Phandroid: Malware targeting several bank customers found on Google Play . “Avast has released a new report detailing a new kind of malware called BankBot that targets customers of large banks including Wells Fargo, Chase, Citibank, and DiBa (formerly ING). Customers of these banks across several different countries were affected by the malware which has now been removed from Google Play.”
The Guardian: Police review 10,000 cases in forensics data ‘manipulation’ inquiry. “Ten thousand criminal cases in England and Wales are being reviewed after it emerged that data at a forensic laboratory in Manchester may have been manipulated, causing the biggest recall of samples in British criminal justice history. A minister said the alleged data manipulation was discovered in 2017 at a lab run by Randox Testing, but the Guardian can reveal that warnings about the lab run by a predecessor company date back to 2012.”
Quartz: Google collects Android users’ locations even when location services are disabled. “Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.”
Bloomberg: Uber Paid Hackers to Delete Stolen Data on 57 Million People. “Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.”
Wired: Intel Chip Flaws Leave Millions Of Devices Exposed. “SECURITY RESEARCHERS HAVE raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.”
Berkeley Blog: The dangerous data hack that you won’t even notice. “A recent wave of cyberattacks — from WannaCry and Equifax to the alleged Russian influence on the U.S. election — has demonstrated how hackers can wreak havoc on our largest institutions. But by focusing only on hackers’ efforts to extort money or mess with our political process, we may have been missing what is potentially an even scarier possibility: data manipulation.”
Motherboard: How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It). “The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. Here’s how it facilitates two sophisticated network attacks and how to protect yourself against them.” This is a bit technical, but it’s fascinating reading.