Tag Archives: Android

27th July 2018 Resource updates

Updates to Cryptocurrency/Crypto-mining News and Resources 

John Leyden for The Register: Criminal mastermind injects malicious script into Ethereum tracker. Their message? ‘1337’ – “The Etherscan incident could have been far worse. Rather than a cheeky pop-up, a more mendacious mind might just have easily used the same flaw to run a crypto-mining scam.”

SecureList (Kaspersky): A mining multitool – “Symbiosis of PowerShell and EternalBlue for cryptocurrency mining… The creators of PowerGhost …  started using fileless techniques to establish the illegal miner within the victim system. It appears the growing popularity and rates of cryptocurrencies have convinced the bad guys of the need to invest in new mining techniques – as our data demonstrates, miners are gradually replacing ransomware Trojans.”

Graham Cluley: Mind your company’s old Twitter accounts, rather than allowing them to be hijacked by hackers  – “DEFUNCT FOX TV SHOW HAS ITS TWITTER ACCOUNT COMPROMISED BY CRYPTOCURRENCY SCAMMERS.” “…it appears that hackers seized control of the moribund Twitter account and gave it a new lease of life promoting cryptocurrency scams.

Updates to Tech support scams resource page

ZDnet: US makes an example of Indian call center scam artists with stiff sentences – “The worst offenders have been thrown behind bars for up to 20 years… a number of call centers were established in Ahmedabad, India, in which operators impersonated the IRS and USCIS… in order to threaten US victims with arrest, prison, fines, and deportation unless they paid money they apparently owed.”

Updates to Chain Mail Check

An excellent article has just been published by my ESET colleague Lysa Myers. Companies actually compound the phishing problem when they send poorly thought-out messages that are indistinguishable from phishing messages, both to their own staff and to customers (some banks are particularly culpable here). As a result, recipients of such messages are conditioned into accepting without suspicion messages that don’t conform to good practice, and are more susceptible to being taken in by phishing messages. Hook, line, and sinker: How to avoid looking ‘phish-y’  In addition, Lysa points out an issue I hadn’t really considered: “An increasingly common scenario is phishy-looking emails sent by Software as a Service (SaaS) apps like those for fax or shipping services, human resource or accounting portals, collaboration tools, newsletters or even party planners.”

Another colleague (and long-time friend), Bruce P. Burrell, expands on the story I referred to briefly here – Sextortion and leaked passwords – with this article: I saw what you did…or did I? – “It might seem legit but there are several reasons why you should not always hit the panic button when someone claims to have your email password.” Not just a rehash of the news story, but the precursor to what I expect to be a very useful second article with advice from a seasoned security researcher.

Updates to Mac Virus

[update:  for ESET – Fake banking apps on Google Play leak stolen credit card data – “Fraudsters are using bogus apps to convince users of three Indian banks to divulge their personal data”]

Catalin Cimpanu: Chrome Extensions, Android and iOS Apps Caught Collecting Browsing Data – “An investigation by AdGuard, an ad-blocking platform, has revealed a common link between several Chrome and Firefox extensions and Android & iOS apps that were caught collecting highly personal user data through various shady tactics.”

Pierluigi Paganini: CSE Malware ZLab – APT-C-27 ’s long-term espionage campaign in Syria is still ongoing. After ESET’s Lukas Stefanko revealed the existence of a repository containing Android applications, researchers from CSE Cybsec Z-Lab identified spyware that was “part or the arsenal of a APT group tracked as APT-C-27, aka Golden Rat Organization.” In recent years the group has been focusing its activities in Syria. Here’s the ZLAB Malware Analysis Report.

The Hacker News: iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known – “India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well.”

Sophos: Red Alert 2.0: Android Trojan targets security-seekers – “A malicious, counterfeit version of a VPN client for mobile devices targets security-minded victims with a RAT.”

David Bisson for Tripwire: Exobot Android Banking Trojan’s Source Code Leaked Online -“Bleeping Computer said it received a copy of the source code from an unknown individual in June. In response, it verified the authenticity of the code with both ESET and ThreatFabric…Exobot is a type of malware that targets Android users via malicious apps. Some of those programs made their way onto the Google Play Store at one point.”

