This post is your weekly cyber security news update for the 3rd of September 2018. This post is part of the weekly cyber security news series with content curated by the hackers & experts at Security Brigade.
How not to get phished (like the DNC)
Watch this video to learn how a Spear Phishing campaign led to Russian hackers gaining access to the Democratic National Committee’s e-mails. Pro tip: Always check the link URL before clicking through, it will help bring clarity on whether the link is legitimate or not.
Ransomware Attacks Down, Fileless Malware Up in 2018
The use of fileless malware in attacks continues to grow and now represents 42 out of 1,000 endpoint attacks. The uptick represents a 94 per cent increase in the use of fileless-based attacks between January and June 2018.
As the name suggests, fileless malware infects targeted computers leaving behind no artefacts on the local hard drive, making it easy to sidestep traditional signature-based security and forensics tools. Typical attacks exploit vulnerabilities in browsers and associated programs (Java, Flash or PDF readers), or via a phishing attack that entices a victim to click on an attachment. They prey on gullible targets clicking on malicious links or files.
Despite Google’s defences for protecting Android’s official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered. Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play.
Hackers found three such malicious apps posing as astrology software that offered the horoscope. What they divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials.
Google Secretly Tracks What You Buy Offline Using Mastercard Data
Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.
Google has paid Mastercard millions of dollars in exchange to access this information.
Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.
According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google.
Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertisements turned into real-world retail sales.