Today the Wall Street Journal listed all the data Facebook can grab when you upload a photo, based on Facebook’s privacy and data collection policies. The list illustrates what we’ve said before: Facebook doesn’t need to spy on your through your microphone, because you already let it spy on everything else you do.

As the Journal says, Facebook gets your photo, your caption, and which user profiles you tagged. It studies your photos with facial recognition tech to see who’s in them. (That means if you take a photo in public, Facebook might recognize more faces in the shot than you do.) But it also gets a lot more.

By uploading a photo to Facebook, you’re sharing where and when you took the photo, what kind of phone you’re using, what specific phone you’re using (your unique device ID), your mobile provider, nearby Wi-Fi beacons and cell towers (which can determine your current location), and more. You even share your battery level.

You can strip some of this data by editing the photo’s EXIF data or by changing your camera settings, but some data is shared just by opening the Facebook app. (Most social apps can get all the same data—the difference is whether they promise, or choose, not to.)

Facebook can then cross-reference all this data—so Facebook could theoretically record the location of anyone whose face it recognizes, whether or not you tag them. It can also cross-reference this data with everything it already knows about you. And as we’ve seen, this can make Facebook seem positively psychic.

It’s hard to remember that every time you share a small bit of data with Facebook, it learns so much about you. But as news comes out from Mark Zuckerberg’s Senate testimony, expect to hear a lot more about just what you’ve been sharing.

Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash, and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware

Scam artists try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with popular free downloads. To reduce your risk of downloading malware:

• Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically.
• Don’t change your browser’s security settings. You can minimize "drive-by" or bundled downloads if you keep your browser’s default security settings.
• Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
• Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site.
• Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.
• Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware.
• Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.
• Don’t click on popups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.
• Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like photo printing stations or public computers.
• Talk about safe computing. Tell your friends and family that some online actions can put the computer at risk: clicking on pop-ups, downloading "free" games or programs, opening chain emails, or posting personal information.
• Back up your data regularly. Whether it's your taxes, photos, or other documents that are important to you, back up any data that you'd want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

• slows down, crashes, or displays repeated error messages
• won't shut down or restart
• serves a barrage of pop-ups
• serves inappropriate ads or ads that interfere with page content
• won’t let you remove unwanted software
• injects ads in places you typically wouldn’t see them, such as government websites
• displays web pages you didn't intend to visit, or sends emails you didn't write

Other warning signs of malware include:

• new and unexpected toolbars or icons in your browser or on your desktop
• unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open
• a sudden or repeated change in your computer's internet home page
• a laptop battery that drains more quickly than it should

Get Rid of Malware

If you suspect there is malware on your computer, take these steps:

• Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
• Update your security software, and then scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
• Check your browser to see if it has tools to delete malware or reset the browser to its original settings.
• If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
• Many companies — including some affiliated with retail stores — offer tech support.Telephone and online help usually are less expensive, but online search results might not be the best way to find help. Tech support scammers pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.

If you’re a Best Buy customer, you’re going to want to check your credit cards. Just a day after Sears, Kmart, and Delta admitted that they were affected by the breach of the data firm [24]7.ai, Best Buy has come forth with a statement of its own, effectively raising its hand to say that it has been impacted as well.

“Best Buy offers chat services for customers coming to us via their phone or computer,” the company noted in a blog on its corporate website. “We, like many businesses, use a third-party for the technology behind this service and that company, [24]7.ai, told us recently that they were the victim of a cyber intrusion.”

This hack (in fact, a piece of malware) happened between September 27 and October 12 of 2017, and as a result, it would appear that payment information “may have been compromised.” And if [24]7.ai compromised customer payment information, that means that Best Buy customers were likely affected.

Best Buy notes that since the data firm gave notice of the potential risk, the company has been hard at work attempting to solidify “the extent to which Best Buy online customers’ information was affected.” And thus far, the electronics giant seems to be quite optimistic. In fact, it says, “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”

This is much better than Sears, Kmart, and Delta, who collectively believe that thousands of their own customers were likely victims of this attack. All the same, even if it is only a “small fraction” of Best Buy’s customer base, for folks who are impacted, it’s still far too many. To that end, the company noted, “We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case.”

Though initial reports estimated that around 50 million Facebook users' information was improperly obtained by Cambridge Analytica, Facebook upped that number to 87 million last week. The company also said that it would soon be informing those users that their information was accessed by the political firm. Today, those notices are going out, Facebook confirmed to us, and every user will see one of two notifications. If your data was obtained by Cambridge Analytica, you'll get a note telling you so. If not, you'll see a message at the top of your news feed with a link to the apps and website management section of your Facebook settings.

In the message letting users know that their information was shared with Cambridge Analytica, Facebook notes that it has banned the "This is Your Digital Life" website. It also informs users that one of their Facebook friends used the site through Facebook, though it doesn't say which friend. The message includes a link for users to see how they were affected.

Along with Cambridge Analytica, Facebook has also suspended AggregateIQ and CubeYou for using similar tactics. The social media giant has also changed some of its data management practices and rewritten its policies so that they're easier to understand. Facebook CEO Mark Zuckerberg will testify before Congress on April 10th and 11th in order to address concerns over the company's data security practices.

Security researchers have discovered a new ATM malware, “ATMJackpot.” The malware seems to have originated from Hong Kong and has a time stamp on the binary as 28th March 2018.

The malware has a smaller system footprint, it has a simple graphical user interface that displays a limited number of information, including the host name, the service provider information such as cash dispenser, PIN pad, and card reader information.

ATM Malware propagates via physical access to the ATM using USB, and also via the network by downloading the malware on to already-compromised ATM machines using sophisticated techniques.

The malware opens a session with the service providers and registers to monitor events, then it opens a session with the cash dispenser, the card reader, and the PIN pad service providers.

Once the session with service providers are opened, the malware is able to monitor events and issue commands.

Experts believe authors of the malware will continue to improve it and they expect it will be soon detected in attacks in the wild.