David Harley

Advertisements

Resource updates 5th July 2018

Updates to Anti-Social Media 

Graham Cluley: Carole Cadwalladr takes us behind the scenes of the Cambridge Analytica investigation – HOW MILLIONS OF FACEBOOK USERS’ PERSONAL DATA WERE USED TO INFLUENCE THE US ELECTION AND BREXIT. “Last week, Carole Cadwalladr won The Orwell Prize for Journalism for her work investigating the impact of big data on the EU Referendum at the US Presidential election.”

John E. Dunn for Sophos: Facebook gave certain companies special access to customer data – “What do Russian internet company Mail.ru, car maker Nissan, music service Spotify, and sports company Nike have in common? They, and 57 other companies, were revealed by Facebook in a US House of Representatives’ Energy and Commerce Committee submission to have been given temporary extensions to access private Friends data API despite the company supposedly changing the policy allowing this in May 2015.”

The Hacker News: Facebook Admits Sharing Users’ Data With 61 Tech Companies

Rhett Jones for Gizmodo: Google Says It Doesn’t Go Through Your Inbox Anymore, But It Lets Other Apps Do It

Updates to Cryptocurrency/Crypto-mining News and Resources

Pierluigi Paganini: Crooks leverage obfuscated Coinhive shortlink in a large crypto-mining operation – “Crooks leverage an alternative scheme to mine cryptocurrencies, they don’t inject the CoinHive JavaScript miner directly into compromised websites.”

Paul Ducklin for Sophos: Serious Security: How to cut-and-paste your way to Bitcoin riches – “Whether it’s cryptocurrency addresses, payment card details, ID numbers or other snippets of personal information, malware that sneakily changes data in the clipboard as you work online can trick you into paying the wrong people.”

Updates to GDPR page

The Register: United States, you have 2 months to sort Privacy Shield … or data deal is for the bin – Eurocrats – “MEPs call for urgent fix”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

DZone Security Zone: Glimpse Inside IoT-Triggered DDoS Attacks and Securing IT Infrastructures

Tech support scams resource page

SANS Ouch Newsletter: Phone Call Attacks & Scams

Updates to Mac Virus

Andrew Orlowski for The Register: Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn’t even know it – “Over 89 per cent of apps in the Google Play store make use of an API that requests screen capture or recording – and the user is oblivious as it evades the Android permission framework.” Summary of a paper”…titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications (summary and PDF).”

Pierluigi Paganini: A Samsung Texting App bug is sending random photos to contacts – ”

“The problem affected Galaxy S9 and S9+ devices, but we cannot exclude that other devices may have been affected…several users reported the anomalous behavior on Reddit and the company official forums.”

John E. Dunn for Sophos: Samsung phones sending photos to contacts without permission and also Your smartphone can watch you if it wants to, study finds.

Elcomsoft:  Apple Warns Users against Jailbreaking iOS Devices: True or False? Not whether Apple has issued the warnings – of course it has – but more about how justified the warnings are. The conclusion seems to be mostly true, with “with few caveats and one major exception.” Interesting article, anyway.

David Harley

(Anti-)Social Media – news updates June 6th 2018

The Register: ‘Tesco probably knows more about me than GCHQ’: Infosec boffins on surveillance capitalism – “Cambridge Uni powwow broods on Facebook, Wannacry” There seem to have been a lot of good points made there. I’m rather sorry I didn’t get to it, but it’s a long way from my part of the world…

Surveillance by cookie isn’t, of course, confined to social media. Perhaps more people have become aware of them recently with the pitter-patter of GDPR-inspired pop-ups on sites noting that they use them, and on occasion requiring visitors to agree to their being used if they’re to continue using the site. What could go wrong? Here’s an interesting, mildly techie paper from Digital Interruption: Are Your Cookies Telling Your Fortune? – An analysis of weak cookie secrets and OSINT. OSINT, by the way, is Open-Source Intelligence, information gathered from publicly available sources.

