Google's Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google's security checks. Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the Play Store and onto victims' phones. From a report: At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India. Unlike most of the shady apps found in Play Store malware, Kaspersky's researchers say, PhantomLance's hackers apparently smuggled in data-stealing apps with the aim of infecting only some hundreds of users; the spy campaign likely sent links to the malicious apps to those targets via phishing emails. "In this case, the attackers used Google Play as a trusted source," says Kaspersky researcher Alexey Firsh. "You can deliver a link to this app, and the victim will trust it because it's Google Play."

Kaspersky says it has tied the PhantomLance campaign to the hacker group OceanLotus, also known as APT32, widely believed to be working on behalf of the Vietnamese government. That suggests the PhantomLance campaign likely mixed spying on Vietnam's Southeast Asian neighbors with domestic surveillance of Vietnamese citizens. Security firm FireEye, for instance, has linked OceanLotus to previous operations that targeted Vietnamese dissidents and bloggers. FireEye also recently spotted the group targeting China's Ministry of Emergency Management as well as the government of the Chinese province of Wuhan, apparently searching for information related to Covid-19.

CNET reports on new research from a threat-intelligence company into the more than 540 domain names registered this month with the word "reopen" in their URL.

While hundreds of them are "designed to lend credibility to anti-lockdown protests," and 98 more were purchased to thwart that effort, there's still many other domains that "come from suspicious sources or resellers looking to make money... Researchers at DomainTools have found hundreds of 'reopen' URLs that were bought specifically to be resold and others that resemble malware campaigns." These are "reopen" websites targeted toward restaurants, movie theaters and sports, and all are set up for sale... "Domainers are a particular type of people who spot any chance they can to hop on a quick buck," said Chad Anderson, senior security researcher at DomainTools. "In any of these instances, there's going to be people who try and pick domains they are able to sell for $5,000 that they bought for $10 because someone wants to start a movement."

DomainTools' researchers also found a batch of links registered in bulk specifically with typos for the phrase "Reopen American Business." All of these domains were registered in China and have misspellings, indicating they're set up to be phishing pages... The idea is to trick visitors who make typos into entering their sensitive credentials on these fraudulent pages. These domains all have servers registered with Bodis, an advertising service that monetizes domain names and has links to a previous malware campaign from the advanced persistent threat (APT) group DarkHotel.

APTs are known groups behind cyberattacks. DarkHotel APT is a hacking group that primarily affects victims in Japan, Taiwan, China, Russia and South Korea. "It looks like it's going to be used for phishing campaigns," Anderson said. "It hasn't been fully activated yet, but it has characteristics of a DarkHotel APT group."
There's also an interesting detail about the first seven "reopen" pages created, which looked like they represented independent groups but were all registered under the name of pro-gun activist Aaron Dorr from Iowa, and redirected visitors to the gun rights groups that were organizing protests to "liberate" their locked down cities. That activist's family also created "reopen" Facebook groups with hundreds of thousands of followers -- which then directed people to the websites. "NBC News found that many of the websites hosted by Dorr were designed to harvest visitors' data, including emails and home addresses."

NBC adds that the group's usual method "is to attack established conservative groups from the right, including the National Rifle Association, and then make money by selling memberships in their groups or selling mailing lists of those who sign up, according to some conservative politicians and activists who have labeled the efforts as scams."

Facebook is challenging Zoom with the introduction of "Messenger Rooms," a group messaging service that allows Facebook users to host group calls of up to 50 people that anyone can join. Engadget reports: Instead of inviting people individually, Facebook users can post links in their News Feed or in Groups or event pages. And unlike Messenger's existing video chat features, participants don't need to have the Messenger app or even a Facebook account to join a room. When a room is created, anyone can join via their browser, though hosts can opt to "lock" rooms to new guests to prevent party crashers.

There are other Zoom-like features, too. Messenger Rooms will have "immersive 360-degree backgrounds that transport you to beautiful and iconic spaces, from the beach to a luxe apartment on the water," along with "14 new camera filters that offer ambient lighting to brighten your space and your face." Facebook also notes that there are no time limits for video chat sessions, which can be scheduled in advance. Messenger Rooms is starting to roll out now, and will be live in the U.S. "in the coming weeks." Facebook also announced that it's integrating Messenger's video calling into Facebook Dating, so users can participate in "virtual dates" while they can't plan IRL get-togethers. The update will be available "in the coming months."

An anonymous reader quotes a report from IEEE Spectrum: Underwater quantum links are possible across 30 meters (100 feet) of turbulent water, scientists have shown. Such findings could help to one day secure quantum communications for submarines. [...] In the new study, researchers experimented with quantum communications in a "flume tank," a water tank in which scientists can generate waves to mimic the ocean. They also tried two different strategies for quantum communications -- one involving just the polarization of the light, and the other incorporating the polarization and the orbital angular momentum of the signals -- to analyze how quantum communication protocols might differ in maximum distances and data transfer rates.

The researchers achieved quantum communication at up to 72 kilobits per second across up to 30 meters of turbulent water, the longest distance yet reported for such links. Although turbulence did result in significant wandering and distortion of light signals, those error rates didn't prevent quantum links from successfully being established with either communication protocol. Unexpectedly, the researchers found they could keep quantum communication going even while the transmitter moved down the flume tank. "We had expected that this would not be possible without beam-tracking technology," says Felix Hufnagel, a lead author and quantum physicist at the University of Ottawa in Canada. After the scientists analyzed their data, they suggested the maximum distance for secure quantum communications might actually be 80 meters in turbulent water, although this would depend on factors such as the efficiency of the detectors used. Improving such factors might significantly boost the maximum communications distance, they say. The findings have been detailed in a preprint article on April 9.

According to the Financial Times, U.S. senators have been advised not to use videoconferencing platform Zoom over security concerns. From a report: According to three people briefed on the matter, the Senate sergeant-at-arms -- whose job it is to run law enforcement and security on the Capitol -- told senators to find alternative methods for remote working, although he did not implement an outright ban. With the coronavirus outbreak forcing millions to work from home, Zoom has seen a 1,900% increase in use between December and March to 200 million daily users. This has been accompanied by a string of bad press about its security and privacy practices, to the point where CEO Eric Yuan was forced to publicly apologize last week.

While the Senate has told its members to stay away from Zoom, the Pentagon told the FT that it would continue to allow its staff to use the platform. A memo sent to top cybersecurity officials from the Department of Homeland Security said that the company was being responsive when questioned about concerns over the security of its software, Reuters reported. The slew of privacy issues prompted Taiwan's government agencies to stop using the service. Google also banned Zoom from its employees' devices.

Apple is working on a new way to offer specific parts of third-party apps across the system without needing to have them installed, 9to5Mac has learned based on an early build of iOS 14. From a report: The feature would allow users to experience parts of an app's functionality by scanning a QR Code. If you open a link or scan a QR code today from an app that you haven't installed on your iPhone or iPad, it will open that link in Safari. Apps can provide universal links, which open the app instead of Safari when the app is installed. But that could change in the near future with a new API internally referred to as "Clips" found on iOS 14 code. As 9to5Mac has analyzed this new API, we can say that it allows developers to offer interactive and dynamic content from their apps even if you haven't installed them. The Clips API is directly related to the QR Code reader in the build we have access to, so the user can scan a code linked to an app and then interact with it directly from a card that will appear on the screen.

Video conferencing company Zoom is being used by a shareholder over allegations of fraud and overstating the security protocols in place on its service. Gizmodo reports: In the lawsuit filed Tuesday in the U.S. District Court for the Northern District of California, plaintiff Michael Drieu -- on behalf of individuals who purchased Zoom securities after the company went public last year -- accuses the company of making "materially false and misleading statements" about its product and failing to disclose key information about the service. Namely, the suit cites Zoom as claiming that its product supported end-to-end encryption, when in fact it supports a different form of encryption called transport encryption -- as the Intercept reported last month -- that still allows Zoom to access data.

Additionally, the suit alleges that Zoom's security failures put users "eat an increased risk of having their personal information accessed by unauthorized parties, including Facebook," that these facts would necessarily result in a decline in users, and that the company's responses to ongoing reporting on myriad problems on the service were "misleading at all relevant times." The suit states that the fallout from these incidents was exacerbated by the covid-19 crisis, during which time users of the service jumped from just 10 million to 200 million in a matter of months as schools and organizations turned to Zoom amid social distancing measures and shelter-in-place orders. The suit cites documentation related to Zoom's IPO as evidence that the company misrepresented the security protocols in place for protecting users. Specifically, the suit states, Zoom said it offered "robust security capabilities, including end-to-end encryption, secure login, administrative controls and role-based access controls," and -- in what was clearly an embarrassing claim by the company -- that it strives "to live up to the trust our customers place in us by delivering a communications solution that "just works.'"

Taiwan's cabinet has told government agencies to stop using the Zoom conferencing app due to privacy and security woes. Reuters reports: Zoom's daily users ballooned to more than 200 million in March, as coronavirus-induced shutdowns forced employees to work from home and schools switched to the company's free app for conducting and coordinating online classes. However, the company is facing a backlash from users worried about the lack of end-to-end encryption of meeting sessions and "zoombombing," where uninvited guests crash into meetings. If government agencies must hold video conferencing, they "should not use products with security concerns, like Zoom," Taiwan's cabinet said in a statement on Tuesday. It did not elaborate on what the security concerns were. The island's education ministry later said it was banning the use of Zoom in schools.

Taiwan would be the first government formally advising against use of Zoom, although some U.S. schools districts are looking at putting limits on its use after an FBI warning last month. Taiwan's cabinet said domestically-made conferencing apps were preferred, but if needed products from Google and Microsoft could also be considered.

Coronavirus patients in areas that had high levels of air pollution before the pandemic are more likely to die from the infection than patients in cleaner parts of the country, according to a new nationwide study that offers the first clear link between long-term exposure to pollution and Covid-19 death rates. From a report: In an analysis of 3,080 counties in the United States, researchers at the Harvard University T.H. Chan School of Public Health found that higher levels of the tiny, dangerous particles in air known as PM 2.5 were associated with higher death rates from the disease. For weeks, public health officials have surmised a link between dirty air and death or serious illness from Covid-19, which is caused by the coronavirus. The Harvard analysis is the first nationwide study to show a statistical link, revealing a "large overlap" between Covid-19 deaths and other diseases associated with long-term exposure to fine particulate matter. "The results of this paper suggest that long-term exposure to air pollution increases vulnerability to experiencing the most severe Covid-19 outcomes," the authors wrote.

The Guardian reports that YouTube "will reduce the amount of content spreading conspiracy theories about links between 5G technology and coronavirus that it recommends to users, it has said, as four more attacks were recorded on phone masts within 24 hours." The online video company will actively remove videos that breach its policies, it said. But content that is simply conspiratorial about 5G mobile communications networks, without mentioning coronavirus, is still allowed on the site. YouTube said those videos may be considered "borderline content" and subjected to suppression, including loss of advertising revenue and being removed from search results on the platform.

"We also have clear policies that prohibit videos promoting medically unsubstantiated methods to prevent the coronavirus in place of seeking medical treatment, and we quickly remove videos violating these policies when flagged to us," a YouTube spokesperson said. "We have also begun reducing recommendations of borderline content such as conspiracy theories related to 5G and coronavirus, that could misinform users in harmful ways...."

YouTube says that since early February, it has manually reviewed and removed thousands of videos that spread dangerous or misleading coronavirus information.

Why does Taiwan have less than 400 confirmed cases of Covid-19? Taiwan's experience with the 2003 SARS outbreak "helped many parts of the region react faster to the current coronavirus outbreak and take the danger more seriously than in other parts of the world," reports CNN, "both at a governmental and societal level, with border controls and the wearing of face masks quickly becoming routine as early as January in many areas."

Their article also notes that Taiwan "has a world-class health care system, with universal coverage," which drew praise in new report published in the Journal of the American Medical Association: "Taiwan rapidly produced and implemented a list of at least 124 action items in the past five weeks to protect public health," report co-author Jason Wang, a Taiwanese doctor and associate professor of pediatrics at Stanford Medicine, said in a statement. "The policies and actions go beyond border control because they recognized that that wasn't enough." This was while other countries were still debating whether to take action. In a study conducted in January, Johns Hopkins University said Taiwan was one of the most at-risk areas outside of mainland China -- owing to its close proximity, ties and transport links.

Among those early decisive measures was the decision to ban travel from many parts of China, stop cruise ships docking at the island's ports, and introduce strict punishments for anyone found breaching home quarantine orders. In addition, Taiwanese officials also moved to ramp up domestic face-mask production to ensure the local supply, rolled out island-wide testing for coronavirus -- including re-testing people who had previously unexplained pneumonia -- and announced new punishments for spreading disinformation about the virus.

"Given the continual spread of Covid-19 around the world, understanding the action items that were implemented quickly in Taiwan, and the effectiveness of these actions in preventing a large-scale epidemic, may be instructive for other countries," Wang and his co-authors wrote.... Taiwan is in such a strong position now that, after weeks of banning the export of face masks in order to ensure the domestic supply, the government said Wednesday that it would donate 10 million masks to the United States, Italy, Spain and nine other European countries, as well as smaller nations who have diplomatic ties with the island.

Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto. From a report: The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom's "waiting room" feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university's Citizen Lab -- widely followed in information security circles -- that Zoom's service is "not suited for secrets" and that it may be legally obligated to disclose encryption keys to Chinese authorities and "responsive to pressure" from them.

Elon Musk's rocket company SpaceX has banned its employees from using video conferencing app Zoom, citing "significant privacy and security concerns," according to a memo seen by Reuters, days after U.S. law enforcement warned users about the security of the popular app. From a report: SpaceX's ban on Zoom Video illustrates the mounting challenges facing aerospace manufacturers as they develop technology deemed vital to national security while also trying to keep employees safe from the fast-spreading respiratory illness. In an email dated March 28, SpaceX told employees that all access to Zoom had been disabled with immediate effect. "We understand that many of us were using this tool for conferences and meeting support," SpaceX said in the message. "Please use email, text or phone as alternate means of communication."

NASA, one of SpaceX's biggest customers, also prohibits its employees from using Zoom, said Stephanie Schierholz, a spokeswoman for the U.S. space agency. The Federal Bureau of Investigation's Boston office on Monday issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as "zoombombing."

An anonymous reader quotes a report from TechCrunch: A school in Norway has stopped using popular video conferencing service Whereby after a naked man apparently "guessed" the link to a video lesson. According to Norwegian state broadcaster NRK, the man exposed himself in front of several young children over the video call. The theory, according to the report, is that the man guessed the meeting ID and joined the video call. One expert quoted in the story said some are "looking" for links. Last year security researchers told TechCrunch that malicious users could access and listen in to Zoom and Webex video meetings by cycling through different permutations of meeting IDs in bulk. The researchers said the flaw worked because many meetings were not protected by a passcode.

gavron writes: While most politicians are pro copyright maximalism and patent exclusivity, Elizabeth Warren's campaign just open-sourced a bunch of software and are proud of having used open source to save money, and build upon the shoulders of other giants. Way to go! "Our tech team worked hard to make getting involved with @ewarren's campaign as easy as possible," reads a tweet from @TeamWarren. "We leaned heavily on open source technology, and we want to contribute back. So we're open-sourcing some of our most important projects for anyone to use." The Warren for President Tech Team is open-sourcing the following projects:

-Spoke: Spoke is a peer-to-peer texting platform originally developed by MoveOn, with several forks under active development.
-Pollaris, our polling location lookup tool: While the DNC provides a polling locator interface with IWillVote.org, we wanted a polling place locator that integrated with our website and tools, so we built our own interface and API, using polling location data provided by the DNC and state democratic parties.
-Caucus App: Going into the Iowa caucuses, we wanted to give our supporters and precinct captains a way to quickly calculate delegates and report results from each precinct.
-Switchboard (FE and BE): [W]e built a piece of software that took new potential volunteers, or "hot leads," from our online channels and assigned them to state-based volunteer leads for personal follow up calls offering ways to get involved with the campaign. As it turned out, this also ended up being a great tool for event recruitment.
-Automated organizing email: Our Mobilization and Tech teams worked together to scale email outreach to the widest possible audience and free our incredible organizers from tedious manual tasks.
-Redhook: Campaigns run on data, and redhook is a tool that makes data happen. As a system, Redhook ingests web hook data and delivers it to Redshift/Civis in near real time.
-I90: This tool was not deployed during the campaign, but there was a need to make short links out of long complicated links moving forward. I90 does that.

