Weekly cybernews recap is ready to be read!

• Johnny Lin, a former Apple engineer and co-founder of the software company Lockdown Privacy says Apple's "Ask App Not To Track" button is a "dud" that gives users "a false sense of privacy," according to a Washington Post report. Source: https://www.businessinsider.com/apple-iphone-privacy-initiative-ask-app-not-to-track-study-2021-9
• Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012. Source: https://www.bleepingcomputer.com/news/security/microsoft-wpbt-flaw-lets-hackers-install-rootkits-on-windows-devices/amp/?__twitter_impression=true
• Undisclosed companies are analysing facial data collected by the NHS app, which is used by more than 16 million English citizens, prompting fresh concern about the role of outsourcing to private businesses in the service. Source: https://www.theguardian.com/society/2021/sep/24/undisclosed-private-companies-analysing-facial-data-from-nhs-app
• Google Issues Warning For 2 Billion Chrome Users: https://www.forbes.com/sites/gordonkelly/2021/09/25/google-chrome-warning-zero-day-hack-new-attack-upgrade-chrome-now/?sh=116d3f4555d6
• The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. Source: https://thehackernews.com/2021/09/new-android-malware-steals-financial.html
• Samsung and Harvard University have published new research that suggests it is possible to develop a brain-inspired memory chip. Source: https://www.zdnet.com/article/samsung-wants-to-copy-and-paste-a-brain/
• Google on Monday commenced its appeal against the €4.34 billion fine it received from the European Commission for allegedly forcing Android device makers and network operators to preinstall Google Search and Chrome to cement its dominant position in general internet search. Source: https://www.zdnet.com/article/google-commences-appeal-against-european-commission-eur4-34-billion-fine/
• The “self-healing” software is being deployed by the ABN-AMRO bank, and researchers say that they are the first major institution to utilize such a method in the fight against cybercriminals. Source: https://cybernews.com/security/the-self-healing-software-that-fights-back-against-hackers/
• FinFisher/FinSpy, the infamous and highly controversial commercial spyware sold by German firm FinFisher to nation-states and law enforcement for surveillance purposes, now wraps itself in four layers of obfuscation and other detection-evasion methods to elude discovery and analysis. Source: https://www.darkreading.com/endpoint/notorious-spyware-tool-found-hiding-beneath-four-layers-of-obfuscation
• Vaccine passport app has more than 650,000 registered users, according to its CEO. Private proof-of-vaccination app Portpass exposed personal information, including the driver's licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured. Source: https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749
• Personal data of nearly 4 million Malaysian citizens allegedly put on sale for 0.2 Bitcoin. Source: https://soyacincau.com/2021/09/28/jpn-myidentity-api-security-breach-citizen-data-nearly-4-million-malaysians/
• Leaked meetings show the robot will heavily rely on facial recognition and user behavior, but sources who worked on Astro say the robot is flawed. Source: https://www.vice.com/en/article/93ypp8/leaked-documents-amazon-astro-surveillance-robot-tracking
• Critics raising red flags over the United Arab Emirates' troubling human rights record. Former prime minister Stephen Harper heads the advisory committee of a Toronto-based company now looking to facilitate the sale of cutting-edge surveillance technology to the United Arab Emirates — a country with a troubling human rights record. Source: https://www.cbc.ca/news/politics/harper-united-arab-emirates-surveillance-technology-1.6192281
• Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. Source: https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-reports-ransomware-data-breach/
• What China's New Data Rules Mean for Tesla and the Auto Industry: https://www.wsj.com/video/series/in-depth-features/what-china-new-data-rules-mean-for-tesla-and-the-auto-industry/A1E93B2A-B7EE-4B3F-8102-336C4467B623
• The hacking collective Anonymous has released what it claims to be new data from the controversial web hosting company Epik. Source: https://www.dailydot.com/debug/anonymous-new-epik-leak/
• A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Source: https://thehackernews.com/2021/09/beware-this-android-trojan-stole.html
• Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. Source: https://thehackernews.com/2021/09/new-tomiris-backdoor-found-linked-to.html
• Security researchers today announced findings surrounding a vulnerability with Visa cards, specifically when a Visa card is set as the default card for Express Transit in Apple Pay on the iPhone (this feature is named Express Travel in the UK). Source: https://9to5mac.com/2021/09/30/apparent-flaw-allows-hackers-to-steal-money-from-a-locked-iphone-when-a-visa-card-is-set-up-with-apple-pay-express-transit/
• A WIRED investigation has found 45 federal criminal cases that cite Google geolocation data to place suspects inside the US Capitol during the January 6 riot. Source: https://www.wired.com/story/capitol-riot-google-geofence-warrant/
• In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware. Source: https://thehackernews.com/2021/10/beware-of-fake-amnesty-international.html