A new variant of the Mirai Internet-of-things (IoT) botnet has been seen in the wild. Fortinet reports that this version is capable of establishing proxy servers in infected IoT devices.
University researchers in Singapore and London have determined that there are a lot of "buggy smart contracts on Ethereum." Essentially they created a private fork of the Ethereum blockchain and ran various permutations with live smart contracts. They found 34,200 contracts vulnerable to "undesired actions." They were able to verify and reproduce these "trace vulnerabilities" on some 3000 smart contracts that hold about $6 million in ether cryptocurrency. It would be difficult for criminals to do likewise and steal the money, but the researchers note that it wouldn't be impossible.
A "glitch" in Chase's customer-facing systems is said to have presented some customers with other customers' data. The glitch persisted for about two-and-a-half hours Wednesday evening, but appears to have been corrected.
Motherboard reports hacktivist break-ins at two surveillance software companies, Mobistealth and Spy Master Pro. The report characterizes them as "spyware companies," selling privacy-invading "stalkerware" to private citizens who use it to keep tabs on children, spouses, and other persons of interest.
Several reports are out on the state of security. Verizon's Mobile Index for2018 concludes that many companies are willing to sacrifice some mobile security for business reasons. The 2018 Data Security Report from Thales notes that increased Government migration to cloud services has been accompanied by 20% jump in data breaches. These are perhaps connected, maybe coincidental.