Search Results for “Andy Greenberg”


May 12, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
WannaCry Hero Marcus Hutchins Reveals the Backstory to His Arrest by the FBI for Helping to Develop the Kronos Banking Trojan

In a highly personal, detailed, and revelatory backstory, WannaCry hero Marcus Hutchins, also known as MalwareTechBlog, tells the tale of how at a young age he became involved in the development of the Kronos banking trojan, for which he was arrested by the FBI immediately following DEF CON in 2017. Hutchins walks through his childhood and family life to describe his precocious interest in and talent for digital and computer technology. He also discusses his early involvement in dark web forums and marketplaces, where he gained access to illegal drugs, including amphetamines. Fueled by the stimulants and consumed by long hours of software and minor malware development, Hutchins got ensnared into deeper and deeper involvement with the developer of the Kronos banking malware and divulged more personal details with him – and another online contact – than he should have. Those divulgences ultimately led to his arrest in Las Vegas.

Tweets:@a_greenberg @malwaretechblog @malwaretechblog @nxthompson @dannyjpalmer @martijn_grooten @gsuberland @bobmcmillan @evacide @malwarejake @malwaretechblog

@a_greenberg: Three years ago today, Marcus Hutchins stopped WannaCry, an $8 billion cyberattack. Then the FBI arrested him. Today we're publishing a 14,000-word cover story that finally tells his full, untold tale, from 15yo criminal to hero to convict to redemption.
@malwaretechblog: Ok, here we go.
@malwaretechblog: This is something I've wanted to do for a long time. I felt it better to share the full unadulterated story, and let people make up their own minds. It meant discussing a lot of uncomfortable facts about my past, but I want the story not to be some airbrushed half-truth.
@nxthompson: Three years ago, Marcus Hutchins saved the internet when he stopped WannaCry, one of the worst cyberattacks in history. But then the FBI mysteriously arrested him. Why? Here's the incredible story of his life, from criminal to hero to convict to ...
@dannyjpalmer: It's three years ago today the world was hit by WannaCry ransomware - and the NHS was one of the major casualties. Here's what was the first of my many reports on the attack - which back then we were still referring to as 'WannaCrypt' https://zdnet.com/article/hospitals-across-england-hit-by-cyber-attack-systems-knocked-offline/ via @ZDNet
@martijn_grooten: This is such a well-written and important piece. FWIW, I am quoted as saying (in July 2017): "I can vouch for Marcus being a really nice guy and also for having strong ethics". I explicitly did not make any claims about his innocence. I would still vouch for him today.
@gsuberland: @MalwareTechBlog Hey, just thought I'd say that I would've put in for your legal defence funds regardless of whether or not you'd actually done what they accused you of. Nobody deserves to go through the US legal system without the means to traverse it fairly.
@bobmcmillan: This is a very good story. Classic @a_greenberg One thing that I've always wondered is why did the FBI pursue this case? Often they will flip a suspect in exchange for intel, but in this case, Hutchins was already providing law enforcement with valuable info. Why stop that?
@evacide: When I start to lose faith in humanity, I remember that @tarah put up her entire Symantec severance and dashed barefoot across Vegas to bail out @MalwareTechBlog, whom she had barely met.
@malwarejake: I've said it before and I'll say it again: @deviantollam and @tarah are outstanding human beings. This story from @a_greenberg highlights their selfless acts in helping @MalwareTechBlog through his legal ordeal. Outstanding article, outstanding humans.
@malwaretechblog: Article doesn't go into legal strategy, but @marciahofmann, @brianeklein & Dan Stiller were incredible. Not only did they support my decision to reject deal, but also got my aggravated felony charges dropped (these would have resulted in a permanent ban from entering the US).


May 10, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Thunderspy Attack Exploits Flaw in Intel’s Thunderbolt Interface to Open New Avenue for ‘Evil Maid’ Attack

A new technique called Thunderspy can bypass the login screen of a sleeping or locked computer, and even its hard disk encryption, on Thunderbolt-enabled Windows or Linux PCs manufactured before 2019. The technique can allow attackers to gain full access to the computer’s data, Eindhoven University of Technology researcher Björn Ruytenberg revealed. Although the attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be completed in a few minutes, opening a new avenue to the so-called “Evil Maid” attack. Intel’s Thunderbolt interface, which promises faster speeds by allowing more direct access to memory, has frequently posed security problems. As a consequence, researchers recommend taking advantage of a Thunderbolt feature known as “security levels.” However, using the Thuderspy attack, attackers can even bypass this protection level. Intel, and some PC makers, say they have protection against this attack, although Ruytenberg says the flaws he found extend to Intel’s hardware, and can’t be fixed with a mere software update.

