Beware! New Android Malware Infected 2 Million Google Play Store Users

By Mohit Kumar

hack-android-phone

Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million.

Yes, about 2 Million Android users have fallen victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store, according to security researchers from Check Point.

Dubbed FalseGuide by the Check Point researchers, the malware creates a “silent botnet out of the infected devices” to deliver fraudulent mobile adware and generate ad revenue for cybercriminals.

MORE: http://thehackernews.com/2017/04/android-malware-playstore.html

 

Hollow Privacy Promises from Major Internet Service Providers

By Jeremy Gillula and Kate Tummarello

It’s no surprise that Americans were unhappy to lose online privacy protections earlier this month. Across party lines, voters overwhelmingly oppose the measure to repeal the FCC’s privacy rules for Internet providers that Congress passed and President Donald Trump signed into law.

But it should come as a surprise that Republicans—including the Republican leaders of the Federal Communications Commission and the Federal Trade Commission—are ardently defending the move and dismissing the tens of thousands who spoke up and told policymakers that they want protections against privacy invasions by their Internet providers.

Since the measure was signed into law, Internet providers and the Republicans who helped them accomplish this lobbying feat have decried the “hysteria,” “hyperbole,” and “hyperventilating” of constituents who want to be protected from the likes of Comcast, Verizon, and AT&T. Instead they’ve claimed that the repeal doesn’t change the online privacy landscape and that we should feel confident that Internet providers remain committed to protecting their customers’ privacy because they told us they would despite the law.

MORE: https://www.eff.org/deeplinks/2017/04/major-internet-service-providers-privacy-promises-ring-hollow

Hackers can steal PINs and Passwords capturing data from smartphone sensors

By Pierluigi Paganini

Modern mobile devices are full of sensors (i.e. GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC) that could be exploited by hackers to gather data about owner’s activities?

A group of researchers from Newcastle University demonstrated that hackers can potentially guess PINs and passwords entered by the owner of the mobile device while authenticating itself on a website or an app. The technique devised by the experts has a surprising degree of accuracy, experts can monitor the angle and motion of the phone while the owner is typing a secret code.

Unfortunately, mobile phones don’t restrict websites and apps from accessing sensors’ data.

MORE: http://securityaffairs.co/wordpress/57970/hacking/stealing-pin-phone-sensors.html

 

Most Businesses Totally Unprepared for Mobile Attacks

By US/North America News Reporter, Infosecurity Magazine

Mobile devices represent a gaping hole in the cybersecurity armor of most businesses, because they simply aren’t preparing for mobile breaches.

A research report from Dimensional Research sponsored by Check Point finds that IT pros are generally unprepared for mobile compromise, with nearly two-thirds (64%) of enterprise security professionals doubting their organizations can prevent a breach to employees’ devices.

Already, 20% of businesses have experienced a mobile breach, while 24% don’t know or can’t tell whether they’ve had one. Plus, more than 20% of the participants saying a mobile breach could cost a company more than $500,000, while a majority (94%) of those polled indicated that they expect the frequency and sophistication of mobile cyberattacks to grow.

Yet, businesses fail to allocate appropriate resources to protect against mobile attacks, despite the fact that more than half of respondents (51%) believe that the risk of data loss is equal to or greater than PCs, and potentially just as costly.

MORE: https://www.infosecurity-magazine.com/news/most-businesses-unprepared-mobile/

When Apps Secretly Team Up to Steal Your Data

By Kaveh Waddell
An analysis of the top 100,000 Android apps found tens of thousands of pairings that leak sensitive data.

lead_960

Imagine two employees at a large bank: an analyst who handles sensitive financial information and a courier who makes deliveries outside the company. As they go about their day, they look like they’re doing what they’re supposed to do. The analyst is analyzing; the delivery person is delivering. But they’re actually up to something nefarious. In the break room, the analyst quietly passes some of the secret financials to the courier, who whisks it away to a competing bank.

Now, imagine that the bank is your Android smartphone. The employees are apps, and the sensitive information is your precise GPS location.

MORE: https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/

WikiLeaks Reveals CIA’s Grasshopper Windows Hacking Framework

WikiLeaks reveals 'Grasshopper Framework' that CIA used to build Customized Windows Malware

By Swati Khandelwal

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA).

Named Grasshopper, the latest batch reveals a CLI-based framework developed by the CIA to build “customised malware” payloads for breaking into Microsoft’s Windows operating systems and bypassing antivirus protection.

All the leaked documents are basically a user manual that the agency flagged as “secret” and that are supposed to be only accessed by the members of the agency, WikiLeaks claims.

MORE: http://thehackernews.com/2017/04/wikileaks-cia-malware.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

 

Majority of SMEs Lack Confidence in Security Postures

CzOvxgXW8AAVPI9

By Tara Seals

4 April 2017

Faced with a snowballing threat landscape, there has been a significant drop in business confidence in the security technologies they’ve deployed to protect their organizations from data breaches and asset theft.

According to EiQ Networks’ most recent survey on the state of matters for U.S. small- and medium-sized enterprises (SMEs) in 2017, less than 15% report confidence that currently deployed technologies will be successful in detecting and responding to cyber-attacks. This is down significantly from the company’s 2015 cybersecurity survey, when 26.8% of IT security professionals expressed confidence in their security posture.

MORE: https://www.infosecurity-magazine.com/news/majority-of-smes-lack-confidence/