UK Computer Scientist Creates Livestream of Sites Visited

A computer scientist in the UK who has more nerve than I do has created a public livestream of the last 50 Web sites he’s visited to make a point about what new UK surveillance laws will mean. “The openly published browsing history of Brett Lempereur, a senior lecturer in computing at Liverpool John Moores University, shows the time, device used, and websites he has visited. All this data would be collected by ISPs and made available to police and security services if new surveillance laws are passed.”

More DM Space on Twitter Means More Capable Botnets

Increased DM sizes in Twitter has an unexpected side effect: more space for botnets. “London security researcher Paul Amar has built a tool capable of exploiting Twitter’s extended direct messaging function for covert botnet command and control. Amar created Twittor which allows attackers of white or black hats to create a fleet of compromised machines that can communicate, receive instructions, and update over the social network.”

Google Updates Safe Browsing to Protect Against Social Engineering

Google has has updated its Safe Browsing feature to protect against social engineering. “The threat landscape is constantly changing—bad actors on the web are using more and different types of deceptive behavior to trick you into performing actions that you didn’t intend or want, so we’ve expanded protection to include social engineering. Social engineering is a much broader category than traditional phishing and encompasses more types of deceptive web content.”

More Than 20K Apps Auto-Root Android Devices

Yikes! More than 20,000 apps auto-root Android devices. “Lookout detected more than 20,000 samples of the trojanised adware disguised as legitimate top applications that include Facebook, Candy Crush, Twitter, Snapchat, WhatsApp and others. Malicious actors repackage and inject malicious code into very many popular applications discovered in Google Play, then later publish them to third-party app stores. Lookout believes many of the apps are fully functional.”

Comcast Makes 200K Customers Reset Passwords, Says it Wasn’t Hacked

Comcast is having 200,000 customers reset their passwords but says it wasn’t hacked. “[A] package of personal data, including the e-mail addresses and passwords of Comcast customers, was listed for sale for $1,000 on a Dark Web site that was also marketing a number of other questionable goods. The Dark Web is a collection of sites that are publicly accessible but cannot found by search engines. “

Twitch Now Offers Two-Factor

The latest company to offer two-factor login? Why, it’s Twitch! Still can’t use it on Amazon, though. “Two-factor authentication (2FA) requires two different methods of verification to log in to your Twitch account: your password and your mobile phone. Each time you log in, you’ll enter your password and a unique code that we’ll send to your mobile phone. If your password is somehow compromised, your account will be inaccessible without the code we send your phone.”

New Ransomware Ransoms Web Sites

Oh eww. There’s apparently a new kind of ransomware that holds entire sites for ransom. “This latest criminal innovation, innocuously dubbed ‘Linux.Encoder.1’ by Russian antivirus and security firm Dr.Web, targets sites powered by the Linux operating system….Typically, the malware is injected into Web sites via known vulnerabilities in site plugins or third-party software — such shopping cart programs. Once on a host machine, the malware will encrypt all of the files in the ‘home’ directories on the system, as well backup directories and most of the system folders typically associated with Web site files, images, pages, code libraries and scripts.”

Nasty Android Malware Really Goobers Up Your phone

Wow, sounds like there’s some really horrible Android malware out there. “Lookout has noticed a trend toward Android malware that masquerades as a popular app, but quietly gets root-level access to your phone and buries itself deep in the operating system. If that happens, you’re in serious trouble. Unless you can walk through loading a fresh ROM or carefully modify system files over ADB, it may be easier to just replace the device, or have your phone company reflash it — a simple factory reset won’t get the job done.”

Google: Recent Samsung Phone Had 11 Security Issues

Google says a recent Samsung Galaxy phone has a whole host of bugs. “Google has revealed that Samsung’s flagship Galaxy S6 Edge Android smartphone suffered 11 ‘high impact’ security issues that were introduced by the company’s customisation of Android. Of the 11 bugs that were found in a week-long focus on Samsung’s device by Google’s Project Zero security bug hunting team, some could allow hackers to take over the device and steal personal data.” Looks like most of them have already been fixed.

Citizen of Scotland Indicted for Twitter-Based Stock Manipulation Scheme

A citizen of Scotland has been indicted for a Twitter-based stock manipulation scheme. “According to the indictment, [James Alan] Craig, 62, of Dunragit, Scotland, alleged set up Twitter accounts using names similar to real market research firms for the purpose of manipulating stock prices. Craig issued tweets with false and fraudulent information about publicly-traded securities, causing the price of the securities to rapidly decline. Craig then bought securities of the targeted companies through his girlfriend’s brokerage account and later sold them at a higher price per security. Craig’s actions are alleged to have caused of more than $1.6 million in losses to shareholders.”