Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Amazon. Show all posts
Privacy Lawsuit
Alexa Amazon Customer Data Data collection Data Privacy Data Privacy Laws Data Safety User Data Personal Data Privacy privacy laws Privacy Lawsuit

Federal Judge Allows Amazon Alexa Users’ Privacy Lawsuit to Proceed Nationwide

 

A federal judge in Seattle has ruled that Amazon must face a nationwide lawsuit involving tens of millions of Alexa users. The case alleges that the company improperly recorded and stored private conversations without user consent. U.S. District Judge Robert Lasnik determined that Alexa owners met the legal requirements to pursue collective legal action for damages and an injunction to halt the alleged practices. 

The lawsuit claims Amazon violated Washington state law by failing to disclose that it retained and potentially used voice recordings for commercial purposes. Plaintiffs argue that Alexa was intentionally designed to secretly capture billions of private conversations, not just the voice commands directed at the device. According to their claim, these recordings may have been stored and repurposed without permission, raising serious privacy concerns. Amazon strongly disputes the allegations. 

The company insists that Alexa includes multiple safeguards to prevent accidental activation and denies evidence exists showing it recorded conversations belonging to any of the plaintiffs. Despite Amazon’s defense, Judge Lasnik stated that millions of users may have been impacted in a similar manner, allowing the case to move forward. Plaintiffs are also seeking an order requiring Amazon to delete any recordings and related data it may still hold. The broader issue at stake in this case centers on privacy rights within the home.

If proven, the claims suggest that sensitive conversations could have been intercepted and stored without explicit approval from users. Privacy experts caution that voice data, if mishandled or exposed, can lead to identity risks, unauthorized information sharing, and long-term security threats. Critics further argue that the lawsuit highlights the growing power imbalance between consumers and large technology companies. Amazon has previously faced scrutiny over its corporate practices, including its environmental footprint. 

A 2023 report revealed that the company’s expanding data centers in Virginia would consume more energy than the entire city of Seattle, fueling additional criticism about the company’s long-term sustainability and accountability. The case against Amazon underscores the increasing tension between technological convenience and personal privacy. 

As voice-activated assistants become commonplace in homes, courts will likely play a decisive role in determining the boundaries of data collection and consumer protection. The outcome of this lawsuit could set a precedent for how tech companies handle user data and whether customers can trust that private conversations remain private.
Read more »
Users
Amazon Cyber Security Fake Emails Federal Trade Commission FTC phishing Users

Amazon Accounts Targeted by New Phishing Scam — Here’s How to Stay Safe



A wave of phishing scams is currently targeting Amazon users, putting millions of accounts at risk. Criminals are sending fake emails and text messages that appear to come from Amazon, tricking users into clicking on links that lead to fraudulent login pages. If you enter your details on these fake pages, your account can be hijacked.

Amazon has confirmed that some of these phishing messages claim your Prime subscription is being renewed at a suspicious price. The messages often include personal information to make them look more believable. In some cases, users are sent text messages about fake refunds or order issues, further increasing the chances of someone falling for the scam.

Cybersecurity firm Guardio recently reported a dramatic rise in such attacks, noting a 5000% increase in fake Amazon texts over just two weeks. These messages aim to trick users into entering their Amazon credentials, which the attackers can then use to take over accounts.

While Amazon has removed tens of thousands of fake websites and phone numbers used in these scams, the attacks continue to spread. The U.S. Federal Trade Commission (FTC) has also issued warnings, reminding consumers that Amazon will never ask for sensitive information over email or text.

To help protect users, Amazon is urging everyone to update their security settings. Here’s what you should do right away:

1. Turn on Two-Step Verification (2SV)

This adds an extra layer of protection to your account. Once enabled, you’ll need both your password and a one-time code to sign in.

• Avoid using SMS for 2SV — it’s less secure.

• Instead, use an authentication app like Google Authenticator or Apple’s Passwords.

If you’ve already set up 2SV through SMS, switch to an app by turning off the current method, clearing your 2SV settings, and enabling it again using your preferred app.


2. Use a Passkey for Sign-In

Passkeys are a newer, more secure login method that links your Amazon account to your device’s fingerprint or face unlock feature. Unlike passwords, passkeys cannot be phished.

• Even if someone tricks you with a fake login page, they won’t be able to access your account without your physical device.

These two simple steps can greatly reduce your risk of being hacked. With phishing scams on the rise, now is the time to update your settings before it’s too late.

Read more »
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
Postal Service
Amazon Brushing Scam customer privacy Cyber Fraud cyber threat Data Fraud data security Data Theft Postal Service

Brushing Scam Targets Amazon Customers with Unsolicited Packages and Hidden Cyber Threats

 

Ray Simmons was confused when he received an unexpected Amazon package containing beet chews. Initially, he thought it might be a joke from someone encouraging him to eat healthier. However, it turned out to be part of a broader scam known as “brushing,” where consumers receive unsolicited deliveries from online sellers attempting to manipulate product ratings and reviews. 

Brushing scams involve third-party sellers who send low-value goods to individuals whose names and addresses are often scraped from publicly available online sources. After the product is delivered, scammers use the recipient’s identity or create a fake account that resembles the recipient to leave positive reviews. These fake reviews can artificially boost a product’s credibility, helping it rank higher in search results and increasing sales. 

While receiving a free item might seem harmless, the scam carries hidden dangers. The U.S. Postal Inspection Service (USPIS) warns that these incidents indicate misuse of personal information. Even more concerning is the potential for packages to include QR codes, which might direct recipients to malicious websites. Scanning such codes can result in the installation of malware or the theft of personal data. 

The scam is a reminder that personal data is often accessible and can be exploited without a consumer’s knowledge. USPIS stresses the importance of not interacting with suspicious elements included in unsolicited packages. Inspector David Gealey noted that even though these items may appear insignificant, they are a signal that someone has unauthorized access to your personal information. 

Fortunately, the package Simmons received did not include a QR code. Nonetheless, he took immediate action by checking his Amazon and banking accounts for any signs of unauthorized access. This kind of vigilance is exactly what USPIS recommends for anyone in a similar situation. 

Authorities advise that recipients of such packages should not scan any QR codes or click on any related links. They also emphasize that there is no obligation to return unsolicited items. Instead, consumers should monitor their financial and e-commerce accounts for any suspicious activity and report the incident to local law enforcement, USPIS, or the Federal Trade Commission.  

Though brushing scams may appear to be minor nuisances, they reflect deeper issues related to data privacy and cyber fraud. Staying informed and cautious can help consumers protect themselves from further harm and support efforts to hold malicious actors accountable.
Read more »
Workplace
Amazon Employee Personal Information Privacy Workplace

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

An app designed to track employee productivity by logging keystrokes and taking screenshots has suffered a significant privacy breach as more than 21 million images of employee activity were left in an unsecured Amazon S3 bucket.

