Another day, another Android security alert. This time it's from cybersecurity giant Symantec, which said that as many as 1.5 million Android users are having ads clicked for them in what appears to be shady practices by apps hosted on Google Play.

Those apps are: Idea Note, a notepad app with more than 1 million downloads, and Beauty Fitness, a workout assistant with at least 500,000 downloads. They’ve now both been kicked out of the Play store – where they’d been hosted for a year – after Symantec warned Google of the rogue behavior.
The developer of both apps, who goes by the name Idea Master, hadn’t responded to a request for comment at the time of publication.


A cunning fraud


In describing the novel, “cunning” attack, Symantec researchers May Ying Tee and Martin Zhang said that the advertisements were effectively “drawn” on the device but then removed from the view of the user.


“The position of the drawings are beyond the device’s viewable screen area and the user is unable to see the advertisements on their device. Using this tactic allows advertisements, and any other potentially malicious content, to be displayed freely. The app can then initiate an automated ad-clicking process that produces ad revenue,” they wrote in a blog post published Wednesday.


Outside of funding a potentially fraudulent scheme, any users of the apps may also have their battery drained by the hidden ad clicking. “As threat actors generate ghost clicks and ad revenue, impacted devices will suffer from drained batteries, slowed performance, and a potential increase in mobile data usage due to frequent visits to advertisement websites,” Symantec’s researchers added.


Concerned users should manually uninstall the apps to avoid any such issues.
​

Google’s Android platform continues to be the target of myriad scams and hacks. Earlier this month, Google itself warned that tens of millions of devices were being shipped with malware pre-installed. Then an alert came from Kaspersky that the massively popular CamScanner app, which boasts more than 100 million downloads, contained malware.

This article was written by Thomas Brewster from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.
​

Rock Hall of Famers Cheap Trick put on another awesome performance for a packed crowd in Las Vegas - a free show @ Fremont Street Experience on Saturday, 8/19/2019. It's was my 19th Cheap Trick show over a 34 year period and they just never seem to disappoint. Since the addition of some family - and the Rock HOF induction - they seem even more energized and enjoying performing for crowds large and small as openers or as headliners. As Robin Zander said at the HOF induction ceremony, "You can put RETIRED on my headstone."

They played with and for the crowd for 90 full minutes - nice long set and nice inclusion of some deeper cuts for the serious fan like me. And it was nice to see Sturgis shirts there so obviously some fans have been following them around as they just recently put on a great show at Sturgis. With Bun E. out (great drummer, I do miss him) and Daxx Nielsen in for the past 9 years and the addition of Robin's son Robin Taylor Zander on second guitar they are clearly keeping it in the family and they are re-energized and having fun making us the lucky recipients of these continuing great enthusiastic performances that look and sound great. Long live Cheap Trick!

To see the full performance - watch my video below - Wait for it - the video gets much better at about the 19 minute mark when my taller son takes over and lets me enjoy the show. Before that I'm not paying much attention to what I'm recording and have too much backs of heads and peoples' backs and not enough CT. Good audio throughout though... and it's the complete show. 1 hr, 29mins long.

“Suppose you were expecting a document or some photos from a friend, but you see their email in spam. Is a legit email and ended up there by mistake?”

This is how most stories about ransomware infections begin.

Here are a few hints that will help you tell that something’s fishy:

- First sign: if the email ended up in Spam, clearly something is wrong with it. Trust the spam filter. Let it stay there.

- Ok, you’re stubborn. Next step: have a look at the header. Does the email address match your friend’s one? No? Then it’s not legit. End of story. Also make sure you check for small variations in name (it can be different letters, misspellings, or a different web domain).

- Since we’re talking about the email header, if you are using Gmail you could also check if the email is encrypted (that’s a good sign).

- Moving on. You notice there’s an attachment. Before you rush to download and open it, look at its extension. What type of file is it? No photo archive will ever be an .exe. Be aware of Office files as well, as they can contain malicious code. Make sure you disable the Macros function in Microsoft Office before opening any Documents or Excels.

If it helps you to calm down, just pick up the phone and call your friend. Ask them if they sent you an email and from what address.

Better be safe than sorry, right?
​
Credit: @Daily Security Tip

1. Vegas Golden Knights (2017-18)

It was less plausible than anything that happened in "The Hangover": An expansion team cobbled together over the previous summer finished with 109 points to win the Pacific Division, advanced through the Western Conference and played for the Stanley Cup in its inaugural season. It was a run sparked by the instant bond between the players and their city following the October 2017 mass shooting on the Las Vegas Strip; by the "us against the world" attitude of the expansion draft castoffs (and their coach); and, of course, by their secret weapon -- The Vegas Flu draining their opponents.

​PCI DSS compliance is critical for any business that handles credit card processing. Whether you fall under Level I or Level IV of compliance, you’ll need to establish a comprehensive, structured, and repeatable approach that will help you meet the over 200 controls required by this compliance framework.

