Dark Web: Many cybercrime services sell for less than $500 (TechRepublic)

TechRepublic: Dark Web: Many cybercrime services sell for less than $500. “Cybercrime can be a lucrative business for those who specialize in ransomware, phishing campaigns, and other types of attacks. The profit margins are especially healthy because cybercrime products and services often sell at bargain prices on the Dark Web. A new report from VPN provider Atlas VPN looks at the going rates for everything from spearphishing attacks to ransomware kits to stolen account credentials.”

Bleeping Computer: Study reveals Android phones constantly snoop on their users

Bleeping Computer: Study reveals Android phones constantly snoop on their users. “A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience.The conclusion of the study is worrying for the vast majority of Android users.”

The Register: Apple patches ‘actively exploited’ iPhone zero-day with iOS 15.0.2 update

The Register: Apple patches ‘actively exploited’ iPhone zero-day with iOS 15.0.2 update. “Described as a ‘memory corruption issue’ by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.”

CNET: As scrutiny of cryptocurrency expands, Justice Department forms new enforcement unit

CNET: As scrutiny of cryptocurrency expands, Justice Department forms new enforcement unit. “As the US government continues to expand its scrutiny of cryptocurrency, the Department of Justice has hatched a new unit dedicated to its policing. The National Cryptocurrency Enforcement Team, introduced Thursday by Deputy Attorney General Lisa O. Monaco, will investigate and prosecute ‘criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services and money laundering infrastructure actors.’”

Washington Post: Hacktivists are back

Washington Post: Hacktivists are back. “Hacktivists are back in the public spotlight, nearly a decade after groups like Anonymous and LulzSec tore through the Internet and wreaked havoc on everyone from Sony to the U.S. Senate. In places including the United States, Iran and Belarus, hackers aiming to further political goals have gone after companies and organizations perceived as right-wing, the surveillance industry and even authoritarian governments.”

MIT Technology Review: 2021 has broken the record for zero-day hacking attacks

MIT Technology Review: 2021 has broken the record for zero-day hacking attacks. “A zero-day exploit—a way to launch a cyberattack via a previously unknown vulnerability—is just about the most valuable thing a hacker can possess. These exploits can carry price tags north of $1 million on the open market. And this year, cybersecurity defenders have caught the highest number ever, according to multiple databases, researchers, and cybersecurity companies who spoke to MIT Technology Review.”

The Verge: Ireland’s status as tax haven for tech firms like Google, Facebook, and Apple is ending

The Verge: Ireland’s status as tax haven for tech firms like Google, Facebook, and Apple is ending. “Ireland said Thursday it would join an international agreement that sets taxes on profits for multinational corporations at a minimum rate of 15 percent. This is a major shift for the country that is the European headquarters for many large US pharmaceutical companies, as well as tech firms, including Google, Apple, and Facebook.”

Read that link carefully: Scammers scoop up misspelled cryptocurrency URLs to rob your wallet (Washington Post)

Washington Post: Read that link carefully: Scammers scoop up misspelled cryptocurrency URLs to rob your wallet. “Wwwblockchain.com isn’t a typo. Nor is hlockchain.com or blpckchain.com. Those sites are set up to dupe Internet users trying to reach Blockchain.com, a website that lets users buy and sell cryptocurrency. And there’s big money in little typos.”

JFTC starts another antitrust probe against Apple and Google on smart devices: Report (ZDNet)

ZDNet: JFTC starts another antitrust probe against Apple and Google on smart devices: Report. “According to Nikkei, the Japanese competition watchdog will conduct interviews and surveys with OS operators, app developers, and smartphone users to assess whether Apple and Google have created anti-competitive market conditions in the smartphones, smartwatches, and other wearables sectors.”

NBC News: Ransomware hackers find vulnerable target in U.S. grain supply

NBC News: Ransomware hackers find vulnerable target in U.S. grain supply. “All three known victims are Midwestern grain cooperatives that buy grain from farmers and then process, store and resell it for uses like livestock feed and fuel. The attacks, in which organized cybercriminals lock up organizations’ computers and demand ransom for a program to unlock them, has slowed the distributors’ operations, hampering their ability to quickly process grain as it comes in.”

OCCRP: How a Russian Mobile App Developer Recruited Phones into a Secret Ad-Watching Robot Army

OCCRP: How a Russian Mobile App Developer Recruited Phones into a Secret Ad-Watching Robot Army. “In 2015, Russian-language tutorials began appearing on YouTube, Facebook, Twitter, and niche forums, blogs, and websites showing how Net2Share, a software tool developed by Adeco Systems, could be downloaded and used even by someone with zero programming skills to clone mobile apps. All a user had to do was download a regular mobile app, replicate it in Net2Share, and upload the duplicated copy to app stores. In exchange, they would get a cut of the revenue earned from ads displayed by the cloned apps. But Net2Share had a hidden feature that even its ethically dubious users didn’t know about.”