Security News

Facebook’s cryptocurrency plans set off alarms

Avast Security News Team, 21 June 2019

Also, researchers find open online database of 150,000 user responses to questionnaires about medical malpractice and military combat injuries

Will Libra tip the scales?

Facebook announced recently that it is developing a cryptocurrency called Libra with various corporate partners such as Uber, Visa, Mastercard, and PayPal, according to the Associated Press. World finance leaders have expressed strong concerns. French Finance Minister Bruno Le Maire insisted that only governments could issue sovereign currency, the AP reported. Facebook plans to launch Libra early next year, though the head of the U.S. House Financial Services Committee wants Facebook to suspend plans until Congress and regulators are able to study them.

The announcement stirs up a host of regulation questions and privacy issues. Social media and cryptocurrency are both only lightly regulated, and financial experts predict Facebook is in for a rude awakening when the company realizes the level of regulation required to launch a new currency.

This week’s stat

In the Internet of Things, 100 companies make more than 90% of devices and 400 companies account for 99%, new research from Avast and Stanford University has found.

Ad agency leaks malpractice and combat injury data

Cybersecurity researchers found an open online database containing more than 150,000 user responses to questionnaires about medical malpractice and military combat injuries. Discovered without password protection, the sensitive information was accessible for anyone to download. The data belonged to X Social Media, an ad agency specializing in “medical malpractice lawsuits and injury-related class-action lawsuits,” according to ZDNet. X Social Media ran ad campaigns on Facebook and Instagram directing potential clients to websites where they would fill out and submit the questionnaires. The exposed information included full names, email addresses, home addresses, phone numbers, and details related to their cases.

In addition to sensitive medical information about individual users, the database also contains internal company records such as client contacts, invoices, and even campaign metrics. Upon finding the database, researchers immediately contacted X Social Media. Nine days later, the company closed access to the information. It is unknown if any unauthorized users accessed the data while it was exposed. The delay in locking down the data is alarming, said Avast Security Evangelist Luis Corrons, “What really strikes me in this case is that it took them nine days after they were notified to solve the issue, when it should be a matter of minutes.” he said.

Cybersecurity watchdog

Watch what happened when Avast asked people on the street – and one puppy – to pick scam websites from real ones.


Jun-21-2019 08-22-50
This week’s quote

“The number of IoT devices today has officially surpassed the world’s population, with this number only set to grow.” – Deepali Garg, Senior Data Scientist at Avast

EatStreet food service breached

Mobile and online food ordering and delivery service EatStreet sent out three separate notifications detailing a security incident that affected three factions of stakeholders – customers, restaurants, and delivery services. According to the EatStreet website, the company works with more than 15,000 restaurants in over 250 cities, boasting 1.7 million active users as of November 2017. EatStreet urges its customers and partners to monitor their financial statements for “any discrepancies or unusual activity.” The company states it has “hired a leading external IT forensics firm to respond to and investigate the incident.” The investigation is ongoing.

Espionage campaign targets Android users

Over 660 Android devices in the Middle East have been infected with a multifaceted malware called GolfSpy, reported SC Magazine. Through social media promotion, Middle East users were directed to a website that offered seemingly legitimate apps, though they had been repackaged to contain the GolfSpy malware. These included Telegram, Signal, WhatsApp Business messaging apps, and other lifestyle and reference apps commonly used in the Middle East, SC Magazine reported.

This week’s ‘must-read’ on The Avast Blog

Stanford and Avast researchers analyzed user-initiated scans of 83 million IoT devices in 16 million homes and found three big truths you don’t often hear about. Find out about the real IoT.


Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.