Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Hackers Utilize Antivirus Update Mechanism to Deploy GuptiMiner Malware

  North Korean hackers have been utilizing the updating system of the eScan antivirus to infiltrate major corporate networks and distribute...

All the recent news you need to know
Privacy
consumer rights Data Sharing General Motors Insurance Company Privacy

General Motors Under Fire for Secretly Spying on Drivers

 

In a developing story that has captured public attention, General Motors (GM) finds itself embroiled in controversy amidst accusations of clandestine surveillance and unauthorised data sharing with insurance companies. The unfolding narrative, spearheaded by investigative journalist Kashmir Hill of The New York Times, sheds light on a concerning pattern of behaviour within the automotive giant, raising significant questions about privacy and consumer rights.

What Are The Practices?

Hill's extensive investigation unveils a troubling narrative surrounding GM's alleged surreptitious enrollment of customers into its Smart Driver program. Despite the absence of explicit consent or enrollment in OnStar services, Hill and her husband were taken aback to discover that their driving data had been discreetly shared with insurers via third-party data brokers.

Lack of Transparency

Central to the controversy are instances implicating GM dealerships in the alleged scheme, with allegations suggesting customers were unwittingly enrolled in data-sharing initiatives during vehicle purchases. The pressure purportedly exerted on dealerships by GM to achieve high enrollment rates in connected services adds a layer of complexity to the narrative.

Legal and Ethical Implications

The emergence of federal lawsuits against GM underscores the legal and ethical consequences of its data collection practices. Amidst accusations of non-disclosure and lack of transparency, concerns have been raised about the company's adherence to regulatory standards and commitments to consumer privacy.

Corporate Response and Accountability

In response to mounting scrutiny, GM has announced the discontinuation of its Smart Driver program and pledged to unenroll all affected customers. Additionally, the cessation of data sharing with third-party brokers signals a proactive effort to address concerns and restore trust among consumers.

Calls for Reform and Regulatory Oversight

The controversy surrounding GM's data collection practices serves as a catalyst for broader discussions on consumer privacy rights and corporate accountability. Industry experts and consumer advocacy groups have called for strengthened regulatory oversight and transparency measures to safeguard against similar instances of covert data collection in the future.

As the narrative continues to unfold, the General Motors saga stresses the inherent tensions between technological innovation, consumer privacy, and corporate responsibility. The fallout from these revelations serves as a telling reminder of the critical importance of transparency, accountability, and ethical conduct in the digital age.


Read more »
malware
Banking Trojan Brokewell Browser Chrome Google malware

Banking Malware "Brokewell" Hacks Android Devices, Steals User Data

Banking Malware "Brokewell" Hacks Android Devices

Security experts have uncovered a new Android banking trojan called Brokewell, which can record every event on the device, from touches and information shown to text input and programs launched.

The malware is distributed via a fake Google Chrome update that appears while using the web browser. Brokewell is in ongoing development and offers a combination of broad device takeover and remote control capabilities.

Brokewell information

ThreatFabric researchers discovered Brokewell while examining a bogus Chrome update page that released a payload, which is a common approach for deceiving unwary users into installing malware.

Looking back at previous campaigns, the researchers discovered that Brokewell had previously been used to target "buy now, pay later" financial institutions (such as Klarna) while masquerading as an Austrian digital authentication tool named ID Austria.

Brokewell's key capabilities include data theft and remote control for attackers.

Data theft 

  • Involves mimicking login windows of targeted programs to steal passwords (overlay attacks).
  • Uses its own WebView to track and collect cookies once a user logs into a valid website.
  • Captures the victim's interactions with the device, such as taps, swipes, and text inputs, to steal data displayed or inputted on it.
  • Collects hardware and software information about the device.
  • Retrieves call logs.
  • determines the device's physical position.
  • Captures audio with the device's microphone.

