Phandroid: Malware targeting several bank customers found on Google Play . “Avast has released a new report detailing a new kind of malware called BankBot that targets customers of large banks including Wells Fargo, Chase, Citibank, and DiBa (formerly ING). Customers of these banks across several different countries were affected by the malware which has now been removed from Google Play.”
Quartz: Google collects Android users’ locations even when location services are disabled. “Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.”
Bloomberg: Uber Paid Hackers to Delete Stolen Data on 57 Million People. “Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.”
Wired: Intel Chip Flaws Leave Millions Of Devices Exposed. “SECURITY RESEARCHERS HAVE raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.”
Berkeley Blog: The dangerous data hack that you won’t even notice. “A recent wave of cyberattacks — from WannaCry and Equifax to the alleged Russian influence on the U.S. election — has demonstrated how hackers can wreak havoc on our largest institutions. But by focusing only on hackers’ efforts to extort money or mess with our political process, we may have been missing what is potentially an even scarier possibility: data manipulation.”
The Register: DNS resolver 188.8.131.52 will check requests against IBM threat database . “The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features. The Quad9 DNS service, at 184.108.40.206, not only turns URIs into IP addresses, but also checks them against IBM X-Force’s threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous.”
Motherboard: How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It). “The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. Here’s how it facilitates two sophisticated network attacks and how to protect yourself against them.” This is a bit technical, but it’s fascinating reading.