Related: Thunderspy, fossBytes, Reddit – cybersecurity, Engadget, Sensors Tech Forum, TechNadu, Silicon Republic, TechSpot, The Next Web, IT Pro, iPhone Hacks, 9to5Mac, Security News | Tech Times, fossBytes, Engadget, SecurityWeek, ZDNet Security, SlashGear » security, Neowin, Reddit – cybersecurity, The Verge, Silicon Republic, WCCFtech, BetaNews, Appleosophy, 9to5Mac, Naked Security, MSSP Alert, BGR, DataBreachToday.com, Techradar, TechWorm, Schneier on Security, Reddit-hacking, CISO MAG, TechJuice, HOTforSecurity, Ars Technica

Tweets:@a_greenberg @0Xiphorus @campuscodi @campuscodi @kennwhite @mattiasgeniar @paulmillr @markwilsonwords

Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
Sensors Tech Forum: Thunderspy Attack Used To Hack Thunderbolt Ports: Millions of PCs Affected
TechNadu: “ThunderSpy” Is Threatening to Steal Your Data Right From the Laptop Port
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
TechSpot: New Thunderbolt flaw lets hackers bypass security features in five minutes
The Next Web: There’s a new Thunderbolt bug, check if your computer is affected
IT Pro: Thunderbolt flaw exposes millions of PCs to attack | IT PRO
iPhone Hacks: Major Thunderbolt Security Exploit ‘Thunderpsy’ Allows Hacker to Steal Data from Encrypted Drive, Partially Affects macOS
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Security News | Tech Times: [HACKERS] Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes
fossBytes: Any PC Manufactured Before 2019 Is Vulnerable To ‘Thunderspy’ Attack
Engadget: Thunderbolt flaw lets hackers steal your data in ‘five minutes’
SecurityWeek: Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks
ZDNet Security: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
SlashGear: New Thunderbolt hack exposes your files: How to check if you’re safe
Neowin: Thunderbolt flaw allows a hacker to obtain access to a PC’s data within minutes
Reddit – cybersecurity: A Thunderspy attack on all PCs with Thunderbolt ports shipped between 2011 and 2020 allows an attacker with only five minutes of physical access to the device to read and copy all its data, even if the drive is encrypted and the computer is locked or set
The Verge: Thunderbolt flaw allows access to a PC’s data in minutes
Silicon Republic: Thunderspy: What you need to know about unpatchable flaw in older PCs
WCCFtech: Thunderbolt Security Flaw in Intel Chips Affects All Compatible Macs and PCs
BetaNews: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines
Appleosophy: Severe Thunderbolt flaw discovered affecting Mac’s shipped between 2011-2020
9to5Mac: Major Thunderbolt security flaws found, affect Macs shipped 2011-2020
Naked Security: Thunderspy – why turning your computer off is a cool idea!
MSSP Alert: Intel Thunderbolt Vulnerability Details Explained
BGR : This Thunderbolt vulnerability puts millions of PCs in danger
DataBreachToday.com: New Thunderbolt Flaws Disclosed to Intel
Techradar: Buy Windows 10: the cheapest prices in May 2020
TechWorm: Thunderbolt Vulnerability Affects millions of PCs Manufactured Before 2019
Schneier on Security: Attack Against PC Thunderbolt Port
Reddit-hacking: Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
CISO MAG: Millions of Computers Open to Thunderbolt Port Vulnerabilities
TechJuice: Major security flaw discovered in Thunderbolt-equipped devices
HOTforSecurity: Thunderspy Attack Affects all Computers with Thunderbolt Released in the Past Decade
Ars Technica: Thunderspy: What is is, why it’s not scary, and what to do about it