An app for tracking employee productivity by logging keystrokes and capturing screenshots was hit by a major privacy breach resulting in more than 21 million images of employee activity left in an unsafe Amazon S3 bucket. 

Experts at Cybernews discovered the breach at WorkComposer, a workplace surveillance software that monitors employee activity by tracking their digital presence. Although the company did secure access after being informed by Cybernews, the data was already leaked in real time to anyone with an internet connection, exposing the sensitive work information online of thousands of employees and companies. 

WorkComposer is an application used by more than 200,000 users in various organizations. It is aimed to help those organizations surveil employee productivity by logging keystrokes, monitoring how much time employees spend on each app, and capturing desktop screenshots every few minutes. 

With millions of these screenshots leaked to the open web raises threats of vast sensitive data exposed: email captures, confidential business documents, internal chats, usernames and passwords, and API keys. These things could be misused to target companies and launch identity theft scams, hack employee accounts, and commit more breaches. 

Also, the businesses that have been using WorkCompose could now be accountable to E.U GDPR (General Data Protection Regulation) or U.S CCPA  (California Consumer Privacy Act) violations besides other legal actions. 

As employees have no agency over what tracking tools may record in their workday, information such as private chats, medical info, or confidential projects; the surveillance raises ethical concerns around tracking tools and a severe privacy violation if these screenshots are exposed. 

Since workers have no control over what tracking tools may capture in their workday, be it private chats, confidential projects, or even medical info, there’s already an iffy ethical territory around tracking tools and a serious privacy violation if the screenshots are leaked.

The WorkComposer incident is not the first. Cybernews have reported previous leaks from WebWork, another workplace tracking tool that experienced a breach of 13 million screenshots. 

Read more »
Technology
Amazon Artificial Intelligence ChatGPT Cybersecurity CyberThreat Google GTI Microsoft New Sec Gemini OpenAI Technology

New Sec-Gemini v1 from Google Outperforms Cybersecurity Rivals

 


A cutting-edge artificial intelligence model developed by Google called Sec-Gemini v1, a version of Sec-Gemini that integrates advanced language processing, real-time threat intelligence, and enhanced cybersecurity operations, has just been released. With the help of Google's proprietary Gemini large language model and dynamic security data and tools, this innovative solution utilizes its capabilities seamlessly to enhance security operations. 

A new AI model, Sec-Gemini v1 that combines sophisticated reasoning with real-time cybersecurity insights and tools has been released by Google. This integration makes the model extremely capable of performing essential security functions like threat detection, vulnerability assessment, and incident analysis. A key part of Google's effort to support progress across the broader security landscape is its initiative to provide free access to Sec-Gemini v1 to select institutions, professionals, non-profit organizations, and academic institutions to promote a collaborative approach to security research. 

Due to its integration with Google Threat Intelligence (GTI), the Open Source Vulnerabilities (OSV) database, and other key data sources, Sec-Gemini v1 stands out as a unique solution. On the CTI-MCQ threat intelligence benchmark and the CTI-Root Cause Mapping benchmark, it outperforms peer models by at least 11%, respectively. Using the CWE taxonomy, this benchmark assesses the model's ability to analyze and classify vulnerabilities.

One of its strongest features is accurately identifying and describing the threat actors it encounters. Because of its connection to Mandiant Threat Intelligence, it can recognize Salt Typhoon as a known adversary, which is a powerful feature. There is no doubt that the model performs better than its competitors based on independent benchmarks. According to a report from Security Gemini v1, compared to comparable AI systems, Sec-Gemini v1 scored at least 11 per cent higher on CTI-MCQ, a key metric used to assess threat intelligence capabilities. 

Additionally, it achieved a 10.5 per cent edge over its competitors in the CTI-Root Cause Mapping benchmark, a test that assesses the effectiveness of an AI model in interpreting vulnerability descriptions and classifying them by the Common Weakness Enumeration framework, an industry standard. It is through this advancement that Google is extending its leadership position in artificial intelligence-powered cybersecurity, by providing organizations with a powerful tool to detect, interpret, and respond to evolving threats more quickly and accurately. 

It is believed that Sec-Gemini v1 has the strength to be able to perform complex cybersecurity tasks efficiently, according to Google. Aside from conducting in-depth investigations, analyzing emerging threats, and assessing the impact of known vulnerabilities, you are also responsible for performing comprehensive incident investigations. In addition to accelerating decision-making processes and strengthening organization security postures, the model utilizes contextual knowledge in conjunction with technical insights to accomplish the objective. 

Though several technology giants are actively developing AI-powered cybersecurity solutions—such as Microsoft's Security Copilot, developed with OpenAI, and Amazon's GuardDuty, which utilizes machine learning to monitor cloud environments—Google appears to have carved out an advantage in this field through its Sec-Gemini v1 technology. 

A key reason for this edge is the fact that it is deeply integrated with proprietary threat intelligence sources like Google Threat Intelligence and Mandiant, as well as its remarkable performance on industry benchmarks. In an increasingly competitive field, these technical strengths place it at the top of the list as a standout solution. Despite the scepticism surrounding the practical value of artificial intelligence in cybersecurity - often dismissed as little more than enhanced assistants that still require a lot of human interaction - Google insists that Sec-Gemini v1 is fundamentally different from other artificial intelligence models out there. 

The model is geared towards delivering highly contextual, actionable intelligence rather than simply summarizing alerts or making basic recommendations. Moreover, this technology not only facilitates faster decision-making but also reduces the cognitive load of security analysts. As a result, teams can respond more quickly to emerging threats in a more efficient way. At present, Sec-Gemini v1 is being made available exclusively as a research tool, with access being granted only to a select set of professionals, academic institutions, and non-profit organizations that are willing to share their findings. 

There have been early signs that the model will make a significant contribution to the evolution of AI-driven threat defence, as evidenced by the model's use-case demonstrations and early results. It will introduce a new era of proactive cyber risk identification, contextualization, and mitigation by enabling the use of advanced language models. 

In real-world evaluations, the Google security team demonstrated Sec-Gemini v1's advanced analytical capabilities by correctly identifying Salt Typhoon, a recognized threat actor, with its accurate analytical capabilities. As well as providing in-depth contextual insights, the model provided in-depth contextual information, including vulnerability details, potential exploitation techniques, and associated risk levels. This level of nuanced understanding is possible because Mandiant's threat intelligence provides a rich repository of real-time threat data as well as adversary profiles that can be accessed in real time. 

The integration of Sec-Gemini v1 into other systems allows Sec-Gemini v1 to go beyond conventional pattern recognition, allowing it to provide more timely threat analysis and faster, evidence-based decision-making. To foster collaboration and accelerate model refinement, Google has offered limited access to Sec-Gemini v1 to a carefully selected group of cybersecurity practitioners, academics, and non-profit organizations to foster collaboration. 

