Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Amazon. Show all posts
Technology
Amazon Cyberattacks CyberCrime Cybersecurity eBay Online Shopping Rise of Temu Technology

The Rise of Temu: A Game-Changer in Online Shopping

 


It has been reported that this year's Super Bowl was watched by 123 million Americans, setting a record. Aside from the nation's biggest sporting event, the blockbuster halftime performance, several camera cutaways, and several shots of Taylor Swift in the audience, they also got six 30-second advertisements for Temu - a Chinese-owned e-commerce company that is also owned by them. 

Politicians in both the UK and the United States have been criticising the giant for being inherently high risk of products being made using forced labour. In its statement to the press, Temu says that all of its merchants are strictly prohibited from employing forced, penal, or child labour. 

As of 2022, the company, which sells everything from clothes to electronics to furniture, first landed in the United States. The company has since then moved to the UK and other countries across the globe. According to data gathered by analyst SimilarWeb, just under 152 million Americans are using the app every month, which has consistently topped worldwide app download charts. 

Described as "Amazon on steroids," by retail analyst Neil Saunders, the company has gained massive popularity over the past few years, shipping to more than 50 countries in the world, with the tagline "Shop like a billionaire." The average cost of a 30-second Super Bowl commercial is about $7 million (£5.5 million), and Temu had six of them this year at the event. 

As a result of the Super Bowl, it appears that the total number of individual visitors to the platform was nearly a quarter higher than the previous Sunday, with 8.2 million users accessing the website and app on the day of the event. According to Ines Durand, an e-commerce expert at SimilarWeb, the number of visitors to Amazon and eBay dropped by 5% and 2% respectively during the same period. These influencers typically have fewer than 10,000 followers, as per her research. 

A Chinese giant known as PDD Holdings is the owner of Temu, according to Shaun Rein, founder of the China Market Research Group, one of the biggest e-commerce companies in the world. Even though the company has traded places with rival Alibaba for the top spot as the most valuable Chinese company listed on a US stock exchange, its current value is just under $150 billion (£117 billion). 

PDD Holdings has expanded overseas to Temu after having successfully conquered the Chinese consumer market several years ago with its current model. Mr Rein, a Shanghai-based entrepreneur, feels that the firm has become a source of great pride and patriotism for its employees. There is a wide range of products available on Temu's website, app, or app-based platform, from steel-toed trainers to a device that helps elderly and pregnant women put on socks to name a few. 

Mr Rein explains that this is a collection of manufactured products that are almost entirely manufactured in factories in China. Ms Durand believes that while Amazon sells this information to manufacturers at a high price, Temu provides it for free to producers who are looking to test the market with a relatively small number of products. 

According to a US Congress report published in July last year, a third of parcels imported into the US were shipped through the de minimis threshold, which is a shipping loophole known as the de minimis threshold. The United Kingdom and the United States, for instance, have a de minimis threshold in place to allow citizens to import goods without incurring additional fees for imports.

Since Temu's products are shipped directly from the factory floor without any middlemen involved, they become essentially duty-free. According to Mickey Diaz, chief operating officer at global freight company Unique Logistics, more regulation may be on the horizon to close shipping loopholes. According to her, the UK has already begun to take a closer look at Temu, especially regarding the sale of weapons that are normally prohibited from entering the UK, but which were being imported owing to these loopholes, she says.

The e-commerce giant Temu has also been criticized for the supply chains it manages, as both British and US politicians accuse the company of selling products made with forced labour. Alicia Kearns MP, who leads the foreign affairs select committee, announced last year that she wanted stronger laws to protect consumers from unintentionally contributing to the genocide of the Uyghur minority by using the online marketplace. 

The company says it is "strictly prohibited" by its merchants that they are going to use forced work, penal labour, or child labour in their shops. Any person doing business with the company must comply with all regulatory standards and compliance requirements before doing business with it, the company told the BBC.
Read more »
Scammers
Amazon CIA agent Cyber Fraud Federal Trade Commission Financial Exploit Scammers

How a Fake CIA Agent Duped Someone out of $50,000

 



Given a recent incident reported by The Cut, freelance finance writer Charlotte Cowles fell victim to an elaborate scam that highlights the dangers of social engineering. The scam began with a call from a number appearing as "Amazon," leading Cowles to believe she was a victim of identity theft. The caller, posing as a Federal Trade Commission official, connected her with a fake CIA agent named Michael. Over hours on the phone, "Michael" convinced Cowles that she faced serious charges related to the identity theft and persuaded her to withdraw $50,000 in cash. The twist? She was instructed to hand over the money to the CIA, which would inexplicably issue her a check for her own funds.

Despite suspicions during the ordeal, the scammers manipulated Cowles into isolation, urging her not to involve her family or the police, claiming it could jeopardise their safety. This tactic of isolating the victim is a common element in scams, aiming to heighten emotions and push individuals into making decisions they might not otherwise make. The scammers played on Cowles' fears for herself and her family, using personal details like the last four digits of her Social Security number to further erode her judgement.

Experts emphasise that falling victim to professional scammers is not a matter of lacking savvy. Selena Larson, a senior threat intelligence analyst, stresses that fraud perpetrators excel at social engineering and employ tactics like instilling fear, excitement, or urgency to manipulate their targets. To protect against such scams, Larson advises people to be wary of anyone trying to isolate them from friends and family, cautioning against trusting individuals posing as government officials or celebrities. Immediate requests for money and a sense of urgency are red flags that should prompt individuals to break off contact and report the activity.

This cautionary tale serves as a reminder that anyone can be targeted by scams. Larson suggests a vigilant approach, emphasising the importance of staying connected with loved ones and not succumbing to isolation. Additionally, adopting a strategy similar to Cowles' newfound tactic—never answering calls from unknown numbers—can be an effective way to avoid falling prey to scams.

As online threats continue to multiply, it is crucial for individuals to remain informed and alert. The incident also borders on the broader issue of cyber threats, including state-backed hacking efforts, ransomware attacks on hospitals, and the impact of cyberattacks on vulnerable communities. Stay safe and informed as we venture through the complexities of online security.

Read more »
X
Adobe Amazon Artificial Intelligence Cyberattacks CyberCrime Microsoft Technology TikTok X

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.
Read more »
Technology
Amazon E-Commerce European Commission European Union iRobot iRobot Corp. Roomba Technology

European Union to Block Amazon’s Acquisition Over iRobot


Amazon.com Inc. has recently proposed a takeover of the Roomba manufacturers iRobot Corp. This proposal is expected to be blocked by the European Union’s antitrust regulators, as they share their concerns that this will have an adverse impact on other robot vacuum makers. 

At a meeting with European Commission officials on Thursday, the e-commerce behemoth was informed that the transaction would probably be denied, according to sources familiar with the situation. The political leadership of the EU must still formally approve a final decision, which is required by February 14.  Meanwhile, Amazon declined to comment on the issue. 

