 A new Android malware has been downloaded over 3 million times. The malware is still found on the Google Play Store. More: - The malware is still active in two apps, Funny Camera and Razer Keyboard & Theme. Eight other infected apps have been removed from Google Play Store.
- These apps have been downloaded over 3 million times combined. The flaws were reported to Google before, but the company did not start patching these security flaws for at least six months after they had been reported.
- The researcher who found the flaws chose to publish them after Google did not acknowledge these bugs.
- This malware is being tracked as Autolycos. The attack asks users for SMS reading permission and then uses the authorization to breach the victims.
Zoom Out: - Only one week ago, an Android malware tracked as Toll started attacking users by subscribing to premium services from their accounts without their knowledge or consent.
- Google has also warned that a malware named Hermit can pose a major security threat for its users and that some users have already been targeted with it. The malware was created by an Italian company named RCS Lab and has been reportedly utilized by nation-states to conduct cyber attacks.
| |
 $8M worth of Ethereum has been stolen in a Uniswap hack. Uniswap is one of the most popular crypto exchange websites. More: - The exchange's protocol has remained unbreached, but users of the network were successfully targeted with phishing scams.
- Threat actors airdropped UNI tokens to over 70,000 cryptocurrency users and convinced them to click on malicious links that gave the hackers full access to the victims' crypto wallets. The token receivers were led to believe that they could claim a reward by clicking on a specific button.
- 7,574 ETH were stolen during the hack, as the hacker tried to launder the funds by sending them to Tornado Cash.
- The domain used to conduct this breach is uniswaplp dot com, which has been put on the watch list by the cryptocurrency wallet app MetaMask.
Zoom Out: - A few weeks ago, hackers managed to steal over $100M in crypto from Horizon bridge. This money was more than two-thirds of all the cash the company had.
- Over three months ago, threat actors managed to breach Axie Infinity's Ronin Bridge and steal $622M worth of crypto. The hack was one of the largest ones in the history of cryptocurrency so far.
- British jeweler company Graff Diamonds paid over $7M in crypto to Russian hackers after being hit with ransomware. The company was attacked by the Russian-backed Conti Ransomware group in 2021, which stole private data about UAE, Saudi, and Qatar royal family members.
- A teenager pleaded guilty to stealing $48M in cryptocurrency from an unknown target. The hacker was 17 years old at the time of the hack and expressed a desire to contribute to the field of cybersecurity.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See how
| |
 Microsoft has warned of a widespread hacking campaign that is targeting Office 365. Threat actors take advantage of log-in credentials by also hacking the contacts of their victims. More: - The phishing campaign has targeted over 10,000 organizations so far.
- Hackers are using fake websites that look similar to the ones the victims usually use and set up an adversary-in-the-middle attack.
- Users who use 2 Factor Authentication are also vulnerable to the attack if the threat actors manage to steal their cookie information. This information is used to bypass authentication by deploying it on the user's browser.
- The origin of the hacking campaign is yet to be tracked, but the hackers are using classic phishing methods such as fake titles claiming an emergency has happened, or malware-infected voice notes that pretend to be from a family member.
Zoom Out: - Microsoft recently launched a cybersecurity services division, offering security features for companies and organizations. The company claims that cybersecurity has been one of its fastest-growing verticals.
- The company has suffered from numerous security flaws this year. Numerous zero-day threats have been tracked by researchers, affecting anything from Office 365 to its Azure cloud service.
| |
 New malware that affects Intel and AMD processors has been tracked. The bug is being tracked as Retbleed. More: - Hackers have recently intensified their efforts to breach microchip and processor companies due to the importance they have in modern-day technology such as laptops, phones, smart cars, etc.
- The security flaws are separately tracked as CVE-2022-29900 and CVE-2022-29901.
- Retbleed can breach a target by taking advantage of a flaw in a device's hardware. The malware belongs to the Spectre security vulnerabilities, which are flaws that affect a computer's ability to predict an if-then logical sequence.
- Both companies have released instructions for users regarding this topic, but Intel stated that its users should feel safe because Windows uses enough security tools to counter the malware.
| |
 A message from CALIBER What To Do With Your Capital Gains of $100K or More Did you know there are now very attractive ways of reinvesting your your cap gains and putting them back to work, while turning the tax man away for years? There’s a rare gift from the IRS to incentivize private investment in underserved US areas. If you have 2022 capital gains from the sale of a business, stock, stock options, crypto, property, or other investments, Opportunity Zone investing can unlock these benefits: - Defer paying your cap gains taxes until 2027
- Unlock compounding potential on your gains
- Permanently escape taxation on reinvestment gains.
However, there are lots of myths and misconceptions about the qualifications and the deadlines, even by seasoned investors and advisors. Learn how it works and bust through the myths with this special no-cost investor guide from Caliber - The Wealth Development Company. Grab The Investor Guide
| |
 The Federal Trade Commission has warned that it will take measures against companies that are breaking customer privacy data laws. The statement was made by the FTC's Acting Associate Director. More: - Smartphones, connected cars, smartwatches, and other devices were singled out by the federal institution as privacy weak points.
- According to the FTC, companies can track a user's location, medical history, communication routine, etc. This can be done even when the device is turned off.
- The FTC mentioned a 2017 case in which a court agreed to settle a case with a company that had tracked faces for a geofencing product regarding women who entered health clinics. The case is seen as an example of where privacy laws are broken in practice.
| |
Quick Hits: - Use at-home lab testing to find the hormonal cause of low sex drive, slow metabolism, fatigue, brain fog, and stress. Apply code INSIDE for 20% off this week only.*
- A new survey has shown that cybersecurity is set to pass cloud development as the most sought-after skill in the IT industry.
- 40% of chief security officers in the U.S. believe that their companies are not adequately prepared for a possible cyber attack against their companies. The number of executives who think the same is 27%, reaching an all-time high as cyber-attacks have increased 15% Yoy.
- Lenovo has released updates that will serve as patches for three major security flaws. Lenovo laptops were being targeted by a hacking campaign using firmware issues to gain unauthorized remote access.
- Elon Musk gave a shout-out to Boxabl, calling it a "cool product." Invest in Boxabl today with over 15,000+ investors!*
*This is a sponsored post.
| |
Upcoming events at Inside: - July 18 - July 23 - Black Tech Week (Register Here)
- July 20 - AMA with Michael Wagner (Star Atlas) (Register Here)
- August 15 - August 21 - LA Tech Week 2022 (Register Here)
- September 14 - September 15 - Digital Assets Summit 2022 | Blockworks (Register Here)
- September 20 - September 21 - Blockchain Expo 2022 | Europe (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 14 - November 15 - AIBC Summit in Europe | Malta (Register Here)
- November 16 - The Chirp Developer Conference (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Learn how OZ investments unlock tax incentives and compounding on your cap gains. Start here. | |
