358: New Android Banking Malware! (It Tracks EVERYTHING)
Episode description
Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then, a warning from Okta on cred-stuffing attacks, and a critical bug in R that exposes orgs to supply chain risks. Collection agency FBCS got pwned this week, with millions of records being exposed - but in happier news, the Japanese police are starting a new effort to keep elderly citizens from falling prey to payment card scams.
The ArcaneDoor was a big story this week, as was yet anothrer WordPress plugin vulnerability - and in this week's D'oh! segment, the popular iSharing app was found to be sharing users locations (even when services were disabled). FInally, in our deep dive, we take a look at new Android banking malware Brokewell.
Like what you heard? Take a look at this week's articles:
https://www.theregister.com/2024/04/29/uk_lays_password_legislation/
https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
https://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-risk
https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations/
https://www.techradar.com/pro/security/collection-agency-data-breach-affects-millions-of-users
https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/
https://www.msspalert.com/news/cyber-spies-burrow-into-cisco-firewall-platforms-in-zero-day-exploits
https://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware