Kryptowire has discovered a significant vulnerability that affects Android phones, especially prepaid or disposable phones. Not a bug, it's allegedly a deliberately installed backdoor in software provided by Shanghai Adups Technology Company, which says its product is in some 700 million devices. Kryptowire says that Adups reports all texts to an address in China every seventy hours. Whether this is data mining for commercial marketing or state-directed espionage remains unclear.
State espionage services are reported by Motherboard to be making foreseeable use of various social media platforms for traditional ends of infiltration, compromise, and recruitment.
US Army Cyber Command reports that some of its personnel have been receiving phishing emails carrying Locky ransomware payloads.
Verint has seen a new variant of SpamTorte, an advanced, multilayered spambot, circulating in the wild.
ESET says the Retefe Trojan was involved in Tesco bank fraud. Retefe, usually spread via malicious email, configures a proxy server for man-in-the-middle access to traffic between customers and their online account. It also installs a bogus root certificate to fend off warnings of interaction with a spoofed site, and it has a mobile component that intercepts passcodes to subvert two-factor authentication. ESET believes other banks are being actively targeted with Retefe.
Security vendors have begun their holiday season warnings and advice for online shoppers.
In industry news, Nehemiah Software acquires Siege Technologies, specialists in forecasting attacker capabilities.
A UK court approves Lauri Love's extradition to the US.
If Ash Carter has his druthers, Ed Snowden gets no pardon.