@a_greenberg: Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.
@0Xiphorus: This has been a long time coming. Today we release Thunderspy. Find full details at https://thunderspy.io. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt
@campuscodi: Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.
@campuscodi: Oh, look. Some disclosure drama
@kennwhite: “Thunderspy [Intel exploit] enables creating arbitrary Thunderbolt device identities and cloning user-authorized Thunderbolt devices, even in the presence of Security Levels pre-boot protection and cryptographic device authentication”
@mattiasgeniar: "If your computer has a Thunderbolt port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep." tl;dr: stop using computers. ¯\_(?)_/¯ https://thunderspy.io
@paulmillr: This looks bad. An attacker could read your encrypted drive & contents of a RAM, even when the laptop is sleeping. All it takes is inserting a device into USB/Thunderbolt port. All macbooks are affected, even with Linuxes. Can't be fixed in software.
@markwilsonwords: Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines https://betanews.com/2020/05/11/thunderspy-security-vulnerability/ via @BetaNews


May 28, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
NSA Warns That Russian State-Backed Hacker Group Sandworm Has Been Exploiting Known Flaw in Exim Mail Transfer Agent

Using its newly created blog, and its even more brand new Twitter account devoted to cybersecurity, the NSA issued an advisory that the Russian hacker group known as Sandworm, a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent that runs on email servers around the world. Exim is an alternative to more prominent players like Exchange and Sendmail. NSA says that Sandworm has been exploiting vulnerable Exim mail servers since at least August of 2019, using the hacked servers as an initial infection point on target systems and likely pivoting to other parts of the victim’s network. The vulnerability used by Sandworm allows an attacker to merely send a malicious email to the server and immediately gain the ability to run code on the server remotely. In its intrusions, the NSA warns. The spy agency recommends that administrators patch their Exim software immediately, comb their traffic logs for signs of exploitation, and segment their networks to make it harder for intruders to exploit their initial compromise of a mail server.

Related: Cyberscoop, ZDNet, NSA, Washington Examiner, SiliconANGLE, iTnews – Security, Security Affairs, Bleeping Computer, CBSNews.com, RT USA, Dark Reading: Attacks/Breaches, Law & Disorder – Ars Technica, Japan Today, Associated Press Technology, TribLIVE, Washington Examiner, FCW, Jerusalem Post, Task & Purpose, Reuters: U.S., Security – Computing, Infosecurity Magazine, HOTforSecurity, Help Net Security, The State of Security, Computer Business Review, The Register

Tweets:@NSACyber @a_greenberg @campuscodi @shanvav @Adam_K_Levin @Bing_Chris @bleepincomputer @bleepincomputer @bleepincomputer

Cyberscoop: NSA calls out Russian military hackers targeting mail relay software
ZDNet: NSA warns of new Sandworm attacks on email servers
NSA: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
SiliconANGLE: NSA warns Russian hacking group is targeting unpatched email servers
iTnews – Security: NSA warns ‘Sandworm’ hackers targeting email servers
Security Affairs: NSA warns Russia-linked APT group is exploiting Exim flaw since 2019
Bleeping Computer: NSA: Russian govt hackers exploiting critical Exim flaw since 2019
CBSNews.com: NSA warns of new “Sandworm” cyberattacks by Russia-backed hackers
RT USA: NSA urges email providers to update software warning that ‘Russian military hackers’ already gained ‘dream access’ to them
Dark Reading: Attacks/Breaches: NSA Warns Russia’s ‘Sandworm’ Group Is Targeting Email Servers
Law & Disorder – Ars Technica: Russian hackers are exploiting bug that gives control of US servers
Japan Today: NSA: Russian agents have been hacking major email program
Associated Press Technology: NSA: Russian agents have been hacking major email program
TribLIVE: NSA: Russian agents have been hacking major email program
Washington Examiner: NSA accuses Russian military hackers of targeting US systems
FCW: NSA warns Russian hackers exploited email flaw
Jerusalem Post: NSA warns of ongoing Russian hacking campaign against US systems
Task & Purpose: NSA warns of ongoing Russian hacking campaign against US systems
Reuters: U.S.: NSA warns of ongoing Russian hacking campaign against U.S. systems
Security – Computing: Hackers linked with Russian military intelligence are exploiting Exim mail transfer agent bug to target US organisations, NSA warns
CyberSecurity Help s.r.o.: Sandworm hacking group exploiting Exim flaw since at least 2019
Infosecurity Magazine: NSA: Russian Military Sandworm Group is Hacking Email Servers
HOTforSecurity: Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA
Help Net Security: NSA warns about Sandworm APT exploiting Exim flaw
The State of Security: Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent
Computer Business Review: Exim Vulnerability: GRU Widely Exploited Critical 2019 Bug, Warns NSA
The Register: It’s not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

