The Register: Android apps prove a goldmine for dodgy password practices “And password crackers are getting a lot smarter…An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.” Summarizes research described by Will Dormann, CERT/CC software vulnerability analyst, at BSides.
Bleeping Computer re PUBG (and RensenWare, a blast from the past): PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown’s Battlegrounds, based on research from MalwareHunter. Described as a joke, but apart from the fact that such messing with a victim’s data might conceivably go horribly wrong in some circumstances – it doesn’t appear to be an impeccably well-coded program – and is likely in any case to cause the victim serious concern, it looks to me as though this is criminal activity, involving unauthorized access and modification in most jurisdictions.
[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”
Lukas Stefanko Beware ad slingers thinly disguised as security apps – “ESET researchers have analyzed a newly discovered set of apps on Google Play, Google’s official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.”
Graham Cluley: Why you might want to tell Facebook you now live in Europe – “(OR JUST DELETE YOUR ACCOUNT) … Facebook CEO and professional hoody-wearer Mark Zuckerberg has told Reuters that it won’t stick to Europe’s new strict data privacy rules globally.” However, an update quotes Zuckerberg as saying subsequently “We intend to make all the same controls and settings available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not.” Make of that what you will…
Sophos: Those Facebook videos you thought were deleted were not deleted – “In this most recent case, the content in question is users’ supposedly deleted videos. Facebook’s blaming a bug for the fact that those videos hung around…Also last week, many were shocked to discover, when they peeked into their archives, that Facebook had been logging call and text data since they downloaded the Facebook app for Android.”
Sophos: Facebook and Twitter may be forced to identify bots. California has “ntroduced a bill that would give online platforms such as Facebook and Twitter three days to investigate whether a given account is a bot, to disclose that it’s a bot if it is in fact auto-generated, or to remove the bot outright.”
org: Researchers find leaky apps that put privacy at risk (not just a Facebook issue). Refers “to a paper presented by Northeastern associate professor Alan Mislove at the the Federal Trade Commission conference PrivacyCon last month,” but, annoyingly, doesn’t include a link.
My response (not used) to a request for comment: “Lately, quite a few comparatively new security issues have tended to overshadow ransomware in the media: cryptojacking, vulnerabilities relating to hardware and firmware, even privacy issues relating to social media (and especially Facebook). Yet this incident is a salutary reminder that ransomware has not gone away just because it isn’t talked about so much, and there are some examples for which there is still no decryptor available except by the ‘goodwill’ of the criminals. As long as some of the bad guys are making money out of it, the attacks will continue. It should, therefore, still be a priority for organizations and individuals to ensure that their data and systems are safely backed up and that ransomware can’t reach the backups as well as the original files.”
“Authorities were able to recover data from the suspect’s laptop and remote servers, including encryption keys. Polish police are now encouraging victims of the Polski, Vortex, and Flotera ransomware families to file official complaints with local authorities so they can receive a decryption key for their files.”