Sophos: Facebook faces furious shareholders at annual meeting – “Another investor, Will Lana of Trillium Asset Management, said that his firm has been keeping track of the scandals in which Facebook is embroiled. It’s tallied “at least 15 distinct controversies,” he said, as he spoke in favor of a proposal to change the board’s approach to risk management”. [But don’t worry:  Zuckerberg and the Board of Directors managed to ’emerge from the meeting unscathed’. Well, you can worry if you like…]

Thomas Claburn for The Register: Facebook insists device data door differs from dodgy dev data deal – “Facebook on Sunday said an arrangement that gave some 60 mobile device makers access to data about device users’ Facebook friends is not at all like the deal it made with app developers that gave rise to the Cambridge Analytica scandal.” Oh, good…

Given the number of Facebook denizens who are interested in genealogy and heredity, this seems a suitable place to mention a Brian Krebs article: Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

Catalin Cimpanu for Bleeping Computer: Washington State Sues Facebook and Google Over Election Ads – “Washington State Attorney General Bob Ferguson filed two lawsuits on Monday against Facebook and Google on the grounds of breaking local campaign finance laws.”

Here are a couple of items I’ve also posted to the Mac Virus site, and which are also relevant to the anti-social media page. I haven’t paid much attention to news-recycling sites (apart from The Register, maybe)  in recent years, but these two ZDNet reports actually mildly impressed me.

Adrian Kingsley-Hughes for ZDNet: Your iPhone is tracking your movements and storing your favorite locations all the time. He says: “Now, you may be like me and not care about this data being collected, and might even find it a useful record of where you’ve been over the previous weeks and months. But if you’re uncomfortable for any reason with this data being collected, then Apple offers several ways you can take control over it.” Even if you don’t mind these data being collected by your operating system, you also have to think about the apps that may be accessing it at second hand.

Kind of weirdly, Larry Dignan (also for ZDNet) tells us that Apple, Google have similar phone addiction approaches with iOS, Android. Well, it’s always nice (if unexpected) when Big Business displays a sense of civic responsibility. However, Dignan is probably right when he remarks: “The research is just starting to be compiled on smartphone addiction and what happens when your life is overloaded by apps and notifications. Think of the digital health push from Apple and Google as a way to provide talking points before screen time becomes a Congressional hearing someday.”

David Harley

May 30th updates

Updates to Anti-Social Media 

Sophos: Facebook battles tiny startup over privacy accusations John E. Dunn remarks:

“You can argue Six4Three’s allegations either way … they’re another example of the way the company perfectly understood the value of its user data and wanted to monetise it.”

“Alternatively, by restricting third parties, Facebook was simply reigning in risky access that privacy advocates believe should never have been allowed in the first place.”

Updates to Cryptocurrency/Crypto-mining News and Resources

ESET: UNICEF now using cryptocurrency mining for fundraising – “So far in 2018, the NGO has launched two charity campaigns with the aim of raising funds through cryptocurrency mining.”

Technode: Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems – “Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 […] EOS is a blockchain-based, decentralized system that enables the development, hosting, and execution of commercial-scale decentralized applications (dApps) on its platform.”

Updates to GDPR page

The Register: Businesses brace themselves for a kicking as GDPR blows in – “Securing company data just got even harder”

Updates to Internet of (not necessarily necessary) Things

The Register: Softbank’s ‘Pepper’ robot is a security joke – “Big-in-Japan ‘bot offers root access through hard-coded password and worse bugs too”

Sophos: California tests digital license plates. Is tracking cars next? –  Lisa Vaas comments: ‘Yes, now we can add license plates to the pile of “do we really need xyz IoT thing,” which already includes internet-enabled fridges, toasters, washing machines and coffee makers.’ And mentions quite a few of the issues that this initiative raises. What could go wrong?

Updates to MELTDOWN/SPECTRE AND OTHER CHIP-RELATED RESOURCES

Interesting paper: Post-Spectre Threat Model Re-Think

Updates to Mac Virus

(1) Bleeping Computer: Malware Found in the Firmware of 141 Low-Cost Android Devices – “Two years after being outed, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.” 

Dr Web report from 2016: Doctor Web discovers Trojans in firmware of well-known Android mobile devices – “Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.”