On Friday, iRobot’s shares, based in Bedford, Massachusetts, fell as much as 31% to $16.30, expanding the deal spread to over $35, the greatest since the merger was disclosed more than a year ago.

Regulators believe that other vacuum manufacturers may find it more difficult to compete as a result of iRobot's partnership with Amazon, particularly if Amazon decides to give Roomba advantages over competitors on its online store.

There will probably be opposition to the deal in the US as well. People with an insight into the situation claim that the Federal Trade Commission has been preparing a lawsuit to try and stop the transaction. According to persons speaking about an ongoing investigation, the three FTC commissioners have yet to vote on a challenge or hold a final meeting with Amazon to discuss the possible case.

The investigation over Amazon’s acquisition of iRobot was initiated in July 2023 by the European Commission (EC), the EU’s competition watchdog. 

The EC has until February 14 to make a decision. The commission's 27 most powerful political members must agree to reject the proposal before the EC can make a final decision. 

While iRobot was all set to expand its business in the market of smart home appliances, it witnessed a 40% dip in its shares a few hours after the first reporting of the EU’s intentions in the Wall Street Journal. 

Given that the company has been struggling with declining revenues, the acquisition by Amazon was initially viewed as a boon.

In regards to the situation, Matt Schruers, president of tech lobbying group Computer and Communications Industry Association comments that "If the objective is to have more competition in the home robotics sector, this makes no sense[…]Blocking this deal may well leave consumers with fewer options, and regulators cannot sweep that fact under the rug."  

Read more »
Telegram
Amazon Bitcoin Cybeattacks Cyber Threats CyberCrime Cybersecurity OLVX SEO Telegram

Rise of OLVX: A New Haven for Cybercriminals in the Shadows

 


OLVX has emerged as a new cybercrime marketplace, quickly gaining a loyal following of customers seeking through the marketplace tools used to conduct online fraud and cyberattacks on other websites. The launch of the OLVX marketplace follows along with a recent trend in cybercrime marketplaces being increasingly hosted on the clearnet instead of the dark web, which allows for wide distribution of users to access them and for them to be promoted through search engine optimization (SEO). 

Research conducted by Zerofox cybersecurity researchers discovered that there is a new underground market called OLVX (olvx[.]cc) that was advertising a wide variety of hacking tools for illicit purposes and was linked to a large number of hacking tools and websites. 

Researchers at ZeroFox, who detected OLVX at the end of July 2023, have noted a marked increase in activity on the new marketplace in the fall, noticing that both buyers and sellers are increasing their activity on the marketplace. 

There have been several illicit tools and services offered to threat actors by OLVX since its launch on July 1, 2023. As opposed to the other markets that OLVX operates in, it focuses on providing cyber criminals with tools that they can take advantage of during the 2023 holiday peak season in retail. 

ZeroFox found that OLVX marketplace activity spiked significantly in fall 2023 due to more items selling on the marketplace, and buyers rushing to the new store to purchase those items. OLVX is estimated to be the result of leaked OLUX code from 2020/2021, according to an investigation. 

Post-leak stores use improved versions of OLUX code, even though the old OLUX code is outdated. For better accessibility and better web hosting, OLVX hides the contents of its website on Cloudflare. For customer growth, OLVX does not make use of the dark web; instead, it relies on SEO and forums to grow customers.

For customer support, OLVX runs a Telegram channel to provide support. The company's reputation and earnings are boosted by strong relationships with its customers.  Unlike most other markets of this nature, OLVX does not rely on an escrow service to ensure funds are protected.

Instead, it offers a "deposit to direct payment" system which supports Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money as cryptocurrencies. By doing this, users are encouraged to spend more, because funds are always available, so browsing leads to more frequent purchases for the user. 

To maintain privacy and security, customers who are running low on funds are advised to use time-limited anonymous cryptocurrency addresses to "top-off" their accounts, in order to maintain funds. During the holiday season, OLVX and similar marketplaces thrive as cybercriminal hubs, supplying tools for targeting campaigns to cybercriminals during the colder months. 

On the site, OLVX offers hosting via Cloudflare and advertises DDoS protection through Simple Carrier LLC, which is a substandard hosting provider.  Consumers are increasingly putting their security at risk as they shop. 

OLVX is one of the leading tools that criminals use during the holiday season for illicit activities, making this the time of year when criminals run their heists. Due to the unique nature of the platform, an independent verification team can not verify that the above quality and validity claims are accurate, however, users believe that OLVX's rising popularity and established reputation lend credibility to the majority of the claims. 

Interestingly, Zerofox indicates that fraudulent activity on the platform starts to increase as users get closer to the holiday shopping season, which means that buyers should maintain heightened vigilance so as to avoid scams and identify fraud.
Read more »
Technology
Amazon CEO Dark Side Digital Reading E-Book Surveillance Tools Technology

The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools

 


There is an electronic trail behind every single reader when they read a newspaper online, buy an eBook, or watch a video on their computer. For companies and law enforcement agencies alike, this trail is likely to be a lucrative source of new revenue as well as an increasingly important source of surveillance. Americans are reading digital books at a rate of three out of ten. 

In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big Publishing and the priorities of Big Tech when it comes to accessing online textbooks or checking out the latest bestseller from the public library. In 2022, the e-reader market will be held by 72% of Kindles while the rest will be dominated by other manufacturers. 

The truth is that the real product of Big Tech companies like Amazon has nothing to do with books since the real product is their technology. Amazon CEO Jeff Bezos's secret weapon is the data that is collected from his customers. There's no doubt that Amazon's retail empire has been built on a complex network of infrastructures, and questionable working practices, but without an intricate understanding of what millions of people buy and browse every day, Amazon's success would be unimaginable.

Ever since Amazon expanded its business beyond selling books, it became obsessed with the data it was collecting on its users. As the company's chief technology officer told the BBC almost two decades ago, the company tries to gather as much information as possible from its customers so it may provide recommendations based on that information. 

As Amazon has grown, so has its data collection operations. Former Amazon executives told the BBC in 2020 that their company was not only a retailer, but also a data company. Rather than allowing Big Tech to monitor what people read and where they read them, major publishers are allowing Big Tech to monitor what they read. This includes books on sensitive topics, like if someone checks out a book about self-awareness. Worse still, they are snooping on the data that their reading habits reveal. 

They can still spy on people who read digital books over the internet as long as they meet the minimum requirements of federal law. An anti-monopoly coalition submitted a letter to Congress last week calling for a congressional hearing on reader surveillance. This is a deeply intersectional threat, according to a coalition representing civil rights, anti-surveillance, anti-book ban, racial justice, reproductive justice, and anti-monopoly interests. 

