Facebook boss Mark Zuckerberg has said in a post on the social network that the mass harvesting of user data that political marketing firm Cambridge Analytica was allowed to carry out represented “a breach of trust between Facebook and the people who share their data with us and expect us to protect it”. Speaking to WIRED, Zuckerberg detailed plans to audit apps that request extensive user data and restrict the default access apps have to users’ information. However, the Facebook founder has said little to indicate that the social network would take responsibility for its role in encouraging its users to share so much information in the first place.
Crooks infiltrate Google Play with malware in QR reading utilities
Sophos Labs just alerted us to a malware family that had infiltrated Google Play by presenting itself as a bunch of handy utilities. Sophos detects this malware as Andr/HiddnAd-AJ, and the name gives you an inkling of what the rogue apps do: blast you with ads, but only after lying low for a while to lull you into a false sense of security. We reported the offending apps to Google, and they’ve now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads. The subterfuge used by the developers to keep Google’s ‘Play Protect’ app-vetting process sweet seems surprisingly simple. Despite Google’s failure to spot the roguery of these particular ‘utilities’ before blessing them into the Play Store, we nevertheless recommend sticking to Google Play if you can. Google’s app vetting process is far from perfect, but the company does at least carry out some pre-acceptance checks. Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialised apps that wouldn’t make it onto Google Play (or trying to publish unconventional content). But unregulated app repositories are also risky, for all the same reasons.
Cobalt/Carbanak bank malware gang’s alleged leader arrested
Police have arrested the alleged mastermind behind the Carbanak gang: a group of cybercrooks that’s targeted banks since late 2013, phishing their way into networks, infecting servers and gaining control of automated teller machines (ATMs) that they’ve caused to spew cash to waiting money mules. According to Europol, the alleged crime boss, whom it didn’t name, was arrested in Alicante, Spain, following a joint investigation by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cybersecurity companies. Since 2013, the gang has gone after banks, e-payment systems and financial institutions using their malware, which is known as Carbanak and Cobalt. They’ve hit banks in more than 40 countries: attacks that have resulted in cumulative losses of over €1 billion (USD $1.24 billion). Europol said in an announcement on Monday that just the Cobalt malware alone allowed the crooks to steal up to €10 million per heist. A spokesman for the European Banking Federation (EBF) noted in a conversation with Fortune that the gang’s sophisticated Cobalt malware campaign only began in 2016, making it ‘fair to say’ that the total amount stolen must be significantly above €1 billion at this point. The gang’s malware evolution started with the launch of the Anunak malware campaign.
ICO raids addresses in Manchester investigating 11 million nuisance text messages
The Information Commissioner’s Office (ICO) has searched two addresses in Manchester as part of an investigation into companies suspected of sending millions of unsolicited text messages. ICO enforcement officers executed search warrants at offices in Stockport and a house in Sale. The operation is part of an ICO investigation into companies believed to be responsible for sending over 11 million unsolicited text messages to UK mobile numbers between January 2017 and January 2018. Thus, the ICO received 3,297 separate complaints. The text messages mainly promoted financial management services such as pensions and loans and claims management for issues such as PPI and flight cancellations. The recipients were unable to identify who the calls were from or opt out of them which is also against the law. Computer equipment and documents were seized for analysis and the ICO’s enquiries into alleged breaches of the laws surrounding unsolicited telephone marketing continue.
Teenager hacks crypto-currency wallet
A hardware wallet designed to store crypto-currencies, and touted by its manufacturer as tamper-proof, has been hacked by a British 15-year-old. Hardware wallets store these private keys and can be connected to a PC via a USB port. The attack targets the device’s micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The latter is less secure and is not able to differentiate between genuine firmware – software programmed into a device – and code written by an outsider. One big caveat for the method discovered by the teenager is that the attacker would need physical access to a wallet before it got into the hands of the victim – so, for instance, by buying one, altering it and then selling it on eBay or a similar online site.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.