To avoid a broader commercial rollout, Google wishes to gather feedback from trusted users. This will not only ensure that the model is more reliable and capable of scaling across different use cases but also ensure that it is developed in a responsible and community-led manner. During practical demonstrations, Google's security team demonstrated Sec-Gemini v1's ability to identify Salt Typhoon, an internationally recognized threat actor, with high accuracy, as well as to provide rich contextual information, such as vulnerabilities, attack patterns and potential risk exposures associated with this threat actor. 

Through its integration with Mandiant's threat intelligence, which enhances the model's ability to understand evolving threat landscapes, this level of precision and depth can be achieved. The Sec-Gemini v1 software, which is being made available for free to a select group of cybersecurity professionals, academic institutions, and nonprofit organizations, for research, is part of Google's commitment to responsible innovation and industry collaboration. 

Before a broader deployment of this model occurs, this initiative will be designed to gather feedback, validate use cases, and ensure that it is effective across diverse environments. Sec-Gemini v1 represents an important step forward in integrating artificial intelligence into cybersecurity. Google's enthusiasm for advancing this technology while ensuring its responsible development underscores the company's role as a pioneer in the field. 

Providing early, research-focused access to Sec-Gemini v1 not only fosters collaboration within the cybersecurity community but also ensures that Sec-Gemini v1 will evolve in response to collective expertise and real-world feedback, as Google offers this model to the community at the same time. Sec-Gemini v1 has demonstrated remarkable performance across industry benchmarks as well as its ability to detect and mitigate complex threats, so it may be able to change the face of threat defense strategies in the future. 

The advanced reasoning capabilities of Sec-Gemini v1 are coupled with cutting-edge threat intelligence, which can accelerate decision-making, cut response times, and improve organizational security. However, while Sec-Gemini v1 shows great promise, it is still in the research phase and awaiting wider commercial deployment. Using such a phased approach, it is possible to refine the model carefully, ensuring that it adheres to the high standards that are required by various environments. 

For this reason, it is very important that stakeholders, such as cybersecurity experts, researchers, and industry professionals, provide valuable feedback during the first phase of the model development process, to ensure that the model's capabilities are aligned with real-world scenarios and needs. This proactive stance by Google in engaging the community emphasizes the importance of integrating AI responsibly into cybersecurity. 

This is not solely about advancing the technology, but also about establishing a collaborative framework that can make it easier to detect and respond to emerging cyber threats more effectively, more quickly, and more securely. The real issue is the evolution of Sec-Gemini version 1, which may turn out to be one of the most important tools for safeguarding critical systems and infrastructure around the globe in the future.
Read more »
Technology
Amazon Cryptography CyberCrime CyberThreat Global Attacks Google Microsoft NIST PQC Quantum Technology

Microsoft and Amazon’s Quantum Progress Poses New Risks for Encryption

 


Microsoft, Amazon, and Google have all announced recent advances in quantum computing that are likely to accelerate the timeline for the possible obsolescence of current encryption standards. These developments indicate that it will become increasingly important to address the vulnerabilities posed by quantum computing to existing cryptographic protocols shortly. Those who are leading the way in the technological race are those who are advancing quantum computing technology, which is the most powerful technology that will be able to easily decrypt the encryption mechanisms that safeguard the internet's security and data privacy. 

On the other hand, there are researchers and cybersecurity experts who are working on the development of post-quantum cryptography (PQC) - a new generation of encryption technologies that can handle quantum system computational power with ease. A quantum-resistant encryption system must be prioritized by organisations and governments to ensure long-term security of their data and digital communications, especially as the quantum era has come closer than anticipated to being realized. 

Even though quantum decryption and quantum-resistant encryption are competing more than ever, the race for global cybersecurity infrastructure requires strategic investment and proactive measures. There has been an important advancement in quantum computing in the field, with Amazon Web Services (AWS) announcing the inaugural quantum computing chip called Ocelot, which represents a significant step in the pursuit of practical quantum computing. 

One of the most critical challenges in the field is error correction. Using Ocelot, Amazon Web Services claims that it may be possible to drastically reduce the cost of quantum error correction by as much as 90 percent, thus speeding up the process toward fault-tolerant quantum systems being realized. In the future, error correction will continue to be an important barrier to quantum computing. This is because quantum systems are inherently fragile, as well as highly susceptible to environmental disturbances, such as fluctuating temperatures, electromagnetic interference, and vibrations from the environment.

As a result of these external factors, quantum operations are exposed to a substantial amount of computational errors, which make it extremely challenging to maintain their stability and reliability. Research in quantum computing is progressing rapidly, which means innovations like Ocelot could play a crucial role in helping mitigate these challenges, paving the way for more robust and scalable quantum computing in the future. 

If a sufficiently advanced quantum computer has access to Shor's algorithm or any potential enhancements to it, it will be possible for it to decrypt existing public key encryption protocols, such as RSA 2048, within 24 hours by leveraging Shor's algorithm. With the advent of quantum computing, modern cybersecurity frameworks are going to be fundamentally disrupted, rendering current cryptographic mechanisms ineffective. 

The encryption of any encrypted data that has been unauthorizedly acquired and stored under the "harvest now, decrypt later" strategy will become fully available to those who have such quantum computing capabilities. A severe breach of internet communications, digital signatures, and financial transactions would result in severe breaches of trust in the digital ecosystem, resulting in serious losses in trust. The inevitability of this threat does not depend on the specific way by which PKE is broken, but rather on the certainty that a quantum system with sufficient power will be able to achieve this result in the first place. 

Consequently, the National Institute of Standards and Technology (NIST) has been the frontrunner in developing advanced encryption protocols designed to withstand quantum-based attacks in response to these threats. Post-quantum cryptography (PQC) is an initiative that is based on mathematical structures that are believed to be immune from quantum computational attacks, and is a product of this effort. To ensure the long-term security of digital infrastructure, PKE must be replaced with PQC. There is, however, still a limited amount of awareness of the urgency of the situation, and many stakeholders are still unaware of quantum computing's potential impact on cybersecurity, and are therefore unaware of its potential. 

As the development of quantum-resistant encryption technologies through 2025 becomes increasingly important, it will play an increasingly important role in improving our understanding of these methodologies, accelerating their adoption, and making sure our global cybersecurity standards will remain safe. For a cryptographic method to be effective, it must have computationally infeasible algorithms that cannot be broken within a reasonable period. These methods allow for secure encryption and decryption, which ensures that data is kept confidential for authorized parties. However, no encryption is completely impervious indefinitely. 

A sufficiently powerful computing machine will eventually compromise any encryption protocol. Because of this reality, cryptographic standards have continuously evolved over the past three decades, as advances in computing have rendered many previous encryption methods obsolete. For example, in the "crypto wars" of the 1990s, the 1024-bit key encryption that was at the center of the debate has long been retired and is no longer deemed adequate due to modern computational power. Nowadays, it is hardly difficult for a computer to break through that level of encryption. 

