Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Privacy. Show all posts
User Safety
Data Privacy India Malicious Apps Mobile Security UPI Scam UPI Payment User Safety

Upsurge in UPI Fraud Cases: How can you Guard Against These Scams

 

India is going digital as more and more individuals use the internet to shop, order food, and complete other activities.

According to a Times of India (TOI) report, in March 2023, Unified Payment Interface (UPI) transactions reached a record high of 865 crores, with a record value of Rs 14.07 lakh crore. The number of transactions totaled 728 crores, which was 18% greater than in February 2023.

However, as UPI transactions have increased, so have instances of online fraud and frauds. More than 95,000 fraud cases using UPI transactions were reported in 2022–2023, up from 84,000 cases in 2021–2022 according to the Union Ministry of Finance. 

Let's focus on UPI frauds in more detail, along with certain precautions you might take.

UPI PIN request 

With the promise of sending money, fraudsters occasionally seduce their victims. To receive the money, they then request that their target enter their UPI PIN. The scammer can easily utilise the victim's UPI PIN to withdraw money if they comply and enter it. Let’s take a look at how UPI scams take place and what you can do to protect yourself. 

“For receiving money, no PIN is required. Anyone asking you for a PIN is a scammer,” Prashant Gautam, DCP of the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi stated.
 
Customer care fraud 

Fraudsters who pose as customer service representatives are also taken in by the public. A government teacher was recently tricked after calling the number that appeared to be the top search result on Google, thinking it was the Google Pay customer service number. 

The con artist promised to assist the teacher when he complained about inaccurate transactions on the Google Pay app and requested his personal banking information. Following the teacher's disclosure of the information, the fraudster withdrew Rs 2.50 lakh from his bank account.

Cybercriminals will occasionally threaten customers with the blocking of their e-wallet if they do not complete KYC or update their Aadhaar or PAN information under the guise of customer service representatives. Later, "under the guise of verification, they ask the victims to download third-party access apps," the police officer continued, "through which they get remote access to the digital wallets." 

Money sent by 'error' 

Scammers typically send money to their potential targets via UPI apps like Paytm, Google Pay, PhonePe, etc., according to a Delhi Police official, and then contact them to claim that they made a mistake. The cybercriminal then sends the victim a URL and requests that they use it to repay the money. If a person clicks on the link, they lose control of their bank account and digital wallet, which the scammer can then access. 

Prevention tip

Here are three strategies you should learn to use as self-defense against such frauds.

Avoid engaging with fraudsters: Please don't continue if the caller's identity or the source of the information they are sharing are unclear to you or if you are unfamiliar with the number. Especially for food and beverage establishments, be aware of phone numbers listed on public websites as they might not be legitimate. Always confirm someone's identity by checking again. Never forget that your bank will never phone or text you asking for any type of private information. 

Be mindful of the golden rule while receiving payment: No PIN is needed in order to receive money. The 'request money' feature of payment apps is frequently abused by scammers. They will pretend to be interested in purchasing a product you may have posted for sale online. You will NEVER be asked for a PIN if money needs to be debited to your bank account, so keep that in mind at all times. 

Watch out for fake apps: Many fraudulent or malicious apps try to trick you by appearing to be something else. The software will have a similar appearance to the original bank app and be simple to download. Your personal information will be shared with scammers if you unintentionally download and install the bogus app, giving them access to your account and enabling them to steal money. Beware of fake banking apps like Modi Bhim, BHIM Payment-UPI Guide, Bhim Modi App, and BHIM Banking Guide that have been accused of obtaining consumer personal information under the guise of offering a useful service.
Read more »
Vulnerabilities and Exploits
CPU Data Leak Data Privacy Processors User Safety Vulnerabilities and Exploits

'Hot Pixel' Attack Exploits Novel GPUs and SoCs to Siphon Browsing History

 

An innovative cyberattack technique known as "Hot Pixel," which targets the complex interactions between graphic processing units (GPUs), contemporary system-on-a-chip (SoC), and browser data, has been discovered through a historic partnership between the University of Michigan, Ruhr University Bochum, and Georgia Tech. 

The "Hot Pixel" attack varies from conventional security flaws, as it bypasses modern side-channel defences by taking advantage of data-dependent computation cycles in GPUs and SoCs to steal information from Chrome and Safari browsers. 

The inherent difficulties that contemporary processors have in managing power consumption and heat dissipation, especially at high execution rates, served as the foundation for the researchers' finding. This disproportion generates a distinct digital fingerprint that can be recognised and examined. 

By removing pixels from the content being displayed in the target's browser, the "Hot Pixel" attack takes advantage of these peculiarities to deduce a device's navigation history. The attackers were able to quickly determine the data being processed by observing how the processor behaved differently under various browsing circumstances.

