CYBERSECURITY NEWS V. 05.08 – Fake FBI warnings, email leaks, guilty Xiaomi?
In-app ads threaten Android users
At least 400 apps in Google's Play Store are monetized through embedded proprietary advertising software. However, it was shown that malicious ads can be inserted into software development kits by scammers. These ads direct users to malicious websites that steal their data or swamp their devices with spam.
FBI impersonation with a twist
Fake FBI warnings distributed through email and web browsers are very well known. Users are convinced that they’re in trouble with the law and told to pay to fix that. A new version of this scheme uses malicious software called Black Rose Lucy (known at least since 2018), to target Android phone users.
Northwest Territories Power Corporation website under attack
The Northwest Territories Power Corporation’s website and email services were shut down due to a ransomware attack. However, there is no information about ransom. It is still unknown if the threat actors have only accessed the server hosting the website or if they were able to go further and encrypt other systems.
Reduce risks of ransomware attacks
Ransomware groups continue to target critical services across various industries, including healthcare and financial services. A recent Microsoft Threat Protection Intelligence Team blog reveals that ransomware attackers do not necessarily leave the victim's networks even after receiving the ransom. Instead, they can maintain their presence for months to launch new attacks. This shows that security analysis and investigation of incidents are a must to reduce the risk of attacks.
Millions of email addresses leaked to ad companies
Quibi, JetBlue, Wish, and others are accused of leaking users’ email addresses through HTTP referer headers. These leaks may not be accidental, as they allow ad partners to link the personal interest of users on a certain website to their email addresses and use this information to target them with specific ads.
Xiaomi accused of user behavior tracking
Xiaomi phones and the default Xiaomi browser distributed through Google Play Store are found to be tracking user activity. The collected data is sent to remote servers hosted by Alibaba and includes browser history, search queries, visited folders, screen swipes, status bar, and the settings page. Thus, the privacy of Xiaomi users is at risk. In the official statement, Xiaomi has announced that with the next browser update, users will be able to disable the aggregation of data.