@NSACyber: Sandworm Team, Russian GRU Main Center for Special Technologies actors, continue to exploit Exim mail transfer agent #vulnerability, CVE-2019-10149. Patch to the latest version to protect your networks. Learn more here: https://nsa.gov/News-Features/
@a_greenberg: NSA warns Russia's Sandworm hackers have been exploiting Exim mail servers using a bug from last June. Not exactly surprising, but given the source and Sandworm's history—from NotPetya to the attacks on US State Boards of Election in 2016—worth watching.
@campuscodi: BREAKING: NSA warns of new Sandworm APT attacks on email servers - attacks target Exim email server - they exploit CVE-2019-10149 (Return of the WIZard) - attacks have been happening since August 2019 - Sandworm plants backdoors, creates new admin user https://zdnet.com/article/nsa-wa
@shanvav: BREAKING: NSA calls out Russian military hackers targeting mail relay software https://hubs.ly/H0qVX_P0 by @shanvav
@Adam_K_Levin: A Russian hacking group tied to power-grid attacks in Ukraine, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.
@Bing_Chris: NSA warns of ongoing Russian hacking campaign against U.S. systems
@bleepincomputer: The @NSACyber attributes the attacks to Sandworm Team, a.k.a: * BlackEnergy Group * ELECTRUM * Hades/OlympicDestroyer * Voodoo Bear
@bleepincomputer: The earliest attacks were tracked to August 2019, less than a month after Exim was patched for CVE-2019-10149 The flaw allows execution of arbitrary commands with root privileges on Exim mail servers.
@bleepincomputer: Attackers can exploit this vulnerability remotely on servers where "verify = recipient" ACL is removed by sending an email


May 4, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Apple and Google Release Details on Their Coronavirus Contact Tracing App, Only Governments Will Have Access to API, Location Tracking Banned

Apple and Google have released new details on their Bluetooth-based system that will let health care authorities track potential encounters with Covid-19, making clear that only government agencies, preferably at the national level, will be given access to the application programming interface. However, the two tech giants are willing to work with regional and state-level authorities. If government-run apps want access to Apple and Google’s Bluetooth-based system, they won’t be allowed to collect location data. They must ask for consent before collecting information on a user’s proximity to others. They will also need permission to upload any information from the phones of Covid-19 positive people as well. The two companies also published sample user interfaces for the first time. However, they say the images for how the contact tracing system will work are merely for reference because health agencies will build the final apps.

Related: Data Protection Report, ET news, CPO Magazine, The Register – Security, DataBreachToday.com, TechTarget, MSSP Alert, Computer Business Review, Voice of America, Panda Security Mediacenter, MacDailyNews, MacDailyNews, The Sun, TechTarget, Vox, Reuters, Ars Technica, RT USAAndroid Authority, xda-developers, CNBC, Slashdot, MacDailyNews, Engadget, The Verge

Tweets:@a_greenberg @Wired @josephmenn @ncweaver @lukOlejni

Data Protection Report: StopCovid: the French contact-tracing app
ET news: France’s StopCovid app to begin testing before wider rollout
CPO Magazine: MIT Researchers Develop a COVID-19 Contact Tracing App That Preserves Privacy Using Random IDs
The Register – Security: India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
DataBreachToday.com: Digital Contact-Tracing Apps: Hype or Helpful?
TechTarget: Research institutes warn of necessity for UK contact-tracing app to…
MSSP Alert: COVID-19, Contact Tracing and U.S. Government Surveillance Concerns: Research
Computer Business Review: ICO Releases Data Protection Guide for Contact Tracing Apps
Voice of America: European Virus Tracing Apps Highlight Battle for Privacy
Panda Security Mediacenter: What to expect from the upcoming Apple and Google contact tracing apps
MacDailyNews: France continues to insist on centralized COVID-19 contact tracing while Apple refuses to budge
The Sun: What is the contact tracing app and how do I download it?
TechTarget: NHSX contact-tracing app needs legislative oversight
Vox: Contact tracing, explained
Reuters: Apple, Google ban use of location tracking in contact tracing apps
Ars Technica: Here’s how Apple, Google will warn you if you’ve been exposed to COVID-19
RT USA: Google & Apple set some lucky programmers up for lucrative monopoly with new rules for contact-tracing app
Android Authority: Google, Apple lay out strict rules for Exposure Notification API, no GPS data
xda-developers: [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
CNBC : Apple and Google reveal what their coronavirus contact tracing system might look like (CNBC: Top News)
Slashdot: Apple, Google Ban Use of Location Tracking in Contact Tracing Apps
MacDailyNews: Apple, Google ban use of location tracking in contact tracing apps
Engadget: Apple and Google tell health departments their privacy requirements for coronavirus tracking
The Verge: Apple and Google show what their exposure notification system could look like

