---------------------------------------------------------------------- Message-ID: <D013E30E-AFCC-4CC8-B3C4-AE6B861B68AD@roscom.com> Date: Sun, 24 Dec 2017 11:50:57 -0500 From: Monty Solomon <monty@roscom.com> Subject: Currency-mining Android malware is so aggressive it can physically harm phones Currency-mining Android malware is so aggressive it can physically harm phones By Dan Goodin A newly discovered piece of Android malware carries out a litany of malicious activities, including showing an almost unending series of ads, participating in distributed denial-of-service attacks, sending text messages to any number, and silently subscribing to paid services. Its biggest offense: a surreptitious cryptocurrency miner that's so aggressive it can physically damage an infected phone. Trojan.AndroidOS.Loapi is hidden inside apps distributed through third-party markets, browser ads, and SMS-based spam. Researchers from antivirus provider Kaspersky Lab have dubbed it a "jack of all trades" to emphasize the breadth of nefarious things it can do. Most notably, Loapi apps contain a module that mines Monero, a newer type of digital currency that's less resource intensive than Bitcoin and most other cryptocurrencies. The module allows the malware creators to generate new coins by leaching the electricity and hardware of infected phone owners. https://arstechnica.com/information-technology/2017/12/currency-mining-android-malware-is-so-aggressive-it-can-physically-harm-phones/ ------------------------------ Message-ID: <AD70DC0F-0C09-4681-8868-5273265DAD27@roscom.com> Date: Sun, 24 Dec 2017 12:30:39 -0500 From: Monty Solomon <monty@roscom.com> Subject: Mobile Passport app Excerpt from "7 tips for stress-free travel at Logan this holiday season" If you're traveling internationally, use this app Maryella Blundo, [who is the owner of a travel agency], suggests that international travelers save time going through customs with the Mobile Passport app. https://mobilepassport.us/ "You basically flash your phone and they scan it and, boom, you are through customs," said Blundo, who recently used it herself during a trip to London. "I was so shocked at how fast we got through." Travelers download the free app and set up a profile. After answering five questions about the trip, the U.S. Customs and Border Protection sends an encrypted receipt valid for four hours, according to the app's website. Guests enter a Mobile Passport Control line at participating airports. The app can be used at 24 airports, including Logan. Blundo said travelers need to show their paper passport, as well. https://www.boston.com/culture/travel/2017/12/20/tips-for-stress-free-travel-at-logan-airport-this-holiday-season ------------------------------ Message-ID: <DA541C3F-6F01-4B2E-AAC7-D72443CC9D26@roscom.com> Date: Sun, 24 Dec 2017 18:57:50 -0500 From: Monty Solomon <monty@roscom.com> Subject: Hackers take control of security firm's domain, steal secret data Hackers take control of security firm's domain, steal secret data Attackers bypass HTTPS encryption protection by registering new TLS certificate. By Dan Goodin A Dutch security firm recently fell victim to a well-executed attack that allowed hackers to take control of its servers and intercept clients' login credentials and confidential data. The security firm, Fox-IT, said in a blog post published last week that the so-called "man-in-the-middle attack" lasted for 10 hours and 24 minutes, although the attack was largely contained for much of that time. The attackers carried it out by gaining unauthorized access to Fox-IT's account with a third-party domain registrar. Next, they changed a domain name system record that designated the IP address that corresponded to the the security company's client portal. With that, the attackers effectively hijacked control of fox-it.com and all traffic sent to it. https://arstechnica.com/information-technology/2017/12/hackers-steal-security-firms-secret-data-in-brazen-domain-hijack/ ------------------------------ ********************************************* End of telecom Digest Wed, 27 Dec 2017