Device Takeover: 

  • The attacker can see the device's screen in real time (screen streaming).
  • Remotely executes touch and swipe gestures on the infected device.
  • Allows remote clicking on specific screen components or coordinates.
  • Allows for remote scrolling within elements and text entry into specific fields.
  • Simulates physical button presses such as Back, Home, and Recents.
  • Remotely activates the device's screen, allowing you to capture any information.
  • Adjusts brightness and volume to zero.

New threat actor and loader

According to ThreatFabric, the developer of Brokewell is a guy who goes by the name Baron Samedit and has been providing tools for verifying stolen accounts for at least two years.

The researchers identified another tool named "Brokewell Android Loader," which was also developed by Samedit. The tool was housed on one of Brokewell's command and control servers and is utilized by several hackers.

Unexpectedly, this loader can circumvent the restrictions Google imposed in Android 13 and later to prevent misuse of the Accessibility Service for side-loaded programs (APKs).

This bypass has been a problem since mid-2022, and it became even more of a problem in late 2023 when dropper-as-a-service (DaaS) operations began offering it as part of their service, as well as malware incorporating the tactics into their bespoke loaders.

As Brokewell shows, loaders that circumvent constraints to prevent Accessibility Service access to APKs downloaded from suspicious sources are now ubiquitous and widely used in the wild.

Security experts warn that device control capabilities, like as those seen in the Brokewell banker for Android, are in high demand among cybercriminals because they allow them to commit fraud from the victim's device, avoiding fraud evaluation and detection technologies.

They anticipate Brokewell being further improved and distributed to other hackers via underground forums as part of a malware-as-a-service (MaaS) operation.

To avoid Android malware infections, avoid downloading apps or app updates from sources other than Google Play, and make sure Play Protect is always turned on.

Read more »
Personal Data
Cyberattacks CyberCrime Cybersecrurity Data Breach DPRK Hackers hacking groups Malware attacks Personal Data

DPRK Hackers Compromise South Korean Defense Contractors

 


It was reported on Tuesday that the North Korean hacking groups have been mounting "all-out" cyberattacks against South Korean defence companies, infiltrating their internal networks and stealing their technical data over the past year, South Korean police said. 

According to the police, a group of hackers, known as Lazarus, Kimsuky, and Andariel, who work directly or through contractors, planted malicious codes directly in the data systems of the defence companies, according to the authorities.

During the hacking process, state-sponsored hackers exploited vulnerabilities in the targeted systems of defence companies and installed malware to compromise their subcontractors. Even though the campaign lasted over a year, local reports claim that they managed to steal sensitive information from 10 of the 83 defence contractors and subcontractors that they targeted between October 2022 and July 2023. 

According to KPNA, many of these companies were completely unaware that they were breached when they were contacted by the police, as it has been revealed that they were completely unaware that they were. A special inspection was conducted between January 15th and February 16th by the National Police Agency and the Defense Acquisition Program Administration, and protective measures were implemented to secure critical networks as a result of the inspection.

A special investigation of the company discovered that multiple companies had been compromised since late 2022, but they weren't aware until authorities informed them of the breach. Lazarus targeted a contractor, for example, in November 2022, who was cyber-aware enough to operate separate internal and external networks. 

However, the hackers took advantage of their negligence when it came to managing the system linking the two. The hackers were able to breach an external network server, which was then infected by the hackers. As the network connection system was down for a network test, they tunnelled through it and got inside the innards of the network while the defences were down. 

To steal important information from the six employee computers, they began harvesting and exfiltrating data. It was not until police came along during the investigation that the defence companies were aware that they had been hacked. While North Korea is a country that is isolated from the rest of the world, the country has extremely strong cybersecurity capabilities and has a history of launching successful attacks against global targets over the past few decades. 

An attack on a Bangladesh central bank caused the loss of £64.6 million ($81 million) in addition to the detailed designs for a supersonic jet and a submarine, both of which would weigh three tons. In several South Korean firms, weak cybersecurity practices have enabled North Koreans to succeed in attacking their employees’ systems, with employees using the same password to access both their professional and personal accounts. 