Avast report from 24th May 2018: Android devices ship with pre-installed malware – “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”

(2) Meanwhile, Sophos’ Matt Boddy has been looking at how to find out the answer to the question Are your Android apps sending unencrypted data? He says:

“My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.

I’ll tell you what I did, what I discovered and how you can do it too.”

Updates to Anti-Malware Testing

AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.

No information at present on exactly how the voting went, which I’d like to have seen in the interests of transparency.

David Harley

21st May 2018 update

Updates to Anti-Social Media 

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

New Scientist: Huge new Facebook data leak exposed intimate details of 3m users  – “Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.” And some commentary from The Register: How could the Facebook data slurping scandal get worse? Glad you asked – “Three million “intimate” user profiles offered to researchers”

And commentary from Sophos: Facebook app left 3 million users’ data exposed for four years

Updates to Cryptocurrency/Crypto-mining News and Resources

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

ZDNet: Brutal cryptocurrency mining malware crashes your PC when discovered  – “…the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency.”

Help Net Security: 25% of companies affected by cloud cryptojacking

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page may indeed be necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Updates to Tech support scams resource page

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

Updates to Specific Ransomware Families and Types

Bleeping Computer: New Bip Dharma Ransomware Variant Released

ArsTechnica: All of Mugshots.com’s alleged co-owners arrested on extortion charges

Updates to Mac Virus

Bleeping Computer: The Facebook Android App Is Asking for Superuser Privileges and Users Are Freaking Out

Help Net Security: Google will force Android OEMs to push out security patches regularly

Kaspersky: WHO’S WHO IN THE ZOO. CYBERESPIONAGE OPERATION TARGETS ANDROID USERS IN THE MIDDLE EAST

Symantec: Malicious Apps Persistently Appearing on Google Play and Using Google Icons
– “Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported.”

Sophos: The next Android version’s killer feature? Security patches “…the next version of Google’s mobile OS will require device makers to agree to implement regular security patches for the first time in the operating system’s history.’

Updates to Anti-Malware Testing

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

Updates to Chain Mail Check

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

April 17th updates

Updates to Anti-Social Media 

Brian Krebs: Deleted Facebook Cybercrime Groups Had 300,000 Members – “Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups … who flagrantly promoted a host of illicit activities on the social media network’s platform … The average age of these groups on Facebook’s platform was two years.”

Updates to Meltdown/Spectre and other chip-related resources

Note that this page’s name has now been changed to reflect the fact that it addresses a wider range of chip issues and news than Spectre and Meltdown, as witnessed by these links.

[News and general resources section]

Help Net Security: Rambus launches fully programmable secure processing core – “At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU.”

The Register: Microsoft has designed an Arm Linux IoT cloud chip… – “Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.”

Paul Ducklin for Sophos: Could an Intel chip flaw put your whole computer at risk? – “Well, the spectre of CIH is back in the news following a recent security advisory, numbered INTEL-SA-00087, from chip maker Intel.”

Updates to (new page) Internet of (not necessarily necessary) Things

  • National Cyber Security Centre: Advisory: Russian State-Sponsored
    Cyber Actors Targeting Network Infrastructure Devices
    “Since 2015, the US and UK Governments have received information from multiple sources including private and public sector cybersecurity research organisations and allies that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide. The US and UK Governments assess that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals.”
  • Commentary from Help Net Security: US, UK warn Russians hackers are compromising networking devices worldwide

Trend Micro: Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware – “What is the most common internet-of-things (IoT) device across network infrastructures, whether in homes or businesses? Answer: the router.”

Updates to Mac Virus

Security Research Labs: Mind the Gap – Uncovering the Android patch gap through binary-only patch analysis (HITB conference, April 13, 2018)

Commentary by Help Net: Your Android phone says it’s fully patched, but is it really?

E Hacking News: New malware strikes panic among B’luru bank customers – “The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts … The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders.