You can read more about the projects and the team's efforts via this Medium post.

The coronavirus has revived Facebook as a dominant news hub. According to an internal report by The New York Times, more than half of all news consumption on Facebook in America is about the virus. "Overall U.S. traffic from Facebook to other websites also increased by more than 50 percent last week from the week before, 'almost entirely' owing to intense interest in the virus," adds The New York Times. From the report: The report, which was posted to Facebook's internal network by Ranjan Subramanian, a data scientist at the company, was a lengthy analysis of what it called an "unprecedented increase in the consumption of news articles on Facebook" over the past several weeks. According to the report, more than 90 percent of the clicks to coronavirus content came from "Power News Consumers" and "Power News Discussers" -- Facebook's terms for users who read and comment on news stories much more frequently than the average user. The company is now considering several options for targeting those people with higher-quality information to make sure it is "being spread downstream."

The report shows that Facebook is closely monitoring people's news habits during a critical period and actively trying to steer them toward authoritative sources in what amounts to a global, real-time experiment in news distribution. At times, Facebook itself seemed unsure which news sources users would turn to in a crisis, with Mr. Subramanian noting that "fortunately" many people were clicking on links from publishers that the company considers high-quality.

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Going forward, users won't be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser. From a report: "We're doing this for security reasons," said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources," he said. "Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

An anonymous reader quotes the "Naked Security" blog of anti-virus company Sophos: Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.

Discovered by Comparitech's noted breach hunter Bob Diachenko, the AWS instance containing the MongoDB database became visible on 3 February, where it remained indexable by search engines for five days. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards...

A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.
The article calls it "simply the latest example of how easy it is to leave sensitive data sitting in an unsecured state on cloud storage platforms." They cite two more high-profile databases that Comparitech found exposed on Elasticsearch just in 2020:

• A database containing 309 million Facebook user IDs, phone numbers and names
• A total of 250 million Microsoft customer support records dating back to 2005

An anonymous reader quotes VentureBeat: Sweden's Data Protection Authority (DPA) has slapped Google with a 75 million kronor ($8 million) fine for "failure to comply" with Europe's General Data Protection Regulation (GDPR) after the internet giant reportedly failed to adequately remove search result links under right-to-be-forgotten requests. In a notable twist, the DPA also demanded that Google refrain from informing website operators their URLs will be de-indexed... Rather than asking website operators to remove a web page, Google — and other search engines — are required to hide the page from European search results.

Since the ruling took effect, Google has received millions of de-indexing requests, though it reports that fewer than 45% have been fulfilled... The crux of the Swedish DPA's complaint is that Google did not "properly remove" two search result listings after it was instructed to do so back in 2017. "In one of the cases, Google has done a too narrow interpretation of what web addresses needed to be removed from the search result listing," the DPA wrote in its statement. "In the second case, Google has failed to remove the search result listing without undue delay." But inadequate and tardy removals are only part of the issue, according to Sweden's DPA, which also argues that Google should keep website operators in the dark about removal requests...

If Google's latest fine is upheld — the company has three weeks to appeal — it would rank among the seven largest GDPR penalties of all time. Google confirmed to VentureBeat that it does indeed intend to file an appeal. "We disagree with this decision on principle and plan to appeal," the spokesperson said.

According to code seen by 9to5Mac, Apple is set to roll out rich system-wide support for mouse cursors with iOS 14. From a report: Apple added rudimentary compatibility with external mice in iOS 13 Accessibility settings, but iOS 14 (iPadOS 14) will make it mainstream. The iOS 14 build also referenced two new Smart Keyboard models in development. The changes coming to the software will bring most of the cursor features you recognize from a Mac desktop experience to iOS. One difference may be that the pointer disappears automatically after a few seconds of not touching the connected mouse or trackpad, a concession to the touch-first experience of the iPad. It would reappear when the user attempts to move the cursor again.

This includes support for multiple pointers depending on what is being hovered over, like switching from a standard arrow pointer to a pointing hand when hovering over links. It is possible these APIs could then automatically translate over to Mac apps using Catalyst, which currently lacks an API for changing mouse cursor type. Apple is also developing support for Mac-like gesture, like tap with two fingers to right-click.