Google Launches Private Android App Stores

Malicious apps have emerged as perhaps the most serious threat to mobile devices at the moment, and the major players, such as Apple and Google, have tried several different methods of preventing them from getting into their app stores and into the hands of users. Now, Google is taking one more step with the launch of a new service called the Private Channel for Google Apps, which gives enterprises and other organizations the ability to create private app stores and control the apps their users can download.

Nationwide, Allied Insurance Breach Hits 1.1 Million Users

An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but it waited to inform consumers directly. Earlier news accounts offered some hints at the scope of the breach, including some 30,000 victims in Florida and Ohio and 90,000 in Iowa.

The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company’s practice of sniffing users’ browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from performing history sniffing and requires the company to destroy all of the data it’s collected from consumers up to this point through history sniffing.

Tis the season for predictions and security firm Trusteer checks in today with a handful for the upcoming New Year. In a post on the company’s blog, CTO Amit Klein distills Trusteer’s top ideas into an infographic,. The company predicts the security landscape will see more exploits, specifically Man-in-the-Browser malware, targeting Google’s Chrome browser, the further emergence of native 64-bit Windows malware and what the firm claims will be a more drawn out malware lifecycle.

A new version of the BIND DNS server software is available, fixing six security vulnerabilities and a long list of other bugs. BIND 9.9.2-P1 is mainly a security update and most of the issues it fixes are crashes and not remote code execution flaws.

Twitter officials say that a researcher’s claims that the service is open to an SMS-spoofing vulnerability are not completely accurate, and that Twitter users in the United States are not vulnerable to the attack. Moxie Marlinspike of Twitter’s security team said that the company in August had stopped allowing users to post messages using SMS longcodes in countries, such as the U.S., where posting via a shortcode is available.

UPDATE–A day after an independant security researcher disclosed a vulnerability in SMS-enabled Twitter accounts, the social network giant announced it’s fixed the flaw – at least for some users. Those who use a “long code” and/or cannot use a PIN code remain at risk.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.