In recent years, major technology companies have announced that the ability to break encryption is poised to take a leap forward that has never been seen before. Amazon Web Services, Google, and Microsoft have announced dramatic increases in computational power facilitated by quantum computing technology. Google introduced "Willow" in December and Microsoft announced "Majorana 1" in February, which signals a dramatic rise in computational power. A few days later, Amazon announced the "Ocelot" quantum computing machine. Each of these breakthroughs represents an important and distinct step forward in the evolution of quantum computing technology, a technology that has fundamentally redefined the way that processors are designed. 

In contrast to traditional computing systems, quantum systems are based on entirely different principles, so their efficiency is exponentially higher. It is evident that advances in quantum computing are accelerating an era that will have a profound effect on encryption security and that cybersecurity practices need to be adjusted urgently to cope with these advances. In recent years, quantum computing has made tremendous strides in computing power. It has led to an extraordinary leap in computational power unmatched by any other technology. In the same manner as with any technological breakthrough that has an impact on our world, it is uncertain what it may mean. 

However, there is one aspect that is becoming increasingly clear: the computational barriers that define what is currently infeasible will be reduced to problems that can be solved in seconds, as stated by statements from Google and Microsoft. In terms of data security, this change has profound implications. It will be very easy for quantum computers to unlock encrypted information once they become widely accessible, thus making it difficult to decrypt encrypted data today. Having the capability to break modern encryption protocols within a matter of seconds poses a serious threat to digital privacy and security across industries. 

The development of quantum-resistant cryptographic solutions has been undertaken in anticipation of this eventuality. A key aspect of the Post-Quantum Cryptography (PQC) initiative has been the leadership role that NIST has been assuming since 2016, as it has played a historical role in establishing encryption standards over the years. NIST released a key milestone in global cybersecurity efforts in August when it released its first three finalized post-quantum encryption standards. 

Major technology companies, including Microsoft, Amazon Web Services (AWS), and Google, are not only contributing to the advancement of quantum computing but are also actively participating in the development of PQC solutions as well. Google has been working with NIST on developing encryption methods that can withstand quantum-based attacks. These organizations have been working together with NIST to develop encryption methods that can withstand quantum attacks. During August, Microsoft provided an update on their PQC efforts, followed by AWS and Microsoft. 

The initiatives have been in place long before the latest quantum hardware advances, yet they are a strong reminder that addressing the challenges posed by quantum computing requires a comprehensive and sustained commitment. However, establishing encryption standards does not guarantee widespread adoption, as it does not equate to widespread deployment. As part of the transition, there will be a considerable amount of time and effort involved, particularly in ensuring that it integrates smoothly into everyday applications, such as online banking and secure communications, thereby making the process more complex and time consuming. 

Because of the challenges associated with implementing and deploying new encryption technologies on a large scale, the adoption of new encryption technologies has historically spanned several years. Due to this fact, it cannot be overemphasized how urgent it is for us to prepare for a quantum era. A company's strategic planning and system design must take into account PQC considerations proactively and proactively. It has become increasingly clear that all organizations must address the issue of PQC rather than delay it. The fundamental principle remains that if the user breaks encryption, they are much more likely to break it than if they construct secure systems. 

Moreover, cryptographic implementation is a complex and error-prone process in and of itself. For the cybersecurity landscape to be successful at defending against quantum-based threats, a concerted, sustained effort must be made across all aspects. There is a lot of excitement on the horizon for encryption, both rapidly and very challenging. As quantum computing emerges, current encryption protocols face an existential threat, which means that organizations that fail to react quickly and decisively will suffer severe security vulnerabilities, so ensuring the future of digital security is imperative.
Read more »
Technology
Amazon Cryptographic CyberThreat data security Datathreat PQC Quantum- safe Encryption Technology

The Future of Data Security Lies in Quantum-Safe Encryption

 


Cybersecurity experts and analysts have expressed growing concerns over the potential threat posed by quantum computing to modern cryptographic systems. Unlike conventional computers that rely on electronic circuits, quantum computers leverage the principles of quantum mechanics, which could enable them to break widely used encryption protocols. 

If realized, this advancement would compromise digital communications, rendering them as vulnerable as unprotected transmissions. However, this threat remains theoretical at present. Existing quantum computers lack the computational power necessary to breach standard encryption methods. According to a 2018 report by the National Academies of Sciences, Engineering, and Medicine, significant technological breakthroughs are still required before quantum computing can effectively decrypt the robust encryption algorithms that secure data across the internet. 

Despite the current limitations, researchers emphasize the importance of proactively developing quantum-resistant cryptographic solutions to mitigate future risks. Traditional computing systems operate on the fundamental principle that electrical signals exist in one of two distinct states, represented as binary bits—either zero or one. These bits serve as the foundation for storing and processing data in conventional computers. 

In contrast, quantum computers harness the principles of quantum mechanics, enabling a fundamentally different approach to data encoding and computation. Instead of binary bits, quantum systems utilize quantum bits, or qubits, which possess the ability to exist in multiple states simultaneously through a phenomenon known as superposition. 

Unlike classical bits that strictly represent a zero or one, a qubit can embody a probabilistic combination of both states at the same time. This unique characteristic allows quantum computers to process and analyze information at an exponentially greater scale, offering unprecedented computational capabilities compared to traditional computing architectures. Leading technology firms have progressively integrated post-quantum cryptographic (PQC) solutions to enhance security against future quantum threats. 

Amazon introduced a post-quantum variant of TLS 1.3 for its AWS Key Management Service (KMS) in 2020, aligning it with evolving NIST recommendations. Apple incorporated the PQ3 quantum-resistant protocol into its iMessage encryption in 2024, leveraging the Kyber algorithm alongside elliptic-curve cryptography for dual-layer security. Cloudflare has supported post-quantum key agreements since 2023, utilizing the widely adopted X25519Kyber768 algorithm. 

Google Chrome enabled post-quantum cryptography by default in version 124, while Mozilla Firefox introduced support for X25519Kyber768, though manual activation remains necessary. VPN provider Mullvad integrates Classic McEliece and Kyber for key exchange, and Signal implemented the PQDXH protocol in 2023. Additionally, secure email service Tutanota employs post-quantum encryption for internal communications. Numerous cryptographic libraries, including OpenSSL and BoringSSL, further facilitate PQC adoption, supported by the Open Quantum Safe initiative. 

Modern encryption relies on advanced mathematical algorithms to convert plaintext data into secure, encrypted messages for storage and transmission. These cryptographic processes operate using digital keys, which determine how data is encoded and decoded. Encryption is broadly categorized into two types: symmetric and asymmetric. 

