A newly discovered piece of Android malware that replaces portions of apps with its own code has infected more than 25 million devices, according to security firm Check Point. Check Point’s researchers named the malware “Agent Smith” because of the methods it uses to attack a device and avoid detection...

https://www.theverge.com/2019/7/10/20688885/agent-smith-android-malware-25-million-infections

Researchers from the Microsoft Defender Advanced Threat Protection Research Team have issued a warning to confirm that a notorious credential-stealing malware threat is targeting Windows users. What makes this one so dangerous is that it uses an “invisible man” methodology by only running files within the attack chain that are legitimate system tools and so hides in plain sight...

https://www.forbes.com/sites/daveywinder/2019/07/09/microsoft-confirms-windows-great-duke-of-hell-malware-attack/

Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don’t want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back…

https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion…

https://krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/

British Airways is facing a record fine of £183m for last year’s breach of its security systems.

The airline, owned by IAG, says it is “surprised and disappointed” by the penalty from the Information Commissioner’s Office (ICO).

At the time, BA said hackers had carried out a “sophisticated, malicious criminal attack” on its website.

The ICO said it was the biggest penalty it had handed out and the first to be made public under new rules…

https://www.bbc.com/news/business-48905907