This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology.
Last month, cybersecurity experts warned the public about the data collection embedded in the Donald Trump 2020 re-election campaign’s mobile app. Once downloaded, the app requests broad access to user information, including device contacts, rough location, device storage, ID, call information, Bluetooth pairing, and more.
Tune in to hear about the progression of Bluetooth technology, how the tech is used in online advertising today, and more, on the latest episode of Lock and Code, with host David Ruiz.
We cover our own research on:
- Stalkerware advertising ban by Google. A step in the right direction, but there is more that needs to be done.
- Website misconfigurations and other errors that open up an avenue for attackers to abuse your site.
- A coordinated social engineering attack left Twitter in turmoil. Attackers used high profile Twitter accounts to get rich quick.
- The return of Emotet.
Plus other cybersecurity news:
- Google Cloud launches Confidential VMs, a new type of virtual machine that makes use of the company’s work around confidential computing to ensure that data isn’t just encrypted at rest but also while it is in memory. (Source: TechCrunch)
- The GoldenHelper malware found in China-mandated software is even more extensive than originally thought. (Source: ArsTerchnica)
- The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon. (Source: Wired)
- The Cybersecurity and Infrastructure Security Agency (CISA) told federal agencies to patch wormable Windows DNS bug in 24 hours. (Source: BleepingComputer)
- Blackrock is Android banking malware that can steal information from an estimated 337 apps, including Amazon, Facebook, Gmail and Tinder. (Source: Tom's Guide)
Stay safe, everyone!