Symmetric encryption employs a single key for both encryption and decryption, offering high efficiency, making it the preferred method for securing stored data and communications. In contrast, asymmetric encryption, also known as public-key cryptography, utilizes a key pair—one publicly shared for encryption and the other privately held for decryption. This method is essential for securely exchanging symmetric keys and digitally verifying identities through signatures on messages, documents, and certificates. 

Secure websites utilizing HTTPS protocols rely on public-key cryptography to authenticate certificates before establishing symmetric encryption for communication. Given that most digital systems employ both cryptographic techniques, ensuring their robustness remains critical to maintaining cybersecurity. Quantum computing presents a significant cybersecurity challenge, with the potential to break modern cryptographic algorithms in mere minutes—tasks that would take even the most advanced supercomputers thousands of years. 

The moment when a quantum computer becomes capable of compromising widely used encryption is known as Q-Day, and such a machine is termed a Cryptographically Relevant Quantum Computer (CRQC). While governments and defense organizations are often seen as primary targets for cyber threats, the implications of quantum computing extend far beyond these sectors. With public-key cryptography rendered ineffective, all industries risk exposure to cyberattacks. 

Critical infrastructure, including power grids, water supplies, public transportation, telecommunications, financial markets, and healthcare systems, could face severe disruptions, posing both economic and life-threatening consequences. Notably, quantum threats will not be limited to entities utilizing quantum technology; any business or individual relying on current encryption methods remains at risk. Ensuring quantum-resistant cryptographic solutions is therefore imperative to safeguarding digital security in the post-quantum era. 

As the digital landscape continues to evolve, the inevitability of quantum computing necessitates a proactive approach to cybersecurity. The widespread adoption of quantum-resistant cryptographic solutions is no longer a theoretical consideration but a fundamental requirement for ensuring long-term data security. 

Governments, enterprises, and technology providers must collaborate to accelerate the development and deployment of post-quantum cryptography to safeguard critical infrastructure and sensitive information. While the full realization of quantum threats remains in the future, the urgency to act is now. Organizations must assess their current security frameworks, invest in quantum-safe encryption technologies, and adhere to emerging standards set forth by cryptographic experts.

The transition to quantum-resilient security will be a complex but essential undertaking to maintain the integrity, confidentiality, and resilience of digital communications. By preparing today, industries can mitigate the risks posed by quantum advancements and uphold the security of global digital ecosystems in the years to come.
Read more »
Data Theft
Amazon class action lawsuits Data Breach Data Harvesting SDK Data Privacy Data Safety User Data data security Data Theft

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data

 

A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software development kit (SDK) to extract sensitive geolocation information from mobile apps. According to the lawsuit, plaintiff Felix Kolotinsky of San Mateo claims 

Amazon embedded its SDK into numerous mobile applications, allowing the company to collect precise, timestamped location details. Users were reportedly unaware that their movements were being tracked and stored. Kolotinsky states that his own data was accessed through the widely used “Speedtest by Ookla” app. The lawsuit contends that Amazon’s data collection practices could reveal personal details such as users’ home addresses, workplaces, shopping habits, and frequented locations. 

It also raises concerns that this data might expose sensitive aspects of users’ lives, including religious practices, medical visits, and sexual orientation. Furthermore, the complaint alleges that Amazon leveraged this information to build detailed consumer profiles for targeted advertising, violating California’s privacy and computer access laws. This case is part of a broader legal pushback against tech companies and data brokers accused of misusing location tracking technologies. 

In a similar instance, the state of Texas recently filed a lawsuit against Allstate, alleging the insurance company monitored drivers’ locations via mobile SDKs and sold the data to other insurers. Another legal challenge in 2024 targeted Twilio, claiming its SDK unlawfully harvested private user data. Amazon has faced multiple privacy-related controversies in recent years. In 2020, it terminated several employees for leaking customer data, including email addresses and phone numbers, to third parties. 

More recently, in June 2023, Amazon agreed to a $31 million settlement over privacy violations tied to its Alexa voice assistant and Ring doorbell products. That lawsuit accused the company of storing children’s voice recordings indefinitely and using them to refine its artificial intelligence, breaching federal child privacy laws. 

Amazon has not yet issued a response to the latest allegations. The lawsuit, Kolotinsky v. Amazon.com Inc., seeks compensation for affected California residents and calls for an end to the company’s alleged unauthorized data collection practices.
Read more »
User Data
Amazon Chrome Cookie Data Facebook Safari Technology User Data

No More Internet Cookies? Digital Targeted Ads to Find New Ways


Google Chrome to block cookies

The digital advertising world is changing rapidly due to privacy concerns and regulatory needs, and the shift is affecting how advertisers target customers. Starting in 2025, Google to stop using third-party cookies in the world’s most popular browser, Chrome. The cookies are data files that track our internet activities in our browsers. The cookie collects information sold to advertisers, who use this for targeted advertising based on user data. 

“Cookies are files created by websites you visit. By saving information about your visit, they make your online experience easier. For example, sites can keep you signed in, remember your site preferences, and give you locally relevant content,” says Google.

In 2019 and 2020, Firefox and Safari took a step back from third-party cookies. Following their footsteps, Google’s Chrome allows users to opt out of the settings. As the cookies have information that can identify a user, the EU’s and UK’s General Data Protection Regulation (GDPR) asks a user for prior consent via spamming pop-ups. 

No more third-party data

Once the spine of targeted digital advertising, the future of third-party cookies doesn’t look bright. However, not everything is sunshine and rainbows. 

While giants like Amazon, Google, and Facebook are burning bridges by blocking third-party cookies to address privacy concerns, they can still collect first-party data about a user from their websites, and the data will be sold to advertisers if a user permits, however in a less intrusive form. The harvested data won’t be of much use to the advertisers, but the annoying pop-ups being in existence may irritate the users.

How will companies benefit?

One way consumers and companies can benefit is by adapting the advertising industry to be more efficient. Instead of using targeted advertising, companies can directly engage with customers visiting websites. 

Advances in AI and machine learning can also help. Instead of invasive ads that keep following you on the internet, the user will be getting information and features personally. Companies can predict user needs, and via techniques like automated delivery and pre-emptive stocking, give better results. A new advertising landscape is on its way.

Read more »
Streaming Platform
Amazon Data Breach Data Leak Data protection data security Fines Hacker attack Personal Data Streaming Platform

Amazon Fined for Twitch Data Breach Impacting Turkish Nationals

 

Türkiye has imposed a $58,000 fine on Amazon for a data breach that occurred on its subsidiary, Twitch, in 2021. The breach exposed sensitive personal information of thousands of Turkish citizens, drawing scrutiny from the country’s Personal Data Protection Board (KVKK). The incident began when an anonymous hacker leaked Twitch’s entire source code, along with personally identifiable information (PII) of users, in a massive 125 GB torrent posted on the 4chan imageboard. The KVKK investigation revealed that 35,274 Turkish nationals were directly affected by the leak. 