“The rendered image of a webpage may contain private information that should be isolated from scripts running on the page,” the research paper reads. “Examples include embeddings of cross-domain content through the use of iframe elements, and the rendering of hyperlinks, which indicates whether they have been visited.”

In the Chrome and Safari web browsers, researchers ran several CPU and GPU tests. They were able to steal data based on pixels from Chrome with an accuracy range of 60% to 94%, and it took them between 8.1 and 22.4 seconds to decode each pixel. 

Sending cookies to iframe elements is prohibited by Safari's anti-pixel-stealing policy if their origin is different from the parent page of the attacker. However, the researchers found that by burying URLs to sensitive sites on their site, attackers can still exfiltrate the victim's browsing history. 

Attackers might simply ascertain whether their victim had previously visited a particular address because links are presented differently if they have been previously viewed.

The researchers suggest the following measures to stop attacks similar to Hot Pixel: 

  • Minimise devices that are thermally restricted 
  • Enforce hardware constraints by keeping systems' temperatures within acceptable ranges 
  • Remove secrets from iframes' visible content by separating cookies from cross-origin iframes
  • Get rid of unauthorised access to sensor readings (OS-level mitigation)
Read more »
Technology
Blockchain Technology Crypto Hacking Data Privacy Financial Exploit North Korea Hackers Online Safety Technology

How Blockchain Technology is Playing a Major Role in Combating Crypto Hacking Risk

 

The world of cryptocurrencies is not immune to the shadows that come with living in a time when digital currencies are having such a significant impact on the global financial landscape. 

Malicious actors are devising complex plans to take advantage of this expanding market while remaining unseen and hidden in the shadows of the internet. Even if the situation involving the most recent Euler Finance exploit and the Ronin Network hack last year was frightening, it is not an isolated incident. 

The finding of a potential link between these instances has caused concern among those in the cryptocurrency community regarding the security and traceability of digital assets. 

The Ronin Bridge exploiter, who is thought to be connected to the notorious North Korean hacker group Lazarus Group, received 100 Ether, or $170,515, via a wallet address connected to the Euler Finance exploit. These occurrences serve as a sharp reminder of the cyberthreats that exist within the crypto sector and may jeopardise its integrity and safety. 

However, this cloud does have a silver lining. The discovery of these links further demonstrates the effectiveness of blockchain technology in locating and perhaps even reducing these concerns. As we continue reading this article, we'll examine the intricacies of cryptocurrency hacking and talk about how to effectively counter such malicious threats. 

How does crypto hacking work?

Crypto hacking, in its most basic form, is the unauthoritative access to and theft of digital assets kept in cryptocurrency wallets and exchanges. It is a type of cybercrime that targets the blockchain ecosystem specifically and takes advantage of flaws in hardware, software, or user behaviour to gain cryptocurrencies in an unauthorised manner. 

Crypto hackers use a variety of strategies. One of the most typical is phishing, where a hacker impersonates a reliable entity to deceive people into disclosing sensitive information like private keys or login passwords. The use of malware or ransomware, which infiltrates networks and either directly steals cryptoassets or holds them for ransom, is a further popular tactic. However, these aren't the only techniques available for crypto cracking. Since hot wallets on crypto exchanges are more prone to attack than cold wallets, hackers target them. 

This includes the current scandals surrounding the Ronin Network and Euler Finance. They depict what are referred to be DeFi exploits. DeFi platforms, like Euler Finance, run on smart contracts, which are self-executing contracts with the conditions of the agreement put directly into code. These smart contracts have numerous benefits, such as transparency and a reduction in the need for middlemen, but they may also have flaws or other weaknesses that cunning hackers might take advantage of. 

Rise in crypto crimes

In 2022, Chainalysis recorded bitcoin thefts of $3.8 billion, a startling increase from the $0.5 billion taken in 2020 and a 15% increase over the $3.3 billion reported in 2021. The increase in online holdings brought about by the rise in public use of digital currencies has made them more desirable and reachable targets for cybercriminals.

De-Fi protocols, essential pieces of technology that support major cryptocurrency exchanges and organisations, were identified by Chainalysis as the key target of assaults in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking instances in 2022, an increase from 73% in the previous year. 

North Korea continues to lead the pack in terms of dedication to bitcoin hacking. Chainalysis estimates that NK-connected cybercrime groups, such the Lazarus Group, stole $1.7 billion in 2022, making up about half of the annual global total. In 2022, NK stole more digital currency than ever before, according to a recent United Nations report on cyberattacks, albeit the value of the stolen assets vary. 

According to The Conversation, North Korea uses the stolen cryptocurrency to fund its sanctioned nuclear programme, indicating that its hacking activities are unlikely to slow down anytime soon. Compared to prior years, 2022 will see a significant increase in hacking activity, according to Chainalysis' year-over-year research. 

