TechCrunch: APKPure app contained malicious adware, say researchers. “Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google’s app store, contained malicious adware that flooded the victim’s device with unwanted ads.”
InfoSecurity Magazine: Office Depot Europe Configuration Error Exposes One Million Records. “Among the 974,000 unencrypted records found in the database were customer names, phone numbers, home and office addresses, @members.ebay addresses, marketplace logs, order histories and hashed passwords.”
CNN: 500 million LinkedIn users’ data is for sale on a hacker site. “Information scraped from around 500 million LinkedIn user profiles is part of a database posted for sale on a website popular with hackers, the company confirmed Thursday. The sale of the data was first reported on Tuesday by cybersecurity news and research site CyberNews, which said that an archive including user IDs, names, email addresses, phone numbers, genders, professional titles and links to other social media profiles was being auctioned off on the forum for a four-figure sum.”
TechRepublic: Money laundering is a real issue in tech: Here’s what is being done to stop it. “Money laundering and technology go hand in hand, sadly, and I discussed the topic with industry experts Gudmundur Kristjansson, founder and CEO at Lucinity, an artificial intelligence-based anti-money-laundering solutions provider, and and Zac Cohen, COO at Trulioo, an online identity verification service.”
Politico: Letter: Top federal watchdog probing State Department following hacks. “The Government Accountability Office is conducting a wide-ranging probe into the department’s cybersecurity practices following several hacks on the department’s email system over the last decade, according to the documents and people familiar with the matter. Just last week, POLITICO revealed that suspected Russian hackers stole thousands of emails from the department in recent months.”
SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign. “Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year. The builder, dubbed EtterSilent, comes in two flavors: one version exploits an old remote code execution vulnerability in Microsoft Office and another uses a Macro-based exploit and is designed to look like DocuSign, a popular software program that allows individuals or businesses to electronically sign documents.”
Vice: Facebook Says It’s Your Fault That Hackers Got Half a Billion User Phone Numbers. “Facebook has become accustomed to dealing with multiple massive privacy breaches in recent years, and data belonging to hundreds of millions of its users has been leaked or stolen by hackers. But, instead of owning up to its latest failure to protect user data, Facebook is pulling from a familiar playbook: just like it did during the Cambridge Analytica scandal in 2018, it’s attempting to reframe the security failure as merely a breach of its terms of service.”
Washington Post: How America’s surveillance networks helped the FBI catch the Capitol mob. “Debra Maimone pulled down her American flag mask for a moment on Jan. 6 and gazed at the unruly mob of supporters of President Donald Trump overrunning the U.S. Capitol. ‘Put your mask on,’ warned her fiance, as the couple stood beneath an unblinking array of surveillance cameras. ‘I don’t want them to see you.’ It was too late.”
Vice: How Mexico’s Most Powerful Cartel Used EBay to Arm Themselves With Military Gear. “It started with his mom’s credit card, claimed Ismael Almada in March 2020, as he voluntarily spilled his guts to U.S. law enforcement officers during an interview in the Mexican city of Guadalajara. He’d originally used his mom’s card to order weapons accessories and tactical gear off eBay for his security business that focused on anti-spyware and surveillance technology, before eventually moving to PayPal to make the trail of U.S. goods to Mexico a bit more clandestine. He needed to. Most of the illegal imports went to the infamous Jalisco New Generation Cartel, known as the CJNG for its Spanish acronym.”
Department of Justice: Indictment: Kansas Man Indicted For Tampering With A Public Water System . “The indictment alleges that on or about March 27, 2019, in the District of Kansas, [Wyatt] Travnichek knowingly accessed the Ellsworth County Rural Water District’s protected computer system without authorization. During this unauthorized access, it is alleged Travnichek performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District.”
The Intercept: Lexisnexis To Provide Giant Database Of Personal Information To ICE. “THE POPULAR LEGAL RESEARCH and data brokerage firm LexisNexis signed a $16.8 million contract to sell information to U.S. Immigration and Customs Enforcement, according to documents shared with The Intercept. The deal is already drawing fire from critics and comes less than two years after the company downplayed its ties to ICE, claiming it was ‘not working with them to build data infrastructure to assist their efforts.’”
NBC News: Human smugglers use Facebook to connect with migrants and spread false hope of reaching U.S. . “Human smugglers are openly advertising their services on Facebook, falsely telling Central Americans interested in crossing illegally into the United States that they can promise a ‘100 percent’ safe journey. While the use of social media by smugglers is not new, the practice is growing, fueling false hope as more migrants fall prey to misinformation about how the Biden administration will welcome them, according to Department of Homeland Security officials, immigration experts and lawyers.”
Business Insider: 533 million Facebook users’ phone numbers and personal data have been leaked online. “A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
BBC: Stokes twins: YouTubers plead guilty over fake bank robbery. “A pair of YouTubers have pleaded guilty to faking a bank robbery that led to an unsuspecting Uber driver being held at gunpoint by police. Alan and Alex Stokes, 24, who have six million followers on their channel, wore balaclavas and called an Uber as a getaway vehicle.”
TechRadar: Google is taking far more data from your Android devices than you may think. “Researchers have discovered that Android devices are collecting far more telemetry data on users than iOS. The findings from Douglas Leith from Trinity College in Ireland were part of a project looking to quantify the data both Android and iOS handsets send to their headquarters.”