Additionally, Andariel obtained login information, starting around October 2022, from an employee of a company which was responsible for the remote maintenance of the defence contractor in question. Infecting the company's servers with malware and exfiltrating data regarding defence technology, infected the company's servers using the hijacked account.

A police investigation also revealed an incident that took place between April and July 2023, when Kimsuky exploited the groupware email server of a partner company of a defence firm. By exploiting a vulnerability, an attacker could download large files that were sent internally via email, allowing an unauthorized attacker to download them. 

 A security breach committed by subcontractor employees who used the same password for their official and personal email accounts, as well as the hacker's ability to gain access to defence business networks and extract sensitive technical data, was utilized by the hackers. Police officers have not disclosed the nature of the compromised data and the names of the companies responsible. 

Since the signing of contracts worth billions of dollars to supply mechanized howitzers, tanks, and fighter jets in the last few years, South Korea has gained a significant place as a leading global defence supplier. It has been reported that North Korean hacking gangs gained access to global defence corporations' networks, in addition to those of South Korean financial institutions, news outlets, as well as South Korea's nuclear power operator in 2014, as a result of a significant security breach. 

There has been widespread speculation that North Korean hackers have been responsible for large-scale thefts of Bitcoin, which subsequently allowed them to finance their weapons development with the proceeds. The North Korean government denies any involvement with cyberattacks or cryptocurrency thefts carried out by other countries.
Read more »
Ransom
Cyber Attacks Data Leak Healthcare Breach Patient Data Ransom

UnitedHealth Paid Ransom After Massive Change Healthcare Cyber Assault

 

The Russian cybercriminals who targeted a UnitedHealth Group-owned company in February did not leave empty-handed.

"A ransom was paid as part of the company's commitment to do everything possible to protect patient data from disclosure," a spokesperson for UnitedHealth Group stated earlier this week. 

The spokesperson did not reveal how much the healthcare giant paid following the cyberattack, which halted operations at hospitals and pharmacies for more than a week. Multiple media outlets claimed that UnitedHealth paid $22 million in bitcoin. 

"We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it," UnitedHealth CEO Andrew Witty said in a statement Monday. 

UnitedHealth attributed the intrusion on the Russian ransomware gang ALPHV, also known as BlackCat. The group claimed responsibility for the attack, stating that it took more than six terabytes of data, including "sensitive" medical records, from Change Healthcare, which handles health insurance claims for patients who visit hospitals, medical centres, or pharmacies. 

The attack's scale—Change Healthcare performs 15 billion transactions every year, according to the American Hospital Association—meant that even people who were not UnitedHealth clients could have been affected. The attack has already cost UnitedHealth Group almost $900 million, company officials said in reporting first-quarter earnings last week. 

Ransomware attacks, which include disabling a target's computer systems, are becoming more widespread in the healthcare industry. In 2022, a study published in JAMA Health Forum found that the yearly frequency of ransomware attacks against hospitals and other providers increased.

It was "straight out an attack on the U.S. health system and designed to create maximum damage," Witty informed analysts last week during an earnings call about the Change Healthcare incident. According to UnitedHealth's earnings report, the cyberattack is ultimately estimated to cost the organisation between $1.3 billion and $1.6 billion this year.
Read more »
Online Banking
2FA Banking Security Cyber Security CyberCriminal data security Mobile App Online Banking

Is Online Banking Truly Safe? Understanding the Safety Loopholes in Bank Websites

 

In today's increasingly digital landscape, ensuring the security of online banking platforms is paramount. With cyber threats evolving and becoming more sophisticated, financial institutions face the constant challenge of fortifying their systems against unauthorized access and data breaches. 

Recently, Which?, a respected consumer advocate, conducted an extensive investigation into the security measures implemented by major current account providers. This evaluation carried out with the assistance of independent computer security experts, aimed to scrutinize the efficacy of banks' online banking systems in safeguarding customer data and preventing fraudulent activities. 