As a result, KVKK levied fines totaling 2 million lira, including 1.75 million lira for Amazon’s failure to implement adequate preemptive security measures and 250,000 lira for not reporting the breach in a timely manner. According to the regulatory body, Twitch’s risk and threat assessments were insufficient, leaving users’ data vulnerable to exploitation. The board concluded that the company only addressed the vulnerabilities after the breach had already occurred. Twitch, acquired by Amazon in 2014 for $970 million, attempted to minimize concerns by assuring users that critical login credentials and payment information had not been exposed. The company stated that passwords were securely hashed with bcrypt, a strong encryption method, and claimed that systems storing sensitive financial data were not accessed. 

However, the leaked information still contained sensitive PII, leading to significant privacy concerns, particularly for Turkish users who were impacted. The motivation behind the hack was reportedly ideological rather than financial. According to reports from the time, the hacker expressed dissatisfaction with the Twitch community and aimed to disrupt the platform by leaking the data. The individual claimed their intent was to “foster more disruption and competition in the online video streaming space.” While this rationale highlighted frustrations with Twitch’s dominance in the industry, the data breach had far-reaching consequences, including legal action, reputational damage, and increased regulatory scrutiny. Türkiye’s actions against Amazon and Twitch underline the growing importance of adhering to local data protection laws in an increasingly interconnected world. 

The fines imposed by KVKK serve as a reminder that global corporations must ensure compliance with regional regulations to avoid significant penalties and reputational harm. Türkiye’s regulations align with broader trends, as data privacy and security become critical components of global business practices. This incident also underscores the evolving nature of cybersecurity challenges. Hackers continue to exploit vulnerabilities in popular platforms, putting pressure on companies to proactively identify and address risks before they lead to breaches. As regulatory bodies like KVKK become more assertive in holding companies accountable, the need for robust data protection frameworks has never been more urgent. The Twitch breach also serves as a case study for the importance of transparency and swift response in the aftermath of cyberattacks. 

While Twitch’s reassurances regarding encrypted data helped mitigate some concerns, the lack of prompt reporting to Turkish authorities drew criticism. Companies handling large amounts of user data must prioritize both preventive measures and clear communication strategies to regain user trust after incidents. Looking forward, the Twitch data breach highlights the necessity for all companies—especially those managing sensitive user data—to invest in proactive cybersecurity strategies. As hackers grow increasingly sophisticated, businesses must adopt a forward-thinking approach to safeguard their platforms, comply with local laws, and ensure users’ privacy remains uncompromised.
Read more »
Youtube
Amazon Audible ClearFake Cyber Security CyberCrime Cyberhackers CyberThreat Google Youtube

Amazon and Audible Face Scrutiny Amid Questionable Content Surge

 


The Amazon online book and podcast services, Amazon Music, and Audible have been inundated by bogus listings that attempt to trick customers into clicking on dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software for sale. It is becoming increasingly common to abuse Spotify playlists and podcasts to promote pirated software, cheat codes for video games, spam links, and "warez" websites. 

To spam Spotify web player results into search engines such as Google, threat actors can inject targeted keywords and links in the description and title of playlists and podcasts to boost SEO for their dubious online properties. In these listings, there are playlist names, podcast description titles, and bogus "episodes," which encourage listeners to visit external links that link to places that might cause a security breach. 

A significant number of threat actors exploit Google's Looker Studio (formerly Google Data Studio) to boost the search engine ranking of their illicit websites that promote spam, torrents, and pirated content by manipulating search engine rankings. According to BleepingComputer, one of the methods used in the SEO poisoning attack is Google's datastudio.google.com subdomain, which appears to lend credibility to the malicious website. 

Aside from mass email spam campaigns, spammers are also using Audible podcasts as another means to spread the word about their illicit activities. Spam can be sent to any digital platform that is open to the public, and no digital platform is immune to that. In cases such as those involving Spotify or Amazon, there is an interesting aspect that is, one would instinctively assume that the overhead associated with podcasting and digital music distribution would deter spammers, who would otherwise have to turn to low-hanging fruit, like writing spammy posts to social media or uploading videos that have inaccurate descriptions on YouTube. 

The most recent instance of this was a Spotify playlist entitled "Sony Vegas Pro 13 Crack...", which seemed to drive traffic to several "free" software sites listed in the title and description of the playlist. Karol Paciorek, a cybersecurity enthusiast who spotted the playlist, said, "Cybercriminals exploit Spotify for malware distribution because Spotify has become a prominent tool for distributing malware. Why? Because Spotify's tracks and pages are easily indexed by search engines, making it a popular location for creating malicious links.". 

The newest business intelligence tool from Google, Looker Studio (formerly, Google Data Studio) is a web-based tool that allows users to make use of data to create customizable reports and dashboards allowing them to visualize and analyze their data. A Data Studio application can, and has been used in the past, to track and visualize the download counts of open source packages over some time, such as four weeks, for a given period. There are many legitimate business cases for Looker Studio, but like any other web service, it may be misused by malicious actors looking to host questionable content on illegal domains or manipulate search engine results for illicit URLs. 

Recent SEO poisoning campaigns have been seen targeting keywords related to the U.S. midterm election, as well as pushing malicious Zoom, TeamViewer, and Visual Studio installers to targeted sites.  In advance of this article's publication, BleepingComputer has reached out to Google to better understand the strategy Google plans to implement in the future.

Firstory is a new service launched in 2019 that enables podcasters to distribute their shows across the globe, and even connect with audiences, thereby empowering them to enjoy their voice! Firstory is open to publishing podcasts on Spotify, but it acknowledges that spam is an ongoing issue that it is increasingly trying to address, as it focuses on curtailing it as much as possible. 

Spam accounts and misleading content remain persistent challenges for digital platforms, according to Stanley Yu, co-founder of Firstory, in a statement provided to BleepingComputer. Yu emphasized that addressing these issues is an ongoing priority for the company. To tackle the growing threat of unauthorized and spammy content, Firstory has implemented a multifaceted approach. This includes active collaboration with major streaming platforms to detect and remove infringing material swiftly. 

The company has also developed and employed advanced technologies to scan podcast titles and show notes for specific keywords associated with spam, ensuring early identification and mitigation of potential violations. Furthermore, Firstory proactively monitors and blocks suspicious email addresses commonly used by malicious actors to infiltrate and disrupt digital ecosystems. By integrating technology-driven solutions with strategic partnerships, Firstory aims to set a higher standard for content integrity across platforms. 

The company’s commitment reflects a broader industry imperative to protect users and maintain trust in an ever-expanding digital landscape. As digital platforms evolve, sustained vigilance and innovation will be essential to counter emerging threats and foster a safer, more reliable online environment.
Read more »
Scam
Amazon Hacking links phishing Scam

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.