Every business has a unique approach to becoming compliant. Some use advanced technologies, while others rely on QSAs to ensure yearly validation. However, having a thorough compliance model is critical for PCI standards. A project management approach is one of the best ways to help your company work through a PCI audit.

But how can you implement project management during PCI compliance? This article will cover the benefits of using project management and provide specific steps for implementing this approach during PCI DSS.   

Why Use A Project Management Approach For PCI Compliance?

You may be wondering why the project management approach is suitable for establishing a compliant environment. When planning for a project, many different factors are considered to ensure smooth execution. You may involve multiple stakeholders, dedicate adequate resources, and implement additional steps towards protecting data. These same principles are what will help you ensure that payment information is processed in a safe, efficient, and compliant manner.

Some of the benefits of following a project management approach include:

1. Increase The Credibility Of Your Compliance Model

Using a project management approach increases the credibility of your PCI compliance steps. This is because all objectives are clearly defined, while deliverables, timelines, and the scope of compliance are also communicated from the very beginning. Furthermore, the entire organization is on the same page when it comes to resource allocation, setting priorities, and informing all staff of their specific duties.

With a credible model for compliance, you can increase customer confidence and assure governing bodies that your systems are robust enough to avert data security threats. 

2. Save On Costs

Compliance involves many different stakeholders. From IT professionals to HR and Finance, coordinating multiple departments is the only way of maintaining a PCI compliant environment.

Using a project management approach allows you to take advantage of tools and techniques such as path analysis and activity sequencing. In this way, you can save on costs and ensure the smooth implementation of required processes.      

3. Reduce Data Risks

PCI compliance doesn’t come without risk. For example, installing new systems, networks, and workflows can be a risky process due to the potential leaking of sensitive customer data. Using a project management approach allows you to analyze your risk environment during every step of the compliance process. You can identify, quantify, monitor, and control your risks when talking steps towards PCI compliance. In this way, the threat of incurring risks is mitigated. 

Steps For Creating A Project Management Approach To PCI

ComplianceProject management is broad, and each type of project will determine the specific steps that need to be taken for compliance. In the case of PCI DSS, a project management approach should include the following steps.

1. Include All Parts Of The Organization

When it comes to PCI, all IT activities need to be in unison. Segmented operations will make compliance much harder to achieve. This is why you should include all departments within your organization and establish a common compliance objective.

With ground rules in place, you’ll have an easier time optimizing company operations towards your specific level of compliance. 

2. Consider Your Vendors

The next step is to ensure that your vendors have updated systems that fall in line with your level of PCI compliance. Only work with vendors that take compliance seriously and have optimized their systems to fall in line with your current standards.

3. Have a Project Manager to Coordinate All Activities

PCI compliance can easily become hectic. This is why you need a single person who will coordinate all activities and ensure that everyone is on the same page. The project manager will also make decisions regarding resource allocation, risk management, PCI requirements, and exceptions.

4. Establish A Security Team

Because PCI DSS is primarily a data security model, it touches on multiple parts of security standards. For example, PCI involves networks, software, database management, and key security infrastructure. This is why you need a robust security team in place to oversee all separate data security elements. You may outsource or provide the security personnel yourself, as long as they’re familiar with your compliance framework and ready to implement appropriate procedures. 
 
5. Have A RACI Document In Pace  

Responsible, Accountable, Consult, and Inform. These are the steps you should have in place for all your documentation for PCI compliance. As opposed to general organization charts, RACI documents make resource allocation, responsibilities, and roles much easier to assign. 

Cheap Trick are an indisputable American institution, beloved for their instantly identifiable, hugely influential brand of pop rock ‘n’ roll.

Frontlined since 1974 by Robin Zander (vocals, rhythm guitar), Rick Nielsen (lead guitar) and Tom Petersson (bass guitar), the Rock and Roll Hall of Famers are as vital today as ever.
​
The band’s hits include “Dream Police,” “California Man,” “Surrender” and “I Want You To Want Me.”

In 2016, Cheap Trick was inducted into the Rock and Roll Hall of Fame, and about time!

The induction honored both the band and the pioneering sound that has earned them total record sales well in excess of 20 million and more than 40 international gold and platinum certifications.

Hit the world’s most exciting street party for a free concert by Cheap Trick, continuing to delight generations with their “unique union of massive melodies and razorblade riffs,” in the heart of downtown Las Vegas, no ticket needed!
​
Check out the full Downtown Rocks free concert series schedule.

We rarely hear the term “hacker” in a positive context and we decided to try and clear things a bit.

The definition says that a hacker is someone who’s proficient at computers and computer networks.

Shortly, hackers come in three shades:

Whitehat hackers – who are cyber security experts and use their knowledge and skills for good, helping protect companies and individuals;

Greyhat hackers – are right in between, as they use methods which are not entirely ethical, but not necessarily illegal to acquire information which they then sell to third parties;

Blackhat hacker – who are cyber criminals and choose to put their know-how and resources to work for malicious purposes.

Credit: @Daily Security Tip