There is also a report that Amazon is facing problems with regulators because of its data collection practices. Amazon’s European headquarters are based in Luxembourg, which is where data protection regulators are planning to issue a $425 million GDPR fine due to its use of people’s data, according to the Wall Street Journal on June 10.

However, Amazon officials declined to comment on the possibility of a $425 million fine. It has also been reported that anti-competition regulators will take a look at how the company utilizes data as well. The data that Amazon can collect from devices such as Ring and Alexa is becoming a more and more important backbone of government for Amazon. 

Several Amazon customers have praised Amazon for its ability to safeguard their privacy and fought government demands for the data they hold. A federal grand jury in 2006 subpoenaed the company for the purchase records of 24,000 customers as part of the investigation into tax evasion; a staggeringly broad request in 2010 by the North Carolina Department of Revenue for the records of 50 million customers was a staggering result. 

As a result, Amazon defeated these demands and won both cases, even though the ruling concentrated on the threat to e-commerce rather than the threat to freedom of expression in each case. It is becoming increasingly apparent that there is a problem since there was a catastrophic launch of Google's social networking site Buzz in 2010 which shared users' contacts without their permission. 

The revelation last year that Facebook still tracked users' browsing information even after they logged out is a major indication of the increasing awareness of this problem. The Obama administration announced in February 2012 that it would be pushing for all browsers to implement a "do not track" button as part of the Consumer Privacy Bill of Rights, which will ensure that users' privacy rights are protected. 

Facebook was recently the target of a class-action lawsuit filed in May by plaintiffs alleging that it had collected data from its users on their online activities. A draft communications data bill that was introduced by the government last month has caused alarm in the UK. This bill will allow the home secretary to force a wider range of service providers to store data for up to one year, raising concerns about the bill. 

Although this data can be requested by the police without a warrant for "permitted purposes", including the detection of crime and the protection of the public, the police can obtain it with no warrant.
Read more »
Fraud Alert
Amazon CloudSEK Cyber Attacks CyberCrime Cybersecurity Diwali Shopping Flipkart Fraud Alert

Diwali Shopper Beware: Cyber Experts Uncover Fake Flipkart, Amazon Sites Exploiting Festive Fervor

 


CloudSEK's threat research team has discovered a rise in malicious activities targeted at festive shoppers during the Diwali celebrations, which is a reminder of how vulnerable shoppers are to malicious activity. Cyber experts have noticed that phishing scams and fraud schemes have increased as a result of the festival season and are targeting consumers with a variety of fraudulent schemes and scams designed to take advantage of the occasion. 

Amidst the festive season of Diwali, there's a dark side lurking about the internet that needs to be addressed. A hacker team at CloudSEK has revealed that the holiday season is leading to the emergence of numerous sneaky online scams. Diwali shoppers are being hit hard by these shady schemes, especially on popular platforms to get the best deals in time for the special day. 

A series of phishing campaigns have been discovered by CloudSEK’s cyber intelligence team which is targeting the recharge and e-commerce industries to disrupt their operation. As a result of these malicious actors, prominent brands' reputations are being tarnished, causing them to cease their operations during the festive season so that they can intensify their activities using tactics such as crypto redirects and betting schemes. 

CloudSEK has recently detected 828 suspicious domains linked to phishing activities, in which the culprits attempt to deceive individuals into divulging their personal information by falsely presenting themselves as an official Facebook page. It has been reported that the head of cloud surveillance platform CloudSEK, Rishika Desai, has shed light on the spike in fake shopping websites during the Diwali celebrations this year. 

There have been reports that these scams have gone beyond mere disruption of online shopping for a customer to full-blown financial fraud that involves hackers posing as customer service representatives and swindling unknowing consumers out of their money. 

In the case of Diwali, when cybercriminals exploit the festive mood, exploiting potential lapses in vigilance among celebrants, early detection of these tactics must be explored to avoid potential repercussions. During the holiday season, many new websites have emerged with the name 'Diwali' in them, pretending to be huge Indian e-commerce sites, posing as big Indian e-commerce players. They even used tricky tricks like typosquatting to make their fake sites appear genuine. 

They changed 'shop.com' into 'shoop. Xyz - the same look, same content, just out to fool you into thinking they had done it. Newly registered Diwali domains closely mimic the brands of leading Indian e-commerce vendors, exploiting the massive demand from e-commerce consumers. 

Phishing campaigns are exploiting this demand. In particular, typosquatting techniques can create a sense of legitimacy in a less technologically advanced audience by giving these domains a sense of legitimacy. There is an interesting aspect to the fraud discovered by CloudSEK that most of these fraudulent websites featured admin panels. 

Upon receiving the report, these pages were promptly removed and reported as brand abuse. However, an error message appeared on the backend of most of these sites. The researchers at CloudSEK, along with many of their colleagues, were able to identify instances of betting redirects, including domains with keywords like 'Diwali' and 'Pooja', hosted by Megalayer in Hong Kong. 

It was discovered that fraudsters exploited the increased internet traffic during to Diwali period to redirect users to various Chinese betting sites. Cybercriminals exploit the increase in internet traffic to build malicious sites that mimic actual gambling sites to target traffic. The redirection of cryptocurrency websites was also found on social media channels, where genuine users were misled into registering with unreliable cryptocurrency websites through the use of cryptocurrency redirects.

It is common for cybercriminals to lure users to questionable crypto platforms by offering them freebies, resulting in potential financial losses. "Hackers often employ cunning tactics such as giving users freebies or bribes to lure them into creating accounts," said Rishika Desai, urging users to exercise caution, stay vigilant, and report any suspicious activity to prevent becoming victims of such frauds. 

As the festive season approaches, users are strongly advised to exercise caution, remain vigilant, and report any suspicious activities to prevent falling victim to these frauds. Once hooked, victims are gradually encouraged to deposit funds, often leading to substantial financial losses." 

There has been an e-commerce website selling jewellery identified as promoting a Trojan application and encouraging customers to download it. The domain name included the word 'Diwali', which leads to the application containing Android Trojan malware. 

Here Are Some Tips to Stay Safe This Diwali


  1. It is recommended not to open emails or messages that seem suspicious. 
  2. Clicking on links or attachments from individuals you do not know is a bad idea. 
  3. When sharing links on social media from sources users are not familiar with, they should proceed with caution. 
  4. Gift cards should be purchased from a reputable source. 
  5. It is also important to be aware of job ads that promise high salaries for minimal work. 

These might be scams and should be avoided. Send a report to the moderator so that the post can be investigated. Several digital tricksters are working in full force during Diwali, so Diwali shoppers are advised to remain vigilant. 