@a_greenberg: Google and Apple have clarified a few more privacy restrictions for the apps that will use their Bluetooth-based Covid-19 exposure alert system. They've also shown some examples of what it could look like: http://wired.com/story/apple-go… This will not be a fun push notification to get.
@Wired: Apple and Google have released new details on their contact tracing plans. Only government agencies will be able to access the application programming interface, and the apps will not be allowed to collect location data. Here's how the apps might look:
@josephmenn: Apple, Google ban use of location tracking in contact tracing apps
@ncweaver: OK, I'm starting to agree with @stewartbaker that Apple & Google are taking the privacy thing too far: https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W Keeping location data on the phone for contact tracing for 14 days, along with the bluetooth contact data, is privacy sensitive and reasonable.
@lukOlejni: Google and Apple will ban the use of geolocation to contact tracing #COVID?19, including for government apps. Technological policing? ;) https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W?taid=5eb053bc3b463d000141f938


March 8, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Millions of Cars That Use Chip-Enabled Mechanical Keys Are Vulnerable to High-Tech Theft Due to Flaw in Texas Instruments Encryption System

Millions of cars that use chip-enabled mechanical keys are vulnerable to high-tech theft due to cryptographic flaws and a bit of hot wiring, researchers from K.U. Leuven in Belgium and the University of Birmingham in the U.K. have revealed. The academics discovered new vulnerabilities they found in the encryption systems used by immobilizers, the radio-enabled devices inside of cars that communicate at close range with a key fob to unlock the car’s ignition and allow it to start. They mainly found problems in how Toyota, Hyundai, and Kia implement a Texas Instruments encryption system called DST80. A hacker who swipes a relatively inexpensive Proxmark RFID reader/transmitter device near the key fob of any car with DST80 inside can gain enough information to derive its secret cryptographic value. The affected car models include the Toyota Camry, Corolla, and RAV4; the Kia Optima, Soul, and Rio; and the Hyundai I10, I20, and I40. Although the Tesla S was also affected, the researchers reported the DST80 vulnerability to Tesla last year, and the company pushed out a firmware update that blocked the attack. Hyundai said the flaw doesn’t affect models it sells in the U.S., and Toyota said the vulnerability applies only to older models.

April 7, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Zero-Day Exploits Now Used by Wider Array of Countries Thanks in Part to Hackers-for-Hire Including NSO Group, Gamma Group, and Hacking Team

Although once restricted to the most sophisticated hackers, the global map of zero-day exploit hacking has expanded far beyond the United States, Russia, and China, as more countries than ever buy themselves a spot on it, according to researchers at FireEye. FireEye’s analysis, which draws in data from other research organizations’ as well as Google Project Zero’s database of active zero-days, was able to link 55 of those secret hacking techniques to state-sponsored operations, going so far as to name which country’s government it believes to be responsible in each case. The map highlights how less expected countries, such as the United Arab Emirates and Uzbekistan, now leverage zero-day weapons, thanks in part to a rising industry of hackers-for-hire including NSO Group, Gamma Group, and Hacking Team, that develop zero-day tools and sell them to intelligence agencies around the world.

April 9, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Three Academic Teams Are Racing to Develop COVID-19 Contact Tracing Apps That Flatten the Curve on Government Snooping and Virus Infections At the Same Time

Teams of researchers are racing to develop COVID-19 contact tracing apps that notify potentially exposed users without handing over location data to the government, even going so far to focus on developing systems that keep infected users’ identity private while still notifying those who have come in contact with those users. The groups that are attempting to “flatten the curve” on authoritarianism, as well as the number of infections, include COVID Watch, led by Stanford computer scientist Cristina White, an MIT project called Private Kit: Safe Paths, and a project proposed to the Canadian government by a group of computer scientists from the University of Pennsylvania, the University of Toronto, and McGill University. The three teams are all collaborating with each other to some degree.