The assessment, conducted over two months in January and February 2024, focused on examining the apps and websites of 13 prominent current account providers. While the evaluation did not encompass testing of back-end systems, it honed in on four critical areas essential for ensuring robust security protocols: security best practices, login processes, account management, and navigation & logout functionalities. 

Through rigorous testing, the investigation revealed significant variations among providers, with some demonstrating commendable security measures while others fell short of expectations. Among the findings, TSB and the Co-operative Bank emerged as the lowest-ranked institutions in both mobile app and online security. 

Notably, TSB's app exhibited a serious vulnerability, allowing sensitive data to be accessed by other applications on the device, raising concerns about data integrity and privacy. Similarly, the Co-operative Bank's failure to enforce two-factor authentication (2FA) on a test laptop highlighted potential weaknesses in their security infrastructure, necessitating urgent attention and remediation. 

Conversely, NatWest and Starling emerged as frontrunners in online banking security, earning an impressive score of 87%. Their robust security protocols and stringent authentication processes set them apart as leaders in safeguarding customer information. 

Meanwhile, HSBC and Barclays led the pack in mobile banking security, with HSBC notably eschewing SMS-based login verification, opting for more secure alternatives to protect user accounts. In addition to holding financial institutions accountable for maintaining rigorous security standards, consumers must also take proactive steps to protect their financial data when banking online. 

Which? recommends six essential tips for enhancing online security, including protecting mobile devices, using strong and unique passwords, and promptly reporting any suspicious activity. By adopting these best practices and remaining vigilant, consumers can mitigate the risks associated with online banking and thwart the efforts of cybercriminals seeking to exploit vulnerabilities. 

In an era where digital transactions are ubiquitous, prioritizing security is imperative to safeguarding personal and financial information from unauthorized access and fraudulent activities.
Read more »
rebrand
CD Projekt Cisco data Cyber Security Cybersecurity HelloKitty Ransomware reanimation rebrand

Revived Ransomware HelloKitty Returns with Rebranding, Leaks CD Projekt and Cisco Data

 

HelloKitty, a notorious ransomware that became defunct in late 2023 after its developer leaked both the builder and source code on a hacker forum, has resurfaced under a new name and a fresh data leak website. According to reports from BleepingComputer, the ransomware and its associated dark web portal have been rebranded as HelloGookie, likely in reference to the developer and operator, Gookee/kapuchin0, who was behind the original HelloKitty ransomware.

Originally created and maintained by a hacker known as Guki, HelloKitty was infamous for its targeting of large organizations and corporations since its establishment in late 2020. One of its notable breaches occurred in February the following year when it infiltrated CD Projekt Red, a renowned Polish game studio famous for titles like the Witcher series and Cyberpunk 2077. 

The Witcher series alone has sold over 50 million copies globally, while Cyberpunk 2077 boasts approximately 25 million sales. Both games, being open-world RPGs, have garnered numerous accolades, with Witcher 3 often hailed as one of the greatest RPGs ever developed.

During the attack on CD Projekt Red, HelloKitty pilfered about 450GB of uncompressed source code, which included files for an unreleased version of Witcher 3 purportedly featuring ray tracing, a cutting-edge rendering technique that simulates realistic lighting effects in computer graphics. 

This technique was eventually integrated into Witcher 3 via a 2022 update. In a bid to mark its resurgence, the operator of the ransomware released the pilfered data from the CD Projekt Red breach, along with data acquired from a 2022 attack on Cisco. Additionally, four private decryption keys were made public to facilitate the unlocking of files encrypted by HelloKitty.

As of now, there have been no new data leaks on the HelloGookie website, nor any indication of ongoing attacks. HelloKitty once held a significant position in the ransomware landscape, and it remains to be seen whether HelloGookie will achieve similar levels of success as its predecessor.
Read more »
VPN security
Safe Browsing Technology VPN VPN Hacking VPN security

Is Your VPN Safe? Or Can It be Hacked?


A virtual private network is one of the simplest ways for consumers to secure their internet activity. VPNs utilize tunneling technology to encrypt a user's online traffic and make it unreadable to prying eyes.

