open source and cybersecurity news

July 11, 2023

Spyware in Google Play Store Stealing Users' Data; Crypto Rug Pulls; Massachusetts Bans Location Data Sales and Transfers; Venture Funding in Cybersecurity - From Boom to Bust; This Day in Tech History

In this Episode:

Episode Transcription:

Pokie Huang: 

From Sourced Network production in New York City. It’s 5:05. I’m Pokie Huang. Today’s Tuesday. July 11th. Here’s the full story behind today’s cyber security and opensource headlines. 

Edwin Kwan: 

This is Edwin Kwan from Sydney Australia. 

Security researchers have discovered two spyware in the Google Play Store that have been installed by up to 1.5 million users. Both apps are from the same publisher and pose as file management applications. They have similar malicious behaviors, such as launching silently without any user interaction.

The apps also collect excessive user data, even though their application profile announces that they do not collect any data from users’ devices. The data collected includes user’s contact list from both the device, and from all connected accounts such as emails and social networks. It also collects all media compiled in the application, such as pictures, audio and video content, and it collects device, realtime location along with other device and network information.

The app also protects itself from uninstallation by hiding it’s icon from the home screen. Security recommendations include checking the reviews before downloading and carefully reading the permissions the app is requesting before accepting them.

Katy Craig: 

In a jaw dropping twist, approximately $126 million worth of crypto assets has vanished from Multichain’s accounts in what could be a classic case of a rug pull. The incident left experts scratching their heads and investors clutching their virtual wallets. 

This is Katy Craig in San Diego, California.

Multichain, a platform designed to connect various blockchain networks and facilitate token exchanges, promptly shut down following the mysterious heist on June 7th. Details surrounding the hack remain shrouded in uncertainty, but blockchain security firms like PeckShield and SlowMist suspect that compromised private keys may be at the heart of the matter.

To prevent further chaos, around $65 million of the pilfered funds have been frozen with the help of platforms like Circle and Tether. While no one is explicitly labeling it as a hack just yet, precautionary measures are being taken to thwart potential money laundering activities, if foul play is indeed confirmed.

Blockchain experts are not ruling out the possibility of a rug pull, a scenario where the platform’s developers make off with the money themselves. The intricate web of cryptocurrency continues to unravel, leaving investors on edge, and reminding us all to tread cautiously in this wild, wild west of digital assets.

This is Katy Craig, stay safe out there.

Hillary Coover: Hi, this is Hillary Coover from Washington, DC. 

Massachusetts is considering a groundbreaking law that would ban the sale of location data collected from mobile phones used within the state. The proposed Location Shield Act would also require law enforcement to obtain a warrant before accessing such data.

Massachusetts would be the first state to completely prohibit the sale of location data. Other states have implemented privacy laws that require consent for data collection and impose restrictions on transfer and sale, but none go as far as Massachusetts is proposing. 

Critics argue that the proposed ban goes too far and suggest alternative measures, such as allowing consumers to opt out of data sales. But, we know how that typically works out. The opt-out functions are almost always buried, and the average consumer is not willing to dig through detailed terms and conditions of certain convenient applications that collect these records. Supporters of the bill highlight concerns about digital stalking, abortion rights, and national security threats associated with the availability of these records.

The Location Shield Act could be improved by addressing law enforcement access separately. There are alternative policy options to warrants that would provide effective oversight of the use of these records in time-sensitive, critical, and often lifesaving operations. 

Ian Garrett: 

Even recession-proof industries are feeling the squeeze when it comes to funding. While cybersecurity has traditionally been shielded from downward funding trends, it is now seeing a major shift from investors. With that, you may be wondering how bad is the decline. 

Hey folks, this is Ian Garrett in Arlington, Virginia. 

In the red-hot cybersecurity market, venture funding has seen a significant slump. In the second quarter of 2023, funding dropped to slightly over $1.6 billion, a 63% decline from the same quarter in 2022. This marked the lowest point since the last quarter of 2019. The numbers for the first half of the year showed a similar trend with cyber startups raising only $4.3 billion, a 60% drop from the first half of 2022. 

This decline in funding reflects the changing venture capital environment with investors now seeking companies that can quickly achieve cash flow break even. Not only has funding declined, but the overall deal volume in the cybersecurity sector has also dropped drastically.

 The second quarter saw only 148 cybersecurity funding deals announced a 35% decrease from the previous year. The first half of 2023 saw a 38% decline in deals announced compared to the same period in 2022. Large funding rounds of $100 million or more have been particularly affected with only 11 such rounds raised in the first half of 2023, a 67% decline from the previous year.

While the decline in funding and deal volume is not unique to the cybersecurity sector, it is surprising considering that cybersecurity has been considered a recession-proof industry. The sector may be feeling the effects of investors shifting their focus towards profitability, rather than rapid growth.

Additionally, cybersecurity companies may be experiencing a reduction in spending from their customers as businesses try to save money in an uncertain economy. However, there is still a need for cybersecurity solutions as ransomware attacks and hacks continue to be prevalent.

Marcel Brown: 

This is Marcel Brown bringing you some technology history for July 11th. 

July 11th, 1979. The first American Space Station, Skylab, reenters the Earth’s atmosphere and burns up after plans for keeping it in orbit fail to materialize. Fragments of Skylab fell around Perth, Australia killing one cow.

July 11th, 2008. Apple’s second iPhone, the iPhone 3G goes on sale. The higher speed 3G data capability certainly helped the iPhone solidify its status as the premier smartphone of the time. However, it was the introduction of the Apple App Store one day before that really kicked off the mobile device revolution.

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang: 

That’s our updates for today. July 11th. I’m Pokie Huang. We’ll be back tomorrow… at 5:05.



Leave the first comment