To keep from being victimized by online scams, it is recommended to take a little extra precaution when purchasing gifts online. As part of ensuring that a safe and joyful Diwali celebration takes place for all, it is crucial to report any suspicious activity.
Read more »
Interpol
16shop Amazon ASEAN Cyberattacks CyberCrime Cybersecurity Data Breach Electronic Media Email Phishing Interpol

Notorious Global Phishing Platform Neutralized in Cross-Border Operation

 


There were arrests made of two alleged operators of the phishing-as-a-service platform "16shop" by INTERPOL in Indonesia and Japan after the agency carried out a successful investigation into the scheme, which was outsourced. 

A research project that investigated cyber threats in the ten-nation Association of Southeast Asian Nations (ASEAN) bloc revealed on Tuesday that 16shop, which the international police co-operation organization described as a vendor of "phishing kits" sold to cyber criminals, was able to detect its existence as part of the research project investigating cyber threats in the bloc. 

To defraud Internet users with email scams, the PaaS platform in use sells phishing kits to hackers to use to defraud them by sending an email with a pdf or a link that redirects the victim to a website that asks them for various personal information such as their credit card number. After these details have been stolen, they are used to steal money from victims by stealing their personal information. 

Known as phishing, this form of cyberattack is committed by impersonating a legitimate entity through a form of communication such as email, a phone call, or a text message, with the intent of obtaining sensitive information from the victim. Several cyber threats are prevalent around the world, including phishing. Up to 90 per cent of data breaches are thought to be attributable to successful phishing attacks, making it one of the most common ways to acquire credentials and steal data from victims. 

As reported by Interpol, 16shop sells phishing kits to hackers, whose aim is to covertly scam internet users with the help of these kits. In most cases, these scams involve sending emails that contain PDF files or links that redirect users to a website as the result of the sender's mistake. A site like this would then ask its victims for their credit card numbers or other sensitive information, such as Social Security numbers. 

A joint operation against 16Shop was carried out with the assistance of the cyber crime department of the INTERPOL General Secretariat, Indonesian authorities, Japanese authorities, and US authorities. Several private infosec firms participated in the conference, and these included the Japan Cyber Defense Institute, Singapore's Group-IB, Palo Alto Networks' Unit 42, and Trend Micro, as well as Cybertoolbelt, an investigation platform for cybercrime. 

Over 70,000 users in 43 countries have reportedly been compromised as a result of the hacking tools supplied by 16shop. In an interview with The Jakarta Post, brigadier general Adi Vivid Agustiadi Bachtiar, the director of the Indonesian National Police Cybercrime Investigation, stated that anyone can launch phishing attacks by simply clicking on their mouse. 

A cybercrime expert, Bernardo Pillot, said there has been an "unprecedented increase" in the sophistication and number of cyber threats as a result of cybercrime operations at Interpol. Moreover, of late there has been an increase in “customized” attacks as criminals are looking for the highest impact as well as the highest profit from their crimes. 

There is a strong indication that the platform is administrated from a country in Indonesia, according to law enforcement. They seized electronic items, as well as several luxury vehicles, during the arrest of a 21-year-old man. A couple of other platform facilitators were also arrested after the first arrest was made by law enforcement officers. 

A police investigation was launched by the National Police Agency of Japan and the Indonesian National Police shortly after the successful apprehension of the administrator which led to the identification of two facilitators and their arrest by both agencies. 

Group-IB, a Singaporean infosec outfit, had analyzed 16Shop, the e-commerce platform for phishing kits, and the outfit was able to assert that over 150,000 phishing domains had been created as a result of using the outfit's kits. Information security firm Earthlink believes that the kits in question have been traded on the underground cybercriminal market since as far back as November 2017, at prices ranging from $60 up to $150 for each kit. 

According to the group, phishing pages targeting the users of American Express were offered for $60, and fake Amazon pages mocking Amazon were offered for $150, which are both targeted at American Express users, respectively. With the help of the kits, putative victims were able to see content localized to their location based on eight languages. 

It was necessary to have global collaboration since many of the operations of the phishing-as-a-service vendor were hosted on servers owned and run by a US-based company to operate efficiently. To provide Indonesian investigators with the information they needed, the FBI helped to secure it.
Read more »
Work From Office
Amazon Business Network Data Less Tech Technology Work from Home Work From Office

Amazon Executive Lacks Data for Return-to-Office Mandate

 

Amazon employees are expressing discontent over the company's recent decision to revoke remote work flexibility, and the situation has been exacerbated by comments made by a senior executive.

During an internal staff meeting, Mike Hopkins, the SVP of Amazon Video and Studios, admitted that there was no data to support the company's mandate for employees to return to the office. This stands in contrast to Amazon's reputation for data-driven decision making, leading to frustration among many workers.

The new mandate, announced in February, requires most employees to work in the office at least three days a week, reversing a previous commitment not to enforce physical office attendance.

Hopkins mentioned reasons for eliminating flexible work options, claiming that CEO Andy Jassy and other executives believe that employees perform better when working together in person. 

He also referred to a leadership principle encouraging employees to "have backbone, and disagree and commit," implying that now is the time to commit rather than disagree.

Despite data suggesting that remote work can increase productivity and employee happiness, Amazon's executives seem unwilling to consider these findings in their decision-making process.

Other companies are also pushing for a return to in-office work in 2023, possibly due to short-term financial considerations or a desire for increased control over employees.

Amazon workers have expressed their concerns through an internal petition, but the company appears determined to stick to its data-less decision, disregarding the disagreement from its employees.
Read more »
US Department Of Justice
Amazon Crypto Exchange cryptocurrency Cryptocurrency Frauds Cyber Fraud DOJ Security Professionals US Department Of Justice

Former Amazon Security Engineer Charged of Defrauding a Crypto Exchange


A prominent cybersecurity pro for Amazon is apparently facing a problem. The U.S. Department of Justice has detained security engineer, Shakeeb Ahmed, with charges of defrauding and money laundering from an unnamed decentralized cryptocurrency exchange, both charged carrying a maximum 20-year-imprisonment.

According to Damian Williams, the U.S. attorney for the Southern District of New York, this was the second case their firm was announcing that is highlighting the case of “fraud in the cryptocurrency and digital asset ecosystem.”

As noted by the DOJ, Ahmed – a former security engineer for an “international technology company” – was able to "fraudulently obtain" from the aforementioned exchange almost $9 million worth of cryptocurrencies. He executed this by creating bogus dates for pricing, in order to produce the fees that he later withdrew for himself.

Williams further added, "We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges. But none of those actions covered the defendant's tracks or fooled law enforcement, and they certainly didn't stop my Office or our law enforcement partners from following the money."

Ahmed is also charged with allegedly attempting to steal more money from the exchange via "flash loan" attacks, another type of crypto vulnerability

While it was initially imprecise as to what company the accused had worked for, cybersecurity blogger Jackie Singh on Tuesday mentioned that Ahmed was a former Amazon employee. Jackie further mentioned several other online profiles the accused appeared to have links with.

