Which smartphone is the most secure? – NCSC Site

Andy P (EUD Security Research Lead) says: “When talking about end-user device security, one of the questions I hear most often is ‘Which smartphone is the most secure?’ . Now, since Jon’s told us we’re not allowed to say ‘It Depends’, we’d better have a good answer. So here’s what I think.”

‘The most secure platform’ isn’t really a useful metric. It’s an old adage that the most secure computer is the one turned off, disconnected, and locked in a safe. Pretty secure, and not very usable. But it illustrates the point that there’s plenty more to think about than just security when deciding which device you’re going to use to get your job done (or play Minecraft on). Instead, I believe the question we should be asking is ‘Is it secure enough?’.  Once you’ve established which of your potential options are in that category, you can then pick the one that best meets your other requirements, such as cost, features, battery life, availability of your favourite apps and so on.

Source: Which smartphone is the most secure? – NCSC Site

It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

 

A variant of the Marcher banking trojan is targeting Android users by masquerading as a mobile Adobe Flash Player app.

This version of the malware arrives via popcash[dot]net, an advertising network which is known to serve “popunder” ads that display behind a main browser window so that the user sees them when they try to exit.

The ads drop malware payloads that pose as Adobe Flash Player. If a user clicks on the dropper URL, they see a message warning them that their Flash Player is out of date.

The dropper also loads the malware “Adobe_Flash_2016.apk” onto the user’s device, a program which then guides the user to disable security features and allow app installations from unknown sources.

Successful installation prompts the malware to conceal its icon from the home screen, to register the infected device with its command-and-control (C&C) server, and to send important information about the infected device including a list of installed apps to its server.

Source: It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

Tackling Tobacco Crime across the Midlands

Over 5.5 million illegal cigarettes and 645 kg of hand rolling tobacco were seized by Warwickshire County Council’s Trading Standards Service and other local Trading Standards within the Central England Trading Standards Authorities (CEnTSA). The cigarettes and tobacco were seized in the last financial year (2016/2017) with a loss to the tax payer of over £2 million. The total retail value of the illegal goods is estimated to be worth more than £2.5 million.

The cigarettes and hand rolling tobacco were often well hidden, in sophisticated concealments using electronic magnets controlled by a switch, in cavity walls and even disguised as BBQ sets. Such hiding places are difficult to detect without the aid of specialist tobacco sniffer dogs.

All offending businesses are subject to a criminal investigation, with some traders already being successfully prosecuted. Some have received financial penalties, others, suspended prison sentences and community orders. In addition, some shops have had their alcohol licences suspended or revoked for dealing with illegal tobacco products.

Warwickshire County Councillor Howard Roberts, Portfolio Holder for Community Safety said:  “Far from being a victimless crime, the illegal tobacco trade is providing a cheap source of cigarettes for children and young people. Whilst all tobacco is harmful, the illegal tobacco market, and in particular the availability of cheap cigarettes, makes it easier for children to start smoking and harder for smokers to quit and remain smoke free. The loss to the tax payer means less money being spent on local communities, schools and the NHS.’’

Bob Charnley, Chairman of CEnTSA said ‘‘More and more people over the past few years have decided enough is enough and are providing information to Trading Standards, to stop local criminals selling and distributing illegal tobacco. Combating illegal tobacco has become an increasing priority for Trading Standards. The illegal tobacco trade has strong links with crime and criminal gangs, including drug dealing, money laundering, people trafficking and even terrorism. Selling illegal tobacco is a crime.”  Mr Charnley added ‘‘retailers are becoming increasingly sophisticated in their approach, adapting their methods in order to avoid detection. Some businesses had gone to great lengths to conceal the illegal tobacco in secret compartments, including BBQ sets, fake floor boards, false walls, ovens and fridges. You may hide it, but we will find it.’’

Illegal tobacco products can usually be easily recognised. They will be very cheap, often less than half the price of legitimate packets and often have foreign writing on them. Anyone being offered cheap tobacco or any other types of illicit goods should report it to Trading Standards by calling the CEnTSA’s confidential fakes hotline on 0300 303 2636.

For more details on NHS Stop Smoking Services in Warwickshire go to www.quit4good.co.uk or phone 0800 085 2917.

 

Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

A breach at UK car insurance company, the AA, has exposed information on more than 100,000 customers, including names, email addresses and partial credit card details, according to security researchers.

The company said a ‘server misconfiguration’ was responsible for the information being openly available on the web for a few days in April of this year.

The AA have been criticized for its handling of the incident: After claiming no sensitive information was included in the exposed cache, the company was called to task when security researcher Troy Hunt said he found 117,000 unique email addresses, names and partial credit card info among the details.

The company never notified its affected customers, he added.

Source: Cyber Safe Warwickshire – AA Data Breach Exposes Details Of Over 100,000 Customers

What you need to know about botnets – Threat Intel – Medium

You have probably heard the word botnet in recent months, with the Mirai botnet putting the term firmly on the map at the end of 2016.

However, while the word may be familiar, it is possible you are not familiar with what a botnet actually is. You also may not know that they are a far from new innovation on the part of cyber criminals, with botnets being used in various nefarious activities for many years.

The two most common uses of botnets are probably to carry out spam email campaigns, and to conduct distributed denial of service (DDoS) attacks.

Bots can also be used to send out email malware. Different types of malware can have different goals, including harvesting information from infected computers. This could include passwords, credit card information, and any other information that can be sold on the black market. If computers on a corporate network are turned into bots then sensitive corporate information could also be at risk of being stolen.

Bots are also commonly used for click fraud — visiting websites to create false traffic and generate money for those behind the bots. They have also been used in bitcoin mining.

Source: Web of woe: What you need to know about botnets – Threat Intel – Medium