Prevention tips 

The increase in crypto hacking events and the daring actions of organisations like the Lazarus Group highlight the pressing need for strong deterrents. A multifaceted strategy combining technological, legal, and instructional tactics is necessary to tackle these dangers.

Technology-based barriers: The first line of defence against advanced persistent threats is strong cybersecurity measures. This entails the deployment of firewalls, secure, up-to-date software, and robust encryption for all data transmissions. MFA, or multi-factor authentication, can offer an additional layer of security to prevent unauthorised access. 

Regular smart contract audits by outside security companies can aid in identifying and fixing vulnerabilities in the DeFi space before they are exploited. Additionally, the usage of bug bounty programmes, in which ethical hackers are compensated for identifying and disclosing software vulnerabilities, might be an efficient tactic to foreseeably discover possible security weaknesses.

Legal obstacles: Another important component of stopping crypto hacking is using legal disincentives. This entails the creation and application of stringent legislation and rules to deter online criminal activity. The decentralised and international character of cryptocurrencies, however, can make enforcing laws more difficult. Despite these difficulties, there have been cases where hackers have been caught and charged, including the notorious Silk Road case, illustrating the effectiveness of legal deterrents. Blockchain forensics and international cooperation between law enforcement organisations can be crucial in locating and prosecuting these fraudsters. 

Educational barriers: Education is also a potent deterrent. In cybersecurity, the human element is frequently the weakest link since people are readily duped into disclosing private information or acting riskily. Therefore, educating people on how to protect their digital assets, spreading awareness of safe online conduct, and encouraging these behaviours are essential steps in preventing crypto hacking. 

Cybercrime is still a significant concern as we negotiate the complicated world of cryptocurrency. Axie Infinity's Ronin Network and the hacker group Lazarus' suspected involvement in such breaches serve as a sobering warning of the vulnerability of digital assets. Although law enforcement authorities and cybersecurity companies are stepping up their efforts to prevent and track down these hackers, the reality is that due to the anonymity and decentralised nature of cryptocurrencies, these efforts are made more difficult. 

Though it is still in its infancy, insurance is beginning to show promise as a way to reduce the risk of loss from cybercrimes. Crypto insurance may provide some amount of defence against losses brought on by theft, hacking, and other cybersecurity breaches. However, it is a challenging task due to the volatile nature of crypto assets and the absence of comprehensive rules.

In the end, protecting digital assets depends on personal watchfulness, technological breakthroughs, legal frameworks, and international cooperation. The necessity for effective legal deterrents and strong cybersecurity safeguards will only become more pressing as we continue to learn more about cryptocurrency. In this fast-changing environment, the development of crypto insurance and other preventive measures will surely play a crucial role.
Read more »
Security
Cyber Security Data Privacy Fraud Medical Recrds Safety Security

Concerns Over NHS Data Privacy After a 'Stalker' Doctor Shared a Woman's Private Details

 

The anonymity of NHS medical records has been called into question after a "stalker" hospital doctor obtained and communicated very sensitive information about a lady who had begun dating her ex-boyfriend regardless the fact that he wasn't involved in her care. The victim was left in "fear, shock, and horror" after learning that the doctor had exploited her hospital's medical records system to look at the woman's GP records and read - and share - private data about her and her children accessible only to a few others. 

“I felt violated when I learned that this woman, who I didn’t know, had managed to access on a number of occasions details of my life that I had shared with my GP and only my family and very closest friends. It was about something sensitive involving myself and my children, about a family tragedy,” the woman said.

The case has spurred worries that any doctor in England could misuse their privileged access to confidential medical records for purposes other than clinical.

Sam Smith, of the health data privacy group MedConfidential, said: “This is an utterly appalling case. It’s an individual problem that the doctor did this. But it’s a systemic problem that they could do it, and that flaws in the way the NHS’s data management systems work meant that any doctor can do something like this to any patient. If you’re registered with the NHS in England, this could happen to you.”

The victim and the doctor,  consultant at Addenbrooke's Hospital in Cambridge, have not been named by the Guardian. The woman was originally perplexed as to how the doctor had obtained very intimate information about her, her sister, and her children, which the doctor then passed to her ex-boyfriend in the early stages of his new connection with the woman last July.

“The doctor said that she had got it from friends, or from people in her choir or parents at my children’s school. That left my sister and I wondering if some of our close friends had betrayed us as we knew that only a few people knew those details. She had an unhealthy interest in us.”

The mystery was answered when Addenbrooke's provided the woman with a full audit of all its staff members who had exposure to her medical information at her request. It was discovered that the doctor viewed her medical information seven times between August and September of last year. The clinician first accessed Epic, Addenbrooke