According to a LinkedIn profile that matches Ahmed's job description, he works at Amazon as a "Senior Security Engineer" and has worked there since November 2020. The user's profile continues to claim Amazon as his employer. However, it is still unclear if this profile is in fact representing Ahmed.

Following this, Amazon was contacted to confirm the aforementioned details, to which the company confirmed that he had worked for Amazon. However he is no longer employed with the company, they added. The tech giant said that it could not provide any further information regarding his role in the company.

Moreover, a report by Inner City Press – a New York outlet – confirms that Ahmed appeared at the court following his detainment on Tuesday. The report mentions him wearing flip-flops, shorts, and a T-shirt saying “I code,” to the court hearing. Later, he was released on bond after pleading not guilty and will be permitted to continue living in his Manhattan apartment, according to the site.

Read more »
User Privacy
AI Chatbot Amazon Apple Artificial Intelligence Chat GPT Cyber Security User Privacy

Major Companies Restrict Employee Use of ChatGPT: Amazon, Apple, and More

Several major companies, including Amazon and Apple, have recently implemented restrictions on the use of ChatGPT, an advanced language model developed by OpenAI. These restrictions aim to address potential concerns surrounding data privacy, security, and the potential misuse of the technology. This article explores the reasons behind these restrictions and the implications for employees and organizations.

  • Growing Concerns: The increasing sophistication of AI-powered language models like ChatGPT has raised concerns regarding their potential misuse or unintended consequences. Companies are taking proactive measures to safeguard sensitive information and mitigate risks associated with unrestricted usage.
  • Data Privacy and Security: Data privacy and security are critical considerations for organizations, particularly when dealing with customer information, intellectual property, and other confidential data. Restricting access to ChatGPT helps companies maintain control over their data and minimize the risk of data breaches or unauthorized access.
  • Compliance with Regulations: In regulated industries such as finance, healthcare, and legal services, companies must adhere to strict compliance standards. These regulations often require organizations to implement stringent data protection measures and maintain strict control over information access. Restricting the use of ChatGPT ensures compliance with these regulations.
  • Mitigating Legal Risks: Language models like ChatGPT generate content based on large datasets, including public sources and user interactions. In certain contexts, such as legal advice or financial recommendations, there is a risk of generating inaccurate or misleading information. Restricting employee access to ChatGPT helps companies mitigate potential legal risks stemming from the misuse or reliance on AI-generated content.
  • Employee Productivity and Focus: While AI language models can be powerful tools, excessive usage or dependence on them may impact employee productivity and critical thinking skills. By limiting access to ChatGPT, companies encourage employees to develop their expertise, rely on human judgment, and engage in collaborative problem-solving.
  • Ethical Considerations: Companies are increasingly recognizing the need to align their AI usage with ethical guidelines. OpenAI itself has expressed concerns about the potential for AI models to amplify biases or generate harmful content. By restricting access to ChatGPT, companies demonstrate their commitment to ethical practices and responsible AI usage
  • Alternative Solutions: While restricting ChatGPT, companies are actively exploring other AI-powered solutions that strike a balance between technological advancement and risk mitigation. This includes implementing robust data protection measures, investing in AI governance frameworks, and promoting responsible AI use within their organizations.

The decision by major companies, including Amazon and Apple, to restrict employee access to ChatGPT reflects the growing awareness and concerns surrounding data privacy, security, and ethical AI usage. These restrictions highlight the importance of striking a balance between leveraging advanced AI technologies and mitigating associated risks. As AI continues to evolve, companies must adapt their policies and practices to ensure responsible and secure utilization of these powerful tools.

Read more »
User Privacy
Amazon Camera Data Breach Phishing Attack Surveillance Tool User Privacy

Hacker Gang Holds Amazon's Ring to Ransom

 

Amazon's Ring, a popular brand of home security cameras, is facing a major cybersecurity threat. The company has been targeted by a ransomware gang, which has threatened to release sensitive data about Ring's customers if the company does not pay up.

According to reports, the ransomware gang, known as 'Grief,' gained access to Ring's systems through a vulnerability in the company's app. The gang then demanded a ransom of $50 million, threatening to release data on Ring's customers if the company did not comply.

The ring has stated that it will not pay the ransom, and has instead launched an investigation into the attack. The company has also said that it is working with law enforcement to identify and prosecute the perpetrators.

The attack on Ring is just the latest in a series of high-profile cyber attacks that have targeted companies and organizations around the world. These attacks are becoming increasingly sophisticated, and are often carried out by organized criminal groups.

One of the reasons that cyber attacks are becoming more common is that companies are not doing enough to protect themselves. Many companies still use outdated software and security systems, which are vulnerable to attack. In addition, many companies are not investing enough in cybersecurity, either because they do not see it as a priority or because they do not have the resources to do so.

In the case of Ring, the company has come under fire for its lack of transparency and its use of third-party trackers in its app. The Electronic Frontier Foundation (EFF) has raised concerns about the app's use of third-party trackers, which can collect data on users without their knowledge or consent.

Overall, the cyber attack on Ring is a reminder of the importance of cybersecurity in the increasingly digital world. Companies must take steps to protect themselves from attacks, and consumers must be aware of the risks that come with using connected devices. With cyber-attacks becoming more frequent and sophisticated, it is essential that we all take cybersecurity seriously.



Read more »
Ring LLC
ALPHV ALPHV ransomware gang Amazon Data Breach Data Stolen Home Security ransomware attacks Ring Ring LLC

Ring Data Breach: What you Need to Know About the Home Security Company Attack


With innovative doorbells and security cameras making a huge breakthrough for home security across the world, Ring now stores a great amount of data. Although the company has recently been facing ransomware gang threats to expose the data online. 

About Ring LLC 

Ring LLC is a home security and smart home company owned by Tech-giant Amazon. The firm creates home security systems with exterior cameras, such as the Ring Video Doorbell smart doorbell, and runs the Neighbors app, which allows users to share video footage with each other online in a communal setting. 

Ring Data Breach 

According to a report by Motherboard, the ALPHV ransomware gang has claimed to have acquired access to Amazon-owned Ring’s systems and its data. Despite the fact that there is no proof of a system breach, Ring did indicate as much in a statement to the news organization. But, it is well known to them that a ransomware assault has affected one of its third-party providers. 

In a response to Ring, ALPHV shares a post on Twitter saying “There’s always an option to let us leak your data”. The ransomware group has not yet made any of the data it is said to have stolen from the business available. But, there is still cause for alarm when Motherboard discovered a Ring listing on ALPHV's data dump website. 

