe vulnerabilities in the PageLayer WordPress plugin that could allow hackers to hijack websites that employ its design features.

The affected plugin is used to build custom web pages via a simple drag-and-drop mechanism - a boon for users without programming expertise - and is deployed across more than 200,000 websites.

Identified by security firm Wordfence, the two bugs could also be manipulated by cybercriminals to inject rigged code, meddle with existing website content, and even perform a total content erasure.

• Yet more WordPress plugin flaws undermine website security
• This buggy WordPress plugin allows hackers to lace websites with malicious code
• WordPress security flaws hit online learning platforms

WordPress plugin bugs

According to the researchers responsible for the discovery, the pair of vulnerabilities stem from unprotected AJAX actions, nonce disclosure, and a lack of measures to safeguard against Cross-Site Request Forgery (CSRF).

Hackers could reportedly exploit these oversights to perform all manner of malicious activities, including creating admin accounts, funnelling visitors to dangerous domains and invading a user’s computer via the web browser. 

“One flaw allowed any authenticated user with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things,” explained Wordfence.

“A second flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection.”

The security firm disclosed the flaws on April 30 and PageLayer subsequently issued a patch on May 6, with version 1.1.2. However, despite three weeks having passed since the patch was issued, only roughly 85,000 users have updated to the latest version, leaving circa 120,000 still at risk.

To safeguard against site takeover, PageLayer users are advised to update the plugin to the latest version immediately.

• Check out our list of the best WordPress plugins of 2020

Via Bleeping Computer