Google claims to have blocked billions of malicious app downloads
Google says it blocked 1.2 million apps from being published to the Google Play store due to policy violations and estimates, it prevented “billions of harmful installations” on Android devices. Google attributes this to privacy features, protections against malicious apps and developers, and improved SDK data safety, all rolled out last year, in addition to its routine scanning of installed apps. Additionally, Google says that, in 2021, it banned 190,000 malicious accounts and closed 500,000 more inactive accounts.
(ZDNet)
NortonLifeLock willfully infringed malware patents
On Monday, a jury in Virginia federal court found that NortonLifeLock Inc infringed two Columbia University patents and should therefore pay the institution roughly $185 million in royalties to cover sales of infringing products. Back in December 2013, the trustees of the university sued Norton, claiming Version 6.0 of a product feature called SONAR/BASH, had infringed six intrusion detection systems patents. The judge could raise this figure as high as $555 million because the jury found that Norton’s patent infringement was willful. A spokesperson for Norton has refuted the ruling that it infringed on any of Columbia’s patents.
Former eBay exec pleads guilty to cyber stalking
Former eBay executive, James Baugh of San Jose, California has pleaded guilty to taking part in a disturbing cyber stalking campaign against a married couple from Massachusetts. After the couple wrote critically about eBay in an online newsletter, they began receiving packages sent anonymously and containing horrifying contents including live spiders and cockroaches, a fetal pig, a wreath of funeral flowers, and a book on how to survive the death of a spouse. The couple was also surveilled via a GPS tracking device affixed to their car, sent threatening private Twitter messages and targeted with Craigslist posts inviting the public for sexual encounters at their home. Five more former eBay employees have also pleaded guilty of being involved in the campaign.
Researcher exploits vulns in ransomware
A security researcher named hyp3rlinx has turned the tables on several notorious ransomware operations including Conti, REvil, Black Basta, and LockBit by identifying DLL hijacking vulns in their malware. For each malware piece analyzed, hyp3rlinx has provided a description of the vulnerability, the hash for the sample, a proof-of-concept (PoC) exploit, and a demo. The exploits provided can be exploited to stop the final and most damaging step of the attack, file encryption. In the near term, the exploits could help prevent operational disruption for some orgs, however ransomware gangs typically are quick to fix bugs, especially when they are made public.
Thanks to our episode sponsor, Censys
CDC purchased phone location data during pandemic
According to newly released documents, the Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the US to track compliance with curfews, visits to K-12 schools, and compliance with policies in the Navajo Nation. The CDC paid $420,000 to controversial data broker, SafeGraph, for access to one year of data. Google removed SafeGraph from its Play Store in June of last year. While the CDC used COVID-19 as a reason for purchasing the data, it also intended to use it for more general CDC purposes including monitoring visits to parks, gyms, and weight management businesses.
(VICE)
New phishing tactics put verified Twitter accounts at risk
Twitter’s blue badges, signifying a verified and vetted account, are highly sought after by threat actors to promote scam campaigns. Over the past week, numerous BleepingComputer reporters have been targeted with phishing emails pretending to be from Twitter’s verified account platform, stating there is an issue with the recipient’s verified account and instructing them to click the ‘Check notifications’ link for more info, which, of course, direct the user to a credential harvesting page. The phishing emails warn that ignoring the message could lead to account suspension. While this type of scam may seem bogus, just earlier this week, verified journalist Wudan Yan admitted to falling for a similar phishing scam.
DHS disinformation board announcement causes backlash
During a congressional hearing last week, DHS Secretary Alejandro Mayorkas announced a new Disinformation Governance Board which drew immediate criticism from the likes of Elon Musk and politicians who have called out the lack of information about exactly what the board will do and questioning whether it is appropriate for the government to identify and respond to disinformation. Mayorkas spent the weekend with news reporters trying to address concerns but acknowledged that his team could have better communicated the initiative. Jeff Kosseff, a cybersecurity law professor at the U.S. Naval Academy, said he understands concerns given that the term “governance” implies authority, but points out that he is not in the conspiracy theory camp, highlighting that DHS has been working to combat disinformation for the past few years.
Crypto miners pose threat to frail Argentine energy grid
Argentina’s crypto frenzy is putting the energy grid of Tierra del Fuego province in Patagonia near a breaking point as crypto-mining firms flock to the province to take advantage of cheap energy costs. According to a local report, crypto mining is expected to consume close to a quarter of the province’s electricity supply through October. Local officials warn that crypto mining, together with an already feeble energy infrastructure, is putting their energy grid at the risk of collapse. Last month President Alberto Fernandez signed an agreement with the International Monetary Fund to reduce energy subsidies and discourage the use of crypto currency.