Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google’s defenses. Google’s Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google’s security checks. Now… Read More

The federal government is attempting to convince Australians it can be trusted to handle personal data collected by the coronavirus contact tracing app. But it’s an uphill battle due to a long history of secrecy and failures to live up to promises on security and privacy of Australians’ data. Governments around the world are dealing… Read More

RIPE speaks out against China and Huawei’s ‘New IP’ internet upgrade plan, says internet standards should be left to the IETF, not the UN. EU-based Internet governance body RIPE is opposing a proposal to remodel core internet protocols, a proposal backed by the Chinese government, Chinese telecoms, and Chinese networking equipment vendor Huawei. Named ‘New… Read More

Whole Foods is keeping an eye on stores at risk of unionizing through an interactive heat map, according to five people with knowledge of the matter and internal documents viewed by Business Insider. The heat map is powered by an elaborate scoring system, which assigns a rating to each of Whole Foods’ 510 stores based… Read More

In an attempt to stem the tide of the coronavirus pandemic, at least 30 governments around the world have instituted temporary or indefinite efforts to single out infected individuals or maintain quarantines. Many of these efforts, in turn, undermine personal privacy. It’s a complex trade-off: Governments need information to create containment strategies and know where… Read More

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com,the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com. Escrow.comhelps people safely… Read More

Alleged Windows flaw allows for remote code execution and is being flogged for $500,000. Hackers claim they have discovered two zero-day vulnerabilities for the Zoom video conferencing platform that would allow threat actors to spy on people’s private video conferences and further exploit a target’s system. Flaws target Zoom clients for the Windows and the… Read More

Pastebin quietly changed its terms and services that allowed researchers to study leaked data, malware, and stolen passwords. The most famous paste site, used by hackers of all stripes to host lists of stolen passwords, announcements of data breaches, and malware has made it harder for security researchers to scrape it looking for that kind… Read More

Israeli researchers use vibrations from CPU, GPU, or PC chassis fans to broadcast stolen information through solid materials and to nearby receives, breaking air-gapped system protections. Academics steal data from air-gapped systems using PC fan vibrations Israeli researchers use vibrations from CPU, GPU, or PC chassis fans to broadcast stolen information through solid materials and… Read More

The European Commission (EC) has published a document describing how it thinks member nations can best built a contact-tracing smartphone app to fight the COVID-19 pandemic. Such apps have been adopted by Singapore and India. The UK, USA and Australia have all suggested they’ll soon follow suit. Apple and Google have weighed in, saying they’ll… Read More