A new strain of lawful intercept spyware appears to be targeting Android devices. The manufacturer is not HackingTeam, however: it's instead thought to be a different Italian company. Attribution, however, remains circumstantial and preliminary.
Synack points out that the Mac version of music-identifying tool Shazam keeps recording when it's switched off. It just stops processing. Shazam says this is benign behavior, but that, out of sensitivity to user concerns, it will update its software in a few days.
The Carbanak cyber gang, known for attacks on banks, has turned its attention to the hospitality sector. Trustwave has a rundown on the criminal campaign, which still begins with social engineering.
The tally from the AdultFriendFinder breach creeps up, reaching a reported 412 million.
Lots of cyber hoods have been crowing on the dark web for some time about the Tesco fraud—the crowing seems to have started long before the incident was disclosed.
In industry news, Arlington Capital (advised by the Chertoff Group) assembles a new cyber security firm, Polaris Alpha, from EOIR, Intelligent Software Solutions, and Proteus Technologies.
Germany's new cyber security strategy appears to exhibit familiar tensions: calls for public-private partnership (but without clarity about how such might be realized), a commitment to widely available strong encryption (and to the ability of security and legal agencies to access communications in cases of need). In the US, lobbyists are already approaching the incoming Administration to advocate strong encryption and limits on surveillance.
A British teen cops to the TalkTalk hack.