Read more »
Privacy
Amazon Android Vulnerability Cyberattacks Cyberdrime Cybersecurity CyberThreat Facebook Kaspersky Passwords Privacy

Security Alert for Gmail, Facebook, and Amazon Users

 


The number of hacks that occur on Google, Gmail, and Amazon accounts keeps on rising, causing users to become anxious. By using phishing tactics, hackers are targeting users' passwords for Gmail, Facebook, and Amazon through phishing campaigns that pose significant risks to their personal information. 

A new notice has appeared warning users of Google Mail, Facebook, and Amazon that there has been a new attack on password hacking that puts their personal information at risk because society has gone digital and protecting your credentials is "the name of the game." There is no denying the fact that these platforms are among the most popular in the world, so it is vital to have a good understanding of what threats are coming and what possibilities there are to prevent these threats. 

Overall, cybersecurity experts predict a steady increase for the year, but they also note that the complexity of password hacks for Gmail and Facebook, as well as attempts to access Amazon accounts, has grown dramatically as well. It has been found that the complexity of password hacks for Gmail and Facebook has increased dramatically as a result of increased complexity in the attacks. 

Typically, these hacking attempts benefit from phishing attacks, brute force attacks, and social engineering attacks, all of which are designed to take advantage of overly trustful users or weaknesses within the platforms that make them vulnerable. Several new threat analyses, including those conducted by Kaspersky Labs, reveal that password theft attacks have become increasingly common against Amazon users, Facebook users, and, most of all, Google users. There have been several attacks targeting these platforms, including those aimed at stealing passwords. 

Kaspersky reported an increase of 40% in attempts of hackers to entice users to access malicious sites impersonating these brands in comparison to last year based on a study it conducted. It is no surprise that malicious hackers are seeking credentials for Gmail, Facebook, and Amazon accounts to spread their malicious programming. As a matter of fact, these accounts may be exploited to reach the full heights of cybercrime by committing data theft, malware distribution, and credit card fraud all at the same time. 

A Google account is a skeleton key that can be used to unlock an entire treasure trove of other account credentials, as well as personal information, enabling fraudsters to access a treasure trove of private information. The information contained in a user's Gmail inbox is immeasurable when compared to that contained in their inbox on the web, and the chances are that they will have one given how popular this web-based free email service is with most people these days. As per Kaspersky reports, hackers are mainly targeting Google, Amazon, and Facebook passwords in their effort to steal personal information. 

During the first half of 2024, Kaspersky Security reported a 243% increase in the number of attack attempts, with the company itself preventing approximately 4 million attempts. It is estimated that Facebook users were exposed to 3.7 million phishing attempts during the same period, and Amazon users were exposed to 3 million.  In an interview with Kaspersky Internet Security, Olga Svistunova, who is an expert in data security at the company, warned that a criminal with access to a Gmail account may be able to access "multiple services". 

Thus, it is important to note that not only may business information be leaked as a result, but also the personal information of customers can also be leaked as a result. To target these platforms, hackers are looking for account passwords, as getting access to these platforms allows them to commit fraud, distribute malware, and steal sensitive information. It is proposed that Google accounts are especially valuable since they can be used to hack into other accounts and to collect personal information that can be used in fraud attempts. 

According to researchers at GuidePoint Research and Intelligence Team, Rui Ataide and Hermes Bojaxhi of the GuidePoint Research and Intelligence Team, there is an ongoing phishing campaign targeting more than 130 U.S. organizations, which has been detected as a new and worrying one. There have been so many misuses of the term "highly sophisticated threat actor" in recent years that it almost has lost all meaning, but the tactics and intrusion capabilities that were employed by this as-yet-unnamed attacker have led the GRIT researchers to conclude that this attacker deserves to be called such a label. 

A spear-phishing attack, as with other spear-phishing campaigns, revolves around the targeting of specific employees within an organization rather than attempting to hit every single email account in an organization with a scattergun approach, as is so often the case with so-called spear-phishing campaigns. The attack has also targeted other tech giants, including Microsoft and Apple, as well as numerous smaller companies. Additionally, DHL, Mastercard, Netflix, eBay, and HSBC are also among the companies involved.  

Cloud security provider Netskope, in a recent report, found a 2,000-fold increase in traffic to phishing pages sent through Microsoft Sway, a cloud-based application that provides users with the ability to create visual instructions, newsletters, and presentations through the use of visual illustrations. Hackers are increasingly exploiting a technique known as “quishing,” a form of phishing that utilizes QR codes to deceive users into logging into malicious websites, thereby stealing their passwords. This method is particularly effective as QR codes can bypass email scanners designed to detect text-based threats. 

Additionally, since QR codes are frequently scanned with mobile devices—which often lack the robust security measures found on desktops and laptops—users become more vulnerable to these types of attacks. A new variant of QR code phishing has been recently detailed by J. Stephen Kowski, the Field Chief Technology Officer at SlashNext, in a LinkedIn article. Unlike traditional QR code phishing, which typically involves an image-based QR code redirecting users to a malicious site, this new method leverages Unicode text characters to create QR codes. 

According to Kowski, this approach presents three significant challenges for defenders: it evades image-based analysis, ensures accurate screen rendering, and creates a duality in appearance between the screen rendering and plain text, making detection more difficult. Given these emerging threats, individuals who frequently use platforms such as Google’s Gmail, Facebook, and Amazon, as well as other major online services, should exercise caution to avoid becoming victims of identity theft. The risk of falling prey to password-hacking attempts can be significantly reduced by adhering to best practices in security hygiene across different accounts and maintaining a high level of vigilance. 

In today’s technology-driven world, personal awareness and proactive measures serve as the first line of defence against such cyber threats. Protecting Business Accounts from Phishing Attacks 

1. Recognize Phishing Indicators

- Generic Domain Extensions: Be cautious of emails from generic domains like "@gmail.com" instead of corporate domains, as attackers use these to impersonate businesses.

- Misspelt Domains: Watch for near-identical domains that slightly alter legitimate ones, such as "Faceb0ok.com." These deceptive domains are used to trick users into providing sensitive information. 

- Content Quality: Legitimate communications are typically polished and professional. Spelling errors, poor grammar, and unprofessional formatting are red flags of phishing attempts. 

- Urgency and Fear Tactics: Phishing messages often create a sense of urgency, pressuring recipients to act quickly to avoid negative consequences, such as account suspensions or security breaches. 

- Unusual Requests: Be wary of unexpected requests for money, personal information, or prompts to click links or download attachments. Hackers often impersonate trusted entities to deceive recipients. 

2. Implement Security Software 

- Install robust security tools, including firewalls, spam filters, and antivirus software, to guard against phishing attacks. 

- Utilize web filters to restrict access to malicious websites. - Regularly update software to patch vulnerabilities and protect against new threats. 

3. Use Multi-Factor Authentication (MFA) 

- Enhance account security by implementing MFA, which requires a second verification factor (e.g., a code, fingerprint, or secret question) in addition to a password. 