Ransomware groups like ALPHV have evolved into using data dump sites to entice victims into paying ransoms in order to regain access to their data. In an effort to persuade businesses to cooperate with the hackers holding their data hostage, a tiny percentage of the stolen data from those businesses is frequently posted publicly. 

ALPHV Ransomware Gang 

The ALPHV ransomware gang has attacked companies in the US, Europe, and Asia. The group has also been referred to as BlackCat, named after the malware it deploys. In the past, ALPHV has taken credit for hacking hospitality firms like the Westmont Hospitality Group, which manages IHG and Hilton hotels around the world, as well as leaking medical data from the Lehigh Valley Health Network. 

ALPHV's data dump site, where it posts stolen data in collections referred to as "Collections," is another feature that sets it distinct from other ransomware organizations. Other ransomware organizations may have comparable websites, but ALPHV's is renowned for being indexed and simpler to search. 

Should you be Worried About Your Ring Data? 

Currently, Amazon is looking into a third-party vendor's data breach that ALPHV has claimed responsibility for. We are unlikely to hear anything more until this investigation is over. Ring's products are widely utilized in homes all over the world since they are among the best video doorbells and home security cameras today. 

However, the firm employs end-to-end encryption (E2EE) in the majority of nations to prevent governments and other parties from accessing the data from your cameras and snooping on them. If the ALPHV ransomware gang did end up infiltrating Ring’s third-party vendors, it is possible that the group has also managed to steal corporate or customer data in the attack. 

If you are concerned about your Ring data or even the fact that the firm is charging for features that were previously free, it is a good time to consider some alternatives instead. In any case, we will probably soon learn whether or not the ALPHV ransomware gang managed to steal client data.  

Read more »
European Court of Justice
Amazon Christian Louboutin Cyber Fraud EU European Court of Justice

Amazon Could be Responsible for Fake Louboutin Shoe Advertisements


Online retailer Amazon may be deemed accountable for breaching luxury footwear brand Christian Louboutin’s EU trademark rights. 

According to the European Court of Justice's preliminary ruling in the case, third-party dealers were found to be advertising counterfeit red-soled stilettos on Amazon, without Louboutin's permission. 

The case came to light when the French designer filed lawsuits against Amazon in Belgium and Luxembourg, claiming that he did not authorize these products to be put on the market. 

Louboutin’s signature red-soled stilettos are apparently registered as a trademark within the EU and Benelux trademark. 

The top court of the EU stated that customers could be misled into believing that Amazon is selling shoes on behalf of Louboutin when, for example, Amazon places its logo on the ads of third-party sellers and stores and ships the products. 

“These circumstances may indeed make a clear distinction difficult, and give the impression to the normally informed and reasonably attentive user that it is Amazon that markets — in its own name and on its own behalf,” the court stated. The luxury brand says that the court’s decision is “a victory for the protection of its know-how and creativity.” 

“It initiated these proceedings to obtain recognition of Amazon’s responsibility for the offering for sale of counterfeit products on its platforms by third parties. It also brought this case to encourage Amazon to play a more direct role in the fight against counterfeiting on its platforms,” Maison Louboutin said in a statement. 

The EU court came to the conclusion that it is now up to the local governments in Belgium and Luxembourg to decide whether consumers of the online marketplace have believed that Amazon itself was running the advertising rather than third-party vendors.  

Read more »
Server
Amazon Cyber Security Data Misconfiguration Server

Amazon, Microsoft Cloud Leaks Highlight Lingering Misconfiguration Issues

 

A slew of household names has recently been accused of misconfigured cloud storage buckets overflowing with unencrypted data, shedding light on a cybersecurity problem that appears to have no solution. Anurag Sen, a security researcher, revealed just last week that an Amazon server had exposed data on Amazon Prime members' viewing habits. 

During the same time period, Thomson Reuters admitted that three misconfigured servers had exposed 3TB of data via public-facing ElasticSearch databases, according to Cybernews, which first reported the issues. And Microsoft admitted in mid-October that it had left an open misconfigured cloud endpoint that could have exposed customer data such as names, email addresses, email content, and phone numbers.

"The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability," Microsoft said in its statement on the misconfigured server. "We are working to improve our processes to further prevent this type of misconfiguration and performing additional due diligence to investigate and ensure the security of all Microsoft endpoints."

Indeed, rather than bugs, the leaks are driven by a range of misconfigurations, ranging from insecure read-and-write permissions to improper access lists and misconfigured policies, all of which could enable threat actors to access, copy, and potentially alter sensitive data from accessible data stores.

"The main concern with this kind of leak is the high impact, and that is why the threat actors go after misconfigured storage [servers] and buckets," says Ensar Åžeker, CISO at SOCRadar, the cybersecurity firm that discovered the Microsoft issue. "Once they discover [the accessible data], the bucket might ... contain huge amounts of sensitive data for one tenant [or] numerous tenants."

According to Venafi, 81% of organizations have experienced a security incident related to their cloud services in the last 12 months, with nearly half (45%) experiencing at least four incidents. According to Sitaram Iyer, senior director of cloud-native solutions at Venafi, the increase in incidents is due to the increasing complexity of cloud-based and hybrid infrastructure, as well as a lack of visibility into that infrastructure.

"Yes, misconfigured cloud storage is one of the primary reasons for data leaks — I do believe that this is a trend," he says. "The increase in this trend is most often due to misconfiguration related to access controls: While only authorized users need to be allowed access to cloud storage, a simple mistake in configuration often enables [any] authenticated users to gain access."

Companies should monitor their cloud assets on a regular basis to detect when a datastore or storage bucket has been exposed to the public internet. Furthermore, using infrastructure-as-code (IaC) configuration files when deploying cloud storage not only automates deployments but also helps eliminate errors, according to data from Snyk, a maker of security services for the software supply chain.

According to the company, implementing IaC reduces cloud misconfigurations by 70%. The division of responsibilities between cloud providers and business customers remains an issue. While the customer is responsible for configuring cloud assets, Venafi's Iyer believes that the cloud service should make configuring cloud assets as simple as possible.

"Principle of least privilege must be adopted for every aspect of the data," he says. "Access to data must be provided as needed, with proper controls and authorization policies that tie it to a specific user or service account, and proper logging of access and notifications must be implemented."

An Amazon spokesperson told Dark Reading in a statement about the Prime Video case: "A Prime Video analytics server experienced a deployment error. This issue has been resolved, and no account information (including login or payment information) was compromised."

However, misconfiguration is not always the original sin; instead, a worker or developer will deploy a "shadow" server, a container or a storage bucket unknown to the IT department and thus unmanaged by the company.