April 17, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Google and Apple Face as Host of Privacy-Related Questions Regarding Their Proposed COVID-19 Tracing Apps, As Well as Fears of Surveillance and False-Positive Emotional Turmoil

When announcing last week that they will jointly develop COVID-19 tracing apps, Apple and Google said that starting next month they’ll add new features to their mobile operating systems that make it possible for certain approved apps, run by government health agencies, to use Bluetooth radios to track physical proximity between phones. If someone later receives a positive COVID-19 diagnosis, they can report it through the app, and any users who have been in recent contact will receive a notification. The system will be entirely opt-in, with no location data and only positive coronavirus users reported. Security and privacy experts have nevertheless pointed to serious privacy flaws with the proposed tracing system, including the fundamental questions of whether users are signing up for a surveillance system or will subject themselves to a more intrusive ad delivery system. On top of that is the emotional turmoil any false-positive tests may cause individuals.

Related: The Daily Swig, IT World Canada, Popular Science, Axios, Computer Business Review, The Sun, Roll Call, TechTarget, Startups News | Tech News, The Daily Swig, iMore, Android Central , The Register – Security, Pocket-lint, Pocket-lint, WRAL Tech Wire, MacRumors, Fortune, Business Insider, VentureBeat, AppleInsider, The Hacker News, MacDailyNews

The Daily Swig: Coronavirus: UK contact-tracing app raises privacy concerns
IT World Canada: Federal privacy commissioner issues framework for COVID-19 measures
Popular Science: Can smartphone apps track COVID-19 without violating your privacy?
Axios: Bluetooth-based coronavirus contact tracing finds broad support in tech and government
Computer Business Review: Europe Publishes Contact-Tracing App Guidelines
The Sun: Government’s London-centric coronavirus plan to ditch contract tracing, blasted by expert
Roll Call: ACLU cautiously approves COVID-19 tracking apps
TechTarget: EU warns no compromise on privacy as NHS clashes with tech firms on contact tracing
Startups News | Tech News: IoT tech startup Nodle launches Coalition, a free, privacy-first contact tracing app to help stop the spread of coronavirus (COVID-19)
The Daily Swig: Coronavirus contact-tracing apps are worse than useless – Schneier
iMore: UK’s NHS clashes with Google and Apple over contact tracing
Android Central : UK’s NHS clashes with Google and Apple over contact tracing
The Register – Security: Europe publishes draft rules for coronavirus contact-tracing app development, on a relaxed schedule
Pocket-lint: The EU has published draft rules for how contact tracing apps should work
Pocket-lint: How the NHSX coronavirus contact-tracing app will work
WRAL Tech Wire: Will contact tracing via apps help fight pandemic at risk of personal privacy?
MacRumors: Apple and Google in ‘Standoff’ With UK Health Service Over COVID-19 Contact Tracing App
Fortune: Researchers working on ‘contact tracing’ say they welcome Apple and Google’s help
Business Insider: The UK scrambles to launch its COVID-19 contact-tracing app, after getting derailed by Apple and Google
VentureBeat: ProBeat: Apple and Google’s contact detection API will fail, but they should build it anyway
AppleInsider: Security experts have concerns about Apple and Google contact tracing
The Hacker News: Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
MacDailyNews: ACLU has concerns with Apple-Google’s COVID-19 contact-tracing plan


April 28, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
PhantomLance Campaign Hid Data-Stealing Malware in Google Play Store to Target Users in Vietnam, Bangladesh, Indonesia and India, Vietnam’s APT32 Group Tied to the Campaign

In a hacking campaign called PhantomLance, nation-state spies hid data-stealing malware in the Google Play Store to target users in Vietnam, Bangladesh, Indonesia, and India, researchers at Kaspersky Lab report. PhantomLance’s hackers smuggled in the apps to infect only some hundreds of users, with the campaign likely sending links to the malicious apps to those targets via phishing emails. PhantomLace is tied to the hacker group OceanLotus, also known as APT32, widely believed to be working on behalf of the Vietnamese government, Kaspersky says. Google says it has taken actions against all the apps identified by the Kaspersky researchers.

Related: Business Wire Technology News, Dark Reading: Mobile, SecurityWeek, Reddit – cybersecurity, ZDNet Security,, Cyberscoop, BleepingComputer.com

Tweets:@juanandres_gs