- MFA significantly reduces the risk of unauthorized access and helps safeguard business credentials. By staying vigilant, maintaining updated security software, and utilizing MFA, businesses can better protect their accounts and sensitive information from phishing attacks.
Read more »
Web Services
Amazon AWS Bling Libra Cloud Attacks Cloud Vulnerabilities CyberCrime Cybersecurity CyberThreat Microsoft GitHub Privacy Web Services

Bling Libra Shifts Focus to Extortion in Cloud-Based Attacks

 


It was observed during an incident response engagement handled by Unit 42, that the threat actor group Bling Libra (which was responsible for distributing ShinyHunters ransomware) had shifted from extortion to extortion of victims rather than its traditional tactic of selling/publishing stolen data in an attempt to increase their profits. 

During this engagement, it was also demonstrated how the group was able to acquire legitimate credentials, which were accessed from public repositories, to gain initial access to an organization's Amazon Web Services (AWS) environment through its public username and password. The compromised credentials had limited impact due to the limited permissions associated with them, but Bling Libra managed to infiltrate the organization's AWS environment and conduct reconnaissance operations on it during this time. 

The threat actor group used various tools for gaining information and accessing S3 bucket configurations, interacting with S3 objects, as well as deleting files from the service using tools such as the Amazon Simple Storage Service (S3) Browser and WinSCP. As a result of previous jobs with high-profile data breaches, including the Microsoft GitHub and Tokopedia incidents in 2020, Bling Libra has developed a special part of their business model that enables them to monetize stolen data through underground marketplaces. 

There has, however, been a significant change in the methods that Unit 42 implements, which have been reported in a recent report. As of 2024, Bling Libra has revitalized its business model from data theft to extortion, primarily targeting vulnerabilities within cloud-based environments to heighten its revenue. As Unit 42 explained in its latest report, Bling Libra obtained AWS credentials from a sensitive file that was exposed online to perform the latest attack. 

AWS account credentials were obtained from an Identity and Access Management (IAM) user, which would have provided the attackers with access to the victim's account on Amazon Web Services (AWS). While the permissions for accessing Amazon S3 resources were restricted, Bling Libra exploited them to gain a foothold in the cloud environment even though they were limited. Even though Bling Libra uses the same method of accessing victims for the first few minutes, it has instead instigated the double-extortion tactics normally associated with ransomware gangs - they initially steal data from victims and threaten to publish it online if they do not pay the ransom. 

According to the researchers, Bling Libra used credentials from a sensitive file exposed by the attacker on the Internet as a way of stealing the credentials, even though this file contained a variety of credentials. Aside from these exposed AWS access keys, the group also alleged that it "targeted a few other one-time credentials that were exposed by this individual as well as a few other exposed AWS access keys belonging to this individual.". 

Using these credentials, it is possible for the threat actors to gain access to the AWS account where the IAM user resides and to use the AWS API call to interact with the S3 bucket under the context of the AmazonS3FullAccess policy, which allows all permissions to be granted to users. The attackers in this case sat on the network and lurked for about a month before launching an attack that led to the exfiltration of information, its deletion from the environment, and the recovery of an extortion note demanding ransom payment. 

Their ransom note gave them a week to make their payment. It has been reported that Bling Libra also created new S3 buckets in the aftermath of their attack, presumably to mock the organization about the attack, as well. Ticketmaster's attack in June was notable because of how much data Bling Libra was able to obtain during this attack. At the time, the organization claimed that a total of more than half a million records were stolen, some of which contained Personal Identifiable Information (PII) such as names, emails, addresses, and partial credit card information. 

In May, the same group also claimed responsibility for several other attacks on other companies, including Ticketek Entertainment Group (TEG), in Australia, that occurred around the same period as Ticketmaster. Like Ticketmaster, TEG was attacked at the beginning of May. This group has been associated with several significant data breaches that have affected millions of records of data, and the implications have been severe. 

In the final phase of the attack, Bling Libra created new S3 buckets with mocking names to signify their control over the environment, illustrating their ability to manipulate the system. The threat group known as Bling Libra has adopted a new tactic, pivoting to extortion as a primary method for monetizing their cyber breaches. 

Following their recent cloud-based attacks, the group sent out extortion emails demanding payment in exchange for the return of stolen data and the cessation of further malicious activities. This shift in strategy underscores their focus on using extortion as a central means to profit from their operations. A recent report by Unit 42 offers a comprehensive analysis of Bling Libra's operational tools, particularly emphasizing their use of S3 Browser and WinSCP. 

These tools enable the threat actors to interact seamlessly with Amazon Web Services (AWS) environments. The report provides in-depth insights that assist incident responders in distinguishing between legitimate tool usage and activities indicative of a security breach. To counteract such threats, Unit 42 strongly advises organizations to adhere to the principle of least privilege, ensuring that users have only the minimal level of access necessary to perform their functions. 

Additionally, they recommend implementing robust security measures, including the use of AWS IAM Access Analyzer and AWS Service Control Policies. These tools are essential for mitigating the risks associated with similar attacks on cloud infrastructure. As businesses increasingly depend on cloud technologies, maintaining a proactive and vigilant cybersecurity posture is critical. Organizations must be diligent in their efforts to protect their cloud environments from sophisticated threat actors like Bling Libra.
Read more »
UK Customers
Amazon Cyber Crime CyberCrime Cybersecurity CyberThreat Emails Phishing UK Customers

Urgent Email Alert from Amazon UK Customers Must Act Now

 


Amazon has sent an urgent new email to all customers amid a warning that they should remain on alert. According to the message, customers in the UK should beware of phishing emails, texts, or phone calls that claim to be from the company. 

Cybercriminals are targeting the retail giant with its trusted name to prey on unsuspecting customers who give them personal information and money by using the brand's trusted reputation. In many of these scams, there is a false promise that Amazon accounts will be closed or that unauthorized charges have been established against them. According to others, Amazon's use will need to be verified to continue. A user is being advised to be cautious if he or she receives a message such as this one. 

The announcement from Amazon said that users should be on the lookout for Prime membership scams. These are usually emails, phone calls, or texts that users receive from impersonators informing them that their membership has been terminated or that they are charged an unauthorized fee. A spokesperson for Amazon stated: "Scammers might send fake attachments in emails, or cause users to believe they are being charged a costly fee". 

If users are concerned, they should contact the Message Centre on Amazon.co.uk or the Amazon mobile app to verify that the email is genuine from the retailer. Go to the 'Your Account' section in Amazon's account to verify the user's Prime membership status, authorize payments, or make any changes to the user's billing and account information, by logging into the account and going to the section. 

There are several things users can do if they receive a message or phone call that they think is not from Amazon, such as reporting it. To escalate a problem, simply send a message to reportascam.amazon.co.uk. Users should also be extremely careful when they click on links, enter information about themselves or input their credit card information.
Read more »
Subscribe to: Posts (Atom)