CyberSecure Specialist

Incident Of The Week: Malware Infects 25M Android Phones

Cyber security researcher Check Point has warned Android users in a blog on July 10, 2019, that as many as 25 million Android mobile devices have been hit with a malware now being called ‘Agent Smith.’ The malware hides within installed apps like WhatsApp, taking advantage of the vulnerabilities within the Android operating system. See Related: “Securing The Enterprise From Mobile Malware” According to Check Point, this new breed of malware was able to copy…

Read More

Incident Of The Week: Russell Stover's Chocolates Latest To Disclose Retail Poin…

Another week and another data breach from retail point-of-sale (POS) transaction machines. This time, retail store customers of Russell Stover’s Chocolates who used a payment card between February 9 and August 7 of this year could have had their payment card information captured by machines that were infected by malware. The company disclosed the breach this week after notifying authorities and launching its own investigation into the threat. Organization: Russell Stover Chocolates Timeframe of Breach:…

Read More

Incident Of The Week: Apple iPhones Affected By Data Breach Discovered By Google…

Apple’s iPhones enjoy a reputation for being ultra-secure and hard to hack, so most cybercriminals do not bother trying. However, you should not think of your iPhone as a device that is totally safe from hackers. In February, a team of researchers at Google alerted Apple to vulnerabilities that persisted for two years and allowed hackers to embed malware on iPhones after people visited particular websites. Here are a few questions that this article answers:…

Read More

ESET research into POLONIUM’s arsenal – Week in security with Tony Anscombe

More than a dozen organizations operating in various verticals were attacked by the threat actor This week, ESET researchers published their analysis of previously undocumented backdoors and cyberespionage tools that the POLONIUM APT group has deployed against targets in Israel. The group has used at least seven different custom backdoors in the past year, and ESET has named five previously undocumented backdoors with the suffix “-Creep.” More than a dozen organizations operating in various verticals…

Read More

APT‑C‑50 updates FurBall Android malware – Week in security with Tony Anscombe

ESET Research spots a new version of Android malware known as FurBall that APT-C-50 is using in its wider Domestic Kitten campaign This week, ESET researchers published their analysis of a new variant of the Android malware known as FurBall that APT-C-50 has used in its wider Domestic Kitten campaign. The campaign is known to take aim at Iranian citizens as part of mobile surveillance campaigns – and the same applies to this new FurBall…

Read More

Fashion brand SHEIN fined $1.9m for lying about data breach

by Naked Security writer Chinese company Zoetop, former owner of the wildly popular SHEIN and ROMWE “fast fashion” brands, has been fined $1,900,000 by the State of New York. As Attorney General Letitia James put it in a statement last week: SHEIN and ROMWE’s weak digital security measures made it easy for hackers to shoplift consumers’ personal data. As if that weren’t bad enough, James went on to say: [P]ersonal data was stolen and Zoetop…

Read More

Dangerous hole in Apache Commons Text – like Log4Shell all over again

by Paul Ducklin Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit… …but the idea is simple, very powerful, and sometimes spectacularly dangerous. In other programming ecosystems it’s often known simply as string substitution, where string is shorthand for a bunch of characters, usually meant for displaying or printing out,…

Read More

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

by Paul Ducklin Sadly, we’ve needed to cover the DEADBOLT ransomware several times before on Naked Security. For almost two years already, this niche player in the ransomware cybercrime scene has been preying mainly on home users and small businesses in a very different way from most contemporary ransomware attacks: If you were involved in cybersecurity about ten years ago, when ransomware first started to become a massive money-spinner for the cyberunderworld, you will remember…

Read More

Incident Of The Week UPDATE: Hy-Vee Details Investigation Into 2019 Payment Card…

Midwestern U.S. retailer Hy-Vee disclosed investigation findings this week from a data breach announced in mid-August impacting millions of customers utilizing its food and service point-of-sale (PoS) transaction machines. The investigation identified the operation of malware designed to access payment card data from cards used on PoS devices at certain Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (which include the company’s Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses and the Wahlburgers locations that Hy-Vee…

Read More

Incident Of The Week: Wawa, Champagne French Bakery Café And Islands Restaurants…

A trio of retailers disclosed payment card incidents this week resulting in data breaches. Bad actors are infecting point-of-sale (POS) terminals with malware. The malware captures payment card information before it enters the transaction processing system. POS Malware: Wawa Convenience and Fuel Retailer Retail chain Wawa disclosed that it had discovered malware on its payment processing servers earlier this month. An external forensics team determined that the malware began running at different points in time…

Read More