 A new group of malware apps on Android have been downloaded 10 million times combined, according to researchers. Three malware apps have still not been removed by Google and are actively being used by Google Play Store visitors. More: - These apps can pose a risk for users even if they delete them from their devices. If a user installed these apps before their removal from the Play Store, they should uninstall them manually and perform an AV scan on their devices.
- The malware apps ask for permission to run in the background, enabling threat actors to breach their victims without alerting them.
- Some of the apps are able to change their icons, making it even more difficult for Android users to notice the risk they pose.
- Researchers have published a full list of the malware apps, which includes Neon Theme Keyboard with over 1 million downloads, Water reminder (100,000 downloads), Yoga from beginner to advanced (50,000), YouToon (1.5 million downloads), Pista, Cashe Cleaner, Caller Themes, 4d Wallpapers, etc.
| |
 T-Mobile will pay $350M in a hacking case settlement. The hack had affected 80 million U.S. customers. More: - The SEC has stated that the company will pay $350M for the purpose of paying the cost of administering the settlement.
- T-Mobile has vowed to invest $150M in data security during 2022 and 2023, while the decision is pending final court approval.
- The breach was initially reported in Aug. 2021, while its effect was not entirely known until the publication of the settlement case documents. Initially, researchers believed that the breach had affected 55 million customers, while now documents show that over 80 million customers were breached.
Zoom Out: - This is not the first time that T-Mobile has been breached, as the company suffered a data hack in 2020. Threat actors managed to steal names, email addresses, home addresses, etc.
| |
 A message from SQUARE Protect your income. Protect your data. Security is engineered into Square hardware and software from the ground up. Your payments are encrypted to protect from hackers. It’s all designed and maintained by Square so you don’t have to go through anybody else. Square has saved sellers $330 million since 2011 by managing and winning their disputes for them. See what Square can do for you. Square protects your business so you can focus on your next sale. New US Inside Readers exclusively get: The flexible, all-in-one solution trusted by millions of business owners with free processing on up to $1,000 in credit card transactions for the first 180 days. Afterwards, you pay the standard 2.6% + $0.10 per swipe for all major credit cards. Get Started For Free
| |
 Hackers have stolen payment data through the PrestaShop vulnerability. The hack may have affected over 300,000 users throughout Europe and Latin America. More: - The breach was acknowledged by the company in a statement. The company claims that the zero-day vulnerability that the hackers used is being addressed but may not be the only way hackers breached the victims.
- Hackers breached websites that were using an outdated version of PrestaShop. The attack does not affect versions 1.7.8.2 and later, according to the company.
- The threat actor is using SQL injection attacks by forcing the shops to send GET requests that lead to the creation of specific PHP files that exploit the victim's vulnerabilities.
- In order to remove the risk, victims should find the config/smarty.config.inc.php file and remove lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6).
| |
 A new report claims that hackers who use phishing have targeted financial services the most so far in 2022. Cloud and telecommunications were the second- and third-most attacked industries, respectively. More: - Financial companies are among the most impersonated and attacked companies by hackers so far in 2022. Credit Agricole, PayPal, and MTB were among the 10 most impersonated companies.
- Microsoft has been the most attacked cloud company, with attackers taking advantage of the multiple breaching incidents that the company has had this year.
- Hackers have managed to create a fake version of Microsoft Defender, convincing users to give out their phone numbers in exchange for fake free subscriptions.
- Google was the second-most-attacked cloud company and the 10th overall.
| |
 A message from PEOPLE.AI Two-thirds of B2B buyers prefer to do business online rather than talking to a salesperson. But even in the digital economy, people still buy from people – not technology. So what best practices can your sales people follow to engage the right prospects – at the right time – to align to new buyer preferences and increase win rates? The first step: Download this playbook, which will help your team learn new sales strategies, and unlearn obsolete knowledge. More specifically, you will: - Get tips on the skills required to build a best-in-class sales operations team.
- How to augment traditional sales KPIs with newer leading indicators that demonstrate success in the digital era.
- Unlock seven game-changing sales ops best practices to take back to your team.
Get your free playbook
| |
 Amadey malware is stealing data through SmokeLeader backdoor. SmokeLeader serves as a path opener for Amadey, which proceeds to steal data from its victims. This malware was first seen on internet forums a few years ago when it was being sold for as little as $600. More: - Amadey is able to steal credentials, metadata, and information about antivirus engines and can take screenshots.
- The malware was previously able to steal information from Microsoft Outlook, but now its capabilities can affect FileZilla, Pidgin, Total Commander FTP Client, RealVNC, TightVNC, TigerVNC, and WinSCP.
- Once Amadey is run, the malware copies itself to the Temp path. Then, Amadey registers as a startup folder to allow itself to be run after reboot. Once the malware is done sending screenshots and communicating with the C&C server, it creates a Rust-based file that penetrates Windows firewalls and forces the device to reboot, with the malware gaining admin privileges.
| |
Quick Hits: - When you align headless CMS with a modern DAM and analytics, you can serve personalized content that keeps people coming back.*
- Security researchers claim that Lockbit 3.0 and BlackMatter Ransomware may have been created by the same threat actor due to their similarities in accessing admin privilege and stealing data.
- At least 207 websites using WebAssembly were breached and used to launch a cryptocurrency miner by a remote threat actor.
- Filewave MDM, an online platform that allows IT admins to monitor systems, has been found to be susceptible to at least two security flaws.
- An Internet Explorer security bug has been used to steal login credentials, credit card information, crypto wallets, VPN logins, etc. Most victims are located in Brazil, Germany, the U.S., Egypt, Canada, China, Poland, etc.
- Super Coffee, the No. 3 ranked bottled coffee brand in the U.S. behind Starbucks and Dunkin’, is replacing the negatives with only positive ingredients.*
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
| |
| |