Kaspersky: GOOGLE PLAY BOOTS THREE MALICIOUS APPS FROM MARKETPLACE TIED TO APTs

 

David Harley

April 16th 2018 updates

Updates to Anti-Social Media 

Updates to Meltdown/Spectre – Related Resources

Bleeping Computer: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Updates to: Ransomware Resources  and Specific Ransomware Families and Types

Researchers at Princeton: Machine Learning DDoS Detection for Consumer Internet of Things Devices. “…In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks.” Commentary from Help Net: Real-time detection of consumer IoT devices participating in DDoS attacks

Updates to Specific Ransomware Families and Types

Pierluigi Paganini: Microsoft engineer charged with money laundering linked to Reveton ransomware

Updates to Mac Virus

Mozilla: Latest Firefox for iOS Now Available with Tracking Protection by Default plus iPad Features. Commentary from Sophos: Tracking protection in Firefox for iOS now on by default – why this matters

The Register: Android apps prove a goldmine for dodgy password practices “And password crackers are getting a lot smarter…An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.” Summarizes research described by Will Dormann, CERT/CC software vulnerability analyst, at BSides.

David Harley

April 15th resource updates

Updates to Anti-Social Media 

The Register: Super Cali’s frickin’ whiz kids no longer oppose us: Even though Facebook thought info law was quite atrocious – “Zuck & Co end fight against California’s privacy legislation” Extra points to El Reg for the title, even if it doesn’t actually scan very well. 🙂

Sophos: Facebook shines a little light on ‘shadow profiles’ (or what Facebook knows about people who haven’t signed up to Facebook).

Also from Sophos: Interview: Sarah Jamie Lewis, Executive Director of the Open Privacy Research Society. OPRS is a privacy advocacy and research group aiming to “to make it easier for people, especially marginalized groups (including LGBT persons), to protect their privacy and anonymity online…”

Updates to Cryptocurrency/Crypto-mining News and Resources

F5: WINDOWS IIS 6.0 CVE-2017-7269 IS TARGETED AGAIN TO MINE ELECTRONEUM – “Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero, and install malware to launch targeted attacks against organizations by the notorious “Lazarus” group.”

The Register: Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter. “Indian Bitcoin exchange Coinsecure has mislaid 438.318 BTC belonging to its customers.”

Help Net Security: 2.5 billion crypto mining attempts detected in enterprise networks – “The volume of cryptomining transactions has been steadily growing since Coinhive came out with its browser-based cryptomining service in September 2017.” This is commentary on an earlier article from Zscaler: Cryptomining is here to stay in the enterprise.

Updates to Meltdown/Spectre – Related Resources

Help Net Security: AMD users running Windows 10 get their Spectre fix – microcode to mitigate Spectre variant 2, and a Microsoft update for Windows 10 users.

Updates to Specific Ransomware Families and Types

[14th April 2018] Bleeping Computer re PUBG (and RensenWare, a blast from the past): PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown’s Battlegrounds, based on research from MalwareHunter. Described as a joke, but apart from the fact that such messing with a victim’s data might conceivably go horribly wrong in some circumstances – it doesn’t appear to be an impeccably well-coded program – and is likely in any case to cause the victim serious concern, it looks to me as though this is criminal activity, involving unauthorized access and modification in most jurisdictions.

Updates to Mac Virus

The Register: Exposed: Lazy Android mobe makers couldn’t care less about security  “Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is”

Graham Cluley for Bitdefender: China forces spyware onto Muslim’s Android phones, complete with security holes. Links to Adam Lynn’s report for the Open Technology Fund: App Targeting Uyghur Population Censors Content, Lacks Basic Security

Updates to Anti-Malware Testing

[14th April 2018]

Fairness and ethical testing: Pointer to a blog for ESET by Tony Anscombe: Anti-Malware testing needs standards, and testers need to adopt them “A closer look at Anti-Malware tests and the sometimes unreliable nature of the process.” A good summary, and a useful reminder of the work that AMTSO is doing, but it’s a shame that after all these years we still need to keep making these points.

David Harley

AVIEN resource updates 31st March 2018

Updates to Anti-Social Media

 (HT to Mich Kabay for pointing out the Economist articles – NB there’s a limit on how many you can view without subscribing.)

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Updates to Mac Virus

(1) iOS

(2) Android

Updates to Anti-Malware Testing Blog

David Harley

Resource updates 21st March 2018

Additions to the new Anti-Social Media page:

Additions to Meltdown/Spectre – Related Resources