Threat Management, Malware

ICYMI: infected apps; LinkedIn; NHS breach; GPS spoofing; board training

Researchers find more malware-infested apps on Google Play

Security researchers have discovered several apps on the Google Play store harbouring the Bankbot app. According to blog posts by SfyLabs and Zscaler, the apps are called 'Earn Real Money Gift cards'  (package name: com.moneygift.real.app) and 'Bubble Shooter Wild Life' (package name: com.bubblesooter.wildlife). Both are by the same author. Both companies said they have told Google about the apps. At the time of writing, both apps were still available to download.

Researchers said that the first app contained Bankbot while the second contains a dropper, malware used to install other malware when instructed. More....

Flaw in LinkedIn Messenger could harbour malware

Millions could have been exposed to malware bug in LinkedIn Messenger

Flaws in LinkedIn's own security restrictions could have allowed cyber-criminals to upload malware-laden attachments in the social network's messenger service.

According to security researchers at Checkpoint, when a valid file is uploaded and sent, LinkedIn's security protections scan the attachment for malicious activity. But it was discovered that attackers could bypass the security restrictions and attach a malicious file to the LinkedIn messaging service. More....

NHS 1.2 million patient name database hacked 'to expose weaknesses'

The NHS has suffered a data breach in its SwiftQueue appointment booking system whose database contains confidential records on up to 1.2 million people according to an exclusive report in the Sun tabloid newspaper.

The same report quotes SwiftQueue saying its database is not that big and its own initial investigation suggests only 32,501 “lines of administrative data” have been accessed, including patients' personal details, such as names, dates of birth, phone numbers and email addresses, but not patients' medical records and that passwords are encrypted. More....

GPS spoofing could have caused warship crash - US navy investigating

The US Navy will add cyber- incident to the scope of its investigation of the collision between a warship and another vessel, the second in recent months.

The US chief of naval operations, admiral John Richardson, has tweeted: “2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities.” Itay Glick commented: "The ship could have fallen victim to a GPS spoof or malware. Both USS McCain and USS Fitzgerald were part of the 7th Fleet;... there may be a connection. I don't believe in coincidence." More...

68% of boards not trained to deal with cyber-security incidents

Less than a third (105 companies) of FTSE 350 company boards responded to the UK Government's voluntary Cyber Governance Health Check Report 2017 – which suggests that the of figure of 68 percent of respondents receiving no training to deal with a cyber-incident is actually far worse in industry as a whole as those responding presumably rated the issue a higher priority.

Other key findings from those that did choose to respond is that even among these companies, ten percent did not have a plan in place to respond to a cyber-incident, and only six percent said that their business was completely prepared to meet the requirements of GDPR. More....

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.