Short Topix: If Your Password Is Listed, CHANGE IT NOW!

Four malware apps on the Google Play Store have been discovered by Malwarebytes Labs, according to an article on BGR.com. These apps don't perform any nefarious activities when they are first downloaded. Instead, they wait 72 hours, and then begin connecting the user to phishing sites, loading them in Chrome even when the phone is not in use. The apps are Bluetooth Auto Connect, Bluetooth App Sender, Driver: Bluetooth, Wi-Fi, USB, and Mobile transfer: smart switch. Because the author has uploaded "clean" versions of these apps in the past, Google has decided to allow them to remain in the Google Play Store.

A browser botnet, called Cloud9, is effectively a remote access trojan (RAT) for the Chromium web browser, including Google Chrome and Microsoft Edge, allowing the threat actor to remotely execute commands, according to an article on BleepingComputer. The malware can steal online accounts, log keystrokes (like passwords and credit card numbers), inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.

A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients, according to an article on BleepingComputer.

Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show, according to an article on The Hacker News.

A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan, according to an article on BleepingComputer. The apps do not carry the malicious payload upon installation to evade detection when submitted on Google Play but instead fetch it later from a remote resource.

On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers, according to an article on CyberNews. The dataset allegedly contains WhatsApp user data from 84 countries. The threat actor claims there are over 32 million U.S. and 11 million U.K. user records included, among other countries.

Coming Soon To Your Gmail Account...

Google is preparing to roll out a new feature to Gmail users, and the timing couldn't be better than around the holidays.

According to an article on CNBC (also widely reported in other media outlets), Google is planning on adding a package tracking feature. The option will allow Google to scan your emails for shipping tracking number, and then place a small green flag on your email, telling you "Arriving Wednesday," or "Arriving Fri, Dec. 2."

The new feature is not automatic. Users will have to go into their Gmail settings to enable the feature. But with so many people purchasing holiday gifts online and waiting for them to be shipped to their homes, this should help those online shoppers get updated information quickly, at a glance.

Google will let users know when the feature is available to them by displaying a popup that lets users choose whether or not to allow the status updates for shipped packages. Users will then be able to toggle the setting in the settings for their account.

No firm date has been announced for the new feature. Google has said on its blog "in the coming weeks."

If Your Password Is Listed, CHANGE IT NOW!

The team behind NordPass, the same people behind NordVPN, have released their 2022 list of the 200 most common passwords. Many of these notoriously WEAK passwords can be hacked in less than one second.

The number one most common (and exceptionally weak) password is ... drum roll ... password. Perennial favorites like "123456789" or "7654321" or "1234554321" are also on the list, and are all capable of being guessed by a hacker in under one second.

We've run password security articles so many times during my 13.5 years tenure as the editor of The PCLinuxOS Magazine that I've actually lost count. I've attempted to go through past issues several times to count the number of times we've run password security articles, but I keep coming up with a different number every time. Your mileage may vary.

But, there are common and recurring themes. To better protect your private, personally identifiable information, adhere to these basic security rules that follow.

Don't reuse passwords. By reusing passwords -- especially weak passwords -- you grant access to multiple accounts to hackers.

Use a password manager. There are several available, so all you have to do is make a choice. I use Bitwarden, which is available both as a browser add-on, and as a standalone program that's installable on PCLinuxOS via Synaptic. Others use KeepassX. Others use the free version of LastPass (which I ditched in favor of Bitwarden when they switched to a subscription-based service for use on multiple devices). There are others, but employing the use of a password manager allows you to create a complex and unique password for every site/account, and helps remember them for you. These are WAY more secure and better to use than writing passwords in a notebook or (even worse) in an unencrypted text file on your computer.

Develop/use a password strategy. Create a method for making secure, complex passwords. Your method can be unique to you. But, be sure to avoid addresses, birthdays, anniversaries, names of your pets, children and spouse, and other easily obtainable and relatable personal information. Do be sure to mix uppercase and lowercase characters, use numbers, and throw in a special character or two. You could use a "root" password, which you then alter for each site you log into. Or, you could just string together four completely unrelated words. Whichever method you use, stick with it and use it every single time you create a new password for a new site.

Recycling Breakthrough Could Eliminate Billions Of Tons Of Plastics From Landfills

Researchers at the University of Texas at Austin have created a breakthrough that has the potential to reduce billions of tons of plastic waste from landfills, according to an article on Yahoo News.

The researchers modified an enzyme, which when applied to PET (polyethylene terephthalate) plastics, breaks the plastic down within a matter of days. The time for the plastic to be consumed by the enzyme varies from a day and a half to four and a half days. PET plastics are the most commonly used plastics, used in everything from water bottles to clamshell packaging for food.

"This mutation actually changed everything," said Danny Diaz, a graduate student who worked on the project.

"You can see we can degrade all of these post-consumer plastics, anywhere from a day and a half to four and a half days," Diaz said. "By tweaking a protein through engineering, we were able to essentially accelerate plastic degradation significantly."

The enzyme is still in the study phase but eventually, you could see it used in landfills and possibly even at polluted sites.

One concern is that much of the infrastructure, from bins to pipes, is built from plastic.

PCLinuxOS Magazine Short Topix Roundup

Two researchers from Japan have run new numerical simulations, and now think that Earth-like exoplanets may be more common than originally thought, according to an article on SciTechDaily.

This one sounded a bit scary to me. Did you know that starting with iOS 15 on iPhone 11 and newer, you can locate your lost iPhone, even if it's turned off? According to the article on HuffPost, turning on the "Find My Network" setting on your iPhone will allow you to locate your lost iPhone, even if it has been turned off.

Researchers at Stanford University have designed a smart bandage capable of monitoring wounds' healing in real time, as well as accelerate tissue growth and blood flow around them while reducing scar severity, according to an article on Popular Science. The new smart bandage can accelerate healing by 25%.

The CharaChorder X dongle can legitimately and dramatically improve a user's typing speed by up to 600% — assuming they're willing to put the work in to learn how to use it, according to an article on Gizmodo.

In 2015, David Hole was prospecting for gold in Maryborough Regional Park near Melbourne, Australia, according to an article on Science Alert. Convinced the rock contained a gold nugget, Hole tried everything to break open the rock, but to no avail. It turns out, the rock is even more valuable: it was a rare meteorite.

A universal flu vaccine developed at the University of Pennsylvania that protects against all strains of the virus could be available in the next two years, according to a leading scientist speaking in an article on The Guardian. The experimental vaccine is based on the same mRNA technology used to create the highly successful COVID vaccines.