Misconfigured storage has a long history of compromising security. The issue is frequently ranked among the top ten security issues in the popular Open Web Applications Security Project (OWASP) Top 10 security list. Security Misconfiguration rose to fifth place in 2021, from sixth place in 2017. Verizon Business' annual "Data Breach Investigations Report" also highlights the outsized impact of misconfigured cloud storage: In 2021, human errors accounted for 13% of all breaches.
Read more »
User Privacy
Amazon AWS FTC GitHub Privacy Privacy Issues User Privacy

Drizly Sued by FTC Over Data Breach Which Affected 2.5 Million Customers

According to claims that Drizly's security lapses resulted in a data breach that exposed the personal information of roughly 2.5 million customers, the Federal Trade Commission is taking legal action against the company and its CEO James Cory Rellas.

The FTC claims that the Uber-owned booze delivery business and its CEO, James Cory Rellas, were made aware of security concerns as early as 2018. The digital alcohol retailer Drizly and its CEO James Cory Rellas are being investigated by the Federal Trade Commission over claims that the company's security flaws caused a data breach that exposed the private data of around 2.5 million customers.

Drizly, an Uber subsidiary, runs an online marketplace where local shops can sell alcohol to customers who are of legal drinking age. The complaint alleges that Drizly gathered and stored users' email addresses, passwords, geolocation data, and postal addresses on Amazon Web Services (AWS) cloud computing service while negotiating deals.

According to the FTC, Drizly's lax security procedures, such as not forcing employees to utilize two-factor authentication for GitHub, where it stored login information, allowed those occurrences to occur. The FTC further notes that Drizly has no senior executive in charge of its security practice and did not restrict employees' access to consumers' personal information.

According to Samuel Levine, Director of the FTC's Bureau of Consumer Protection, "our proposed order against Drizly not only limits what the firm can retain and collect going ahead but also ensures the CEO suffers penalties for the company's negligence."

In its lawsuits and rulings, the FTC has been naming firm officials more frequently. As CEO of Drizly, Rellas was accused by the FTC of failing to appoint a senior executive to manage the security procedures. Companies may wish to make sure they hire a senior official in charge of security to help reduce the potential of individual liability for CEOs.

These draft orders will be published by the FTC soon, and the public will have 30 days to comment on them until the commission chooses whether to make them public.



Read more »
Visa
Amazon Cloud Security Attack Cyber Security Indian Bank RBI SBI Tokens UPI User Privacy Visa

RBI Employs Tokenization to Combat Breaches

 

The RBI, the central bank of India, is now prepared to impose card tokenization in India after permitting customers to link credit cards with UPI. In the midst of all of this, many users are perplexed as to what card tokenization actually is and why applications and websites advise users to safeguard their credit and debit cards following the RBI's new rules.
 
What is tokenization? 

Tokenization is the process of replacing actual card information with a special alternate code called a 'token,' which must be different for each card, token requester, and device, i.e. the organization that accepts customer requests for card tokenization and forwards them to the card network to produce a corresponding token.

Researchers are still quite aware of the data exposures from MobiKwik and Domino's India. As users can see, the data becomes vulnerable to data breaches and leaks if you store your private card information on the cloud servers of numerous such online apps and websites.

Although some websites might have the highest levels of security in place to protect user credit card information, others may not be adhering to international security requirements. Having credit card information being dispersed over several servers with varying levels of security gives hackers more access points. The RBI now wants to alter the current state of digital payments and standardize 'tokenization' to increase the security of all online card transactions.

In September 2021, the RBI ordered that card-on-file (CoF) tokenization be used instead of retailers holding client card information on their systems beginning January 1, 2022. In addition, businesses such as apps, websites, payment processors like RazorPay, or banks will no longer be responsible for safeguarding your card information. Tokenization is a technique the RBI developed to protect domestic card transactions by employing random strings of tokens rather than disclosing the user's personal card information.

Since the regulation on tokenization was published, according to Deputy Governor Sankar, the central bank has been in close contact with all stakeholders to guarantee a smooth transition to the tokenization policy.

How does tokenization work? 

The process of tokenizing cards is straightforward. When a card is chosen to be tokenized, the card network such as Visa, MasterCard, etc. issues the token with the bank's approval and gives it to the retailer. For example, when you save an SBI Visa debit card on Paytm by RBI's requirements, Visa will create the token with SBI's permission and share it with Paytm.

If you decide to save the identical credit or debit card on some other app, let's say Amazon, a new token will be issued and shared with Amazon. The token will vary based on the merchant and device, even if it's the same card. From a security standpoint, it implies the tokens are unique and discrete, which is beneficial.

Potential effects of tokenization

The RBI was forced to develop card tokenization as a result of the constant data leaks, thefts, and breaches that occur in the digital age. Not to add that the various security standards used by apps, websites, payment processors, and other middlemen compromise users' online security.

Tokenization has very little of an effect on the customer. Customers simply need to submit their card information once to receive a token. The process of tokenization will then be initiated by the merchant at no further cost or customer effort.

According to experts, there are no drawbacks to card tokenization from the perspective of the end-user. The RBI standards must be implemented by merchants and payment systems, but aside from that, consumers benefit.

Read more »
Vulnerabilities and Exploits
Amazon Android Apps Bugs Flaws Report Vulnerabilities and Exploits

Amazon Patches Ring Android App Flaw Exposing Camera Recordings

 

Amazon has patched a critical vulnerability in the Amazon Ring app for Android that could have enabled hackers to download saved camera recordings from customers. The flaw was discovered and disclosed to Amazon on May 1st, 2022 by security researchers at application security testing company Checkmarx, and it was fixed on May 27th. 

Because the Ring Android app has over 10 million downloads and is used by people all over the world, access to a customer's saved camera recordings could have enabled a wide range of malicious behaviour, from extortion to data theft. 

Checkmarx discovered an 'activity' that could be launched by any other app installed on the Android device while analysing the Ring Android app. An 'activity' on Android is a programme 0component that displays a screen that users can interact with to perform a specific action. When developing an Android app, you can expose that activity to other installed apps by including it in the app's manifest file.

Checkmarx discovered that the 'com.ringapp/com.ring.nh.deeplink.DeepLinkActivity' activity was exposed in the app's manifest, enabling any other install app to launch it.

"This activity would accept, load, and execute web content from any server, as long as the Intent's destination URI contained the string “/better-neighborhoods/”," explained a report by Checkmarx shared with BleepingComputer before publishing.

This meant they could start the activity and send it to an attacker-controlled web server to interact with it. However, only pages hosted on the ring.com or a2z.com domains were able to interact with the activity.

The Checkmarx researchers got around this restriction by discovering an XSS vulnerability on the https://cyberchef.schlarpc.people.a2z.com/ URL, which allowed them to compromise the system.

"With this cookie, it was then possible to use Ring’s APIs to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings." - Checkmarx.

With a working attack chain in place, the researchers could have exploited the vulnerability by developing and publishing a malicious app on Google Play or another site. Once a user was duped into installing the app, it would launch the attack and send the Ring customer's authentication cookies to the attackers.