This additional layer of security has become a popular choice for both businesses and customers seeking to secure their privacy. According to Statista, more than 24% of all internet users in 2023 utilized a VPN to protect their internet connection.

With such widespread use, one might wonder if VPNs are impervious to hacking. Are they susceptible to hacking? Can VPNs be used to steal user data instead of securing it?

Can VPNs be hacked?

VPNs, like any other software, can be hacked. No software is perfect, and VPNs, like all internet-based technologies, are vulnerable to various threats. That being said, a good VPN will be extremely difficult to crack, especially if it has a secure server infrastructure and application.

VPNs function by creating a secret connection via which your internet activity is encrypted and rendered unreadable. Your internet traffic is routed via a VPN server, which masks your IP address and gives you an extra degree of privacy online.

This encryption protects critical user data including your IP address, device location, browsing history, and online searches from your internet service provider, government agencies, and cybercriminals.

VPNs provide simple safety for your online activity by encrypting user data and routing it over a secure channel. However, this does not render them invincible.

There are a few vulnerabilities in VPNs that hackers can exploit or target. Let's look at a few of them:

How VPNs Can Be Hacked

Breaking the VPN encryption

One approach to hack VPNs is to break through the encryption. Hackers can employ cryptographic attacks to break poorly constructed encryption ciphers. However, breaking encryption requires a significant amount of effort, time, and resources.

Most current VPNs use the Advanced Encryption Standard (AES-256) encryption method. This encryption standard encrypts and decrypts data with 256-bit keys and is commonly regarded as the gold standard in encryption.

This is because AES-256 is nearly impregnable, taking millions to billions of years to brute force and crack even with today's technology. That is why many governments and banks employ AES-256 encryption to protect their data.

In any event, most modern VPN companies use AES-256 encryption, so there isn't anything to worry about.

VPNs employing outdated tunneling protocols

Hackers can also attack older VPN tunneling standards. Tunneling protocols are simply a set of rules governing how your data is processed and transmitted via a certain network.

We wish to avoid utilizing old protocols like PPTP and L2TP/IPSec. These protocols are outdated and are regarded as medium to low security by modern standards.

PPTP, in example, is an older technology with documented weaknesses that unscrupulous actors can exploit. In contrast, L2TP/IPSec provides better security but slower performance than newer protocols.

Fortunately, more recent VPN protocols such as OpenVPN, WireGuard, and IKEv2 offer an excellent balance of high-level security and speed.

DNS, IP, and WebRTC leaks

Malicious actors can also steal user data via VPN leaks. VPN leaks occur when user data is "leaked" from the secure VPN tunnel as a result of a bug or vulnerability inside the software. The primary types of VPN leaks include the following:

DNS leaks occur when the VPN reveals your internet activity, such as DNS queries or browsing history, to the ISP DNS server despite being connected over an encrypted VPN connection.

IP leaks occur when your IP address is accidentally leaked or exposed to the internet, undermining the primary function of a VPN in disguising your true IP address and location.

WebRTC leaks are browser-based leaks in which websites gain unauthorized access to your actual IP address by bypassing the encrypted VPN connection.

VPNs inherently log user data

Finally, hacking is possible when VPN providers access customer data without their authorization.

While many VPN services promise to have no-logs policies, indicating that they are not keeping user data, VPNs have been shown to store user information notwithstanding these rules.

Why should you still invest in a VPN?

Even after understanding the various ways VPNs can be exploited, utilizing a VPN is significantly more secure than not using one. VPNs enable you and your organization to mask your IP address with the touch of a button.

Hiding your IP address is critical because criminal actors can exploit it to send you invasive adverts, learn your location, and collect information about your personal identity. VPNs are one of the simplest and most accessible ways to accomplish this.

VPNs are also an excellent solution for larger enterprises to maintain the security of company data, especially if your company has distant employees who access company resources via the Internet.

Read more »
Subscribe to: Posts (Atom)