Analyzing videos with machine learning

However, as a threat actor, what would you do with the massive amount of videos that you could gain access to by exploiting this vulnerability?

Checkmarx discovered that they could sift through the videos using the Amazon Rekognition service, an image and video analysis service. The service could use machine learning to find videos of celebrities, documents containing specific words, or even a password scribbled carelessly on a post-it note stuck to a monitor.

This information could then be relayed back to the threat actor, who could use it for extortion, network intrusion, or simply to be a voyeuristic observer. The good news is that Amazon quickly responded to Checkmarx's bug report and released a fix.

"It was a pleasure to collaborate so effectively with the Amazon team, who took ownership and were professional through the disclosure and remediation process," concluded the Checkmarx report.

"We take the security of our devices and services seriously and appreciate the work of independent researchers. We issued a fix for supported Android customers back in May, soon after the researchers' submission was processed. Based on our review, no customer information was exposed," Ring told BleepingComputer.
Read more »
RSA
Amazon API Bug Cyber Security FBI Mespinoza group PHP PRODAFT PYSA ransomware attacks RSA

PYSA Ransomware Group: Experts Share In-Depth Details

 

Since August 2020, the cybercrime group adopted a five-stage system design, with the malware developers prioritizing enhancements to boost the efficiency of its activities, according to an 18-month examination of the PYSA ransomware operation. The GSOC explores the PYSA ransomware inside this Threat Analysis Report. Once the Federal Bureau of Investigation (FBI) informed of the ransomware's increased activity and significant harmful impact early this year, it became known as the PYSA ransomware. 

This includes a user-friendly tool, such as a full-text search engine, to make metadata extraction easier and allow threat actors to easily locate and access victim information. "The group is notorious for thoroughly researching high-value targets before unleashing its operations, compromising business systems, and forcing researchers to pay significant ransoms to retrieve sensitive data," stated PRODAFT, a Swiss cybersecurity firm, in a comprehensive report released last week. 

PYSA, which stands for "Protect Your System, Amigo" and is a descendant of the Mespinoza ransomware, was initially discovered in December 2019 and has since risen to become the third most common ransomware strain reported in the fourth quarter of 2021. The cybercriminal cell is thought to have exfiltrated confidential info linked to as many as 747 individuals since September 2020, until its databases were taken down earlier this January. 

The majority of its victims are in the United States and Europe, and the gang primarily targets the federal, medical, and educational sectors. "The United States was the most-affected country, contributing for 59.2 percent of all PYSA occurrences documented," Intel 471 stated in a review of ransomware assaults observed from October to December 2021. PYSA, like all other malware attacks, is renowned for using the "big game hunting" method of double ransom, which involves making the stolen data public if the victim refuses to comply with the firm's demands. 

Every relevant key is encrypted and assigned the ".pysa" extension, which can only be decoded with the RSA private key given after paying the fee. PYSA victims are claimed to have paid about 58 percent in digital payments to get access to protected data. PRODAFT was able to find a publicly accessible. git folder owned by PYSA operators and designated one of the project's writers as "dodo@mail.pcc," a danger actor based on the commit history thought to be situated in a country that observes daylight savings time.

As per the study, at least 11 accounts are in control of the whole operation, the mass of which was formed on January 8, 2021. However, four of these accounts — t1, t3, t4, and t5 — account for approximately 90% of activity on the management panel of the company. Other operational security failures committed by the group's members allowed a concealed system running on the TOR secrecy network — a server provider (Snel.com B.V.) based in the Netherlands — to be identified, providing insight into the actor's techniques. PYSA's infrastructure also includes dockerized containers for global leak servers, database servers, administrative servers, and an Amazon S3 cloud for storing the files, which total 31.47TB.

The panel is written in PHP 7.3.12 by using the Laravel framework and uses the Git version monitoring system to oversee the development process. Furthermore, the admin panel exposes several API endpoints that allow the system to display files, auto-generate GIFs, and scan data, which is used to group stolen victim data into broad categories for simple retrieval. Several or more potential threat groups spent nearly five months within the system of an undisclosed regional US government agency before delivering the LockBit ransomware malware at the start of the year, as per research from cybersecurity firm Sophos.
Read more »
Routers
360 Netlab Amazon C2C CPU vulnerabilities CVE vulnerability Cyberattacks DDOS Attacks DVR IP Address Mirai botnet Routers

The Fodcha DDoS Botnet Hits Over 100 Victims

 

Qihoo 360 researchers have found a rapidly spreading new botnet called Fodcha which is capable of performing over 100 attacks every day. Employing this new malware, the threat actor is attacking routers, DVRs, and servers. The actors were able to infect nearly 62,000 machines with the Fodcha virus in less than a month, as per the researchers. 

360 Netlab reports that the number of unique IP addresses affiliated with the botnet fluctuates, as they are monitoring a 10,000-strong Fodcha army of bots utilizing Chinese IP addresses every day, with the majority of them using China Unicom (59.9%) and China Telecom (59.9%) services (39.4 percent ). 

Researchers alleged that "Based on firsthand data from the security industry with whom we collaborated, the frequency of live bots is more than 56000." "The global infection appears to be quite large, as there are over 10,000 daily active bots (IPs) in China, as well as over 100 DDoS victims are targeted daily." 

The Fodcha infects devices by exploiting n-day vulnerabilities in many devices and employing the Crazyfia brute-force cracking tool. The botnet targets a variety of devices and services, including but not limited to: 

RCE for Android ADB Debug Server 
CVE-2021-22205 on GitLab 
CVE-2021-35394 in the Realtek Jungle SDK 
JAWS Webserver unverified shell command execution on MVPower DVR 
LILIN DVR RCE: LILIN DVR
TOTOLINK Routers: Backdoor TOTOLINK Routers
ZHONE Router: Web RCE ZHONE Router 

After successfully acquiring access to susceptible Internet-exposed devices samples, Fodcha attackers use Crazyfia result data to deploy malware payload. The botnet samples, according to 360 Netlab, target MIPS, MPSL, ARM, x86, and other CPU platforms. 

The botnet used the folded[.]in command-and-control (C2) domain from January 2022 until March 19, when it switched to fridgexperts[.]cc when the cloud vendor took down the essential C2 domain. 

"The switch from v1 to v2 is due to a cloud vendor shutting down the C2 servers corresponding to the v1 version, leaving Fodcha's operators with no alternative but to re-launch v2 and upgrade C2," the researchers reported. "The new C2 is mapped to over a dozen IP addresses and is scattered across different countries, including the United States, Korea, Japan, and India." It also includes more cloud providers, including Amazon, DediPath, DigitalOcean, Linode, and others. 


Read more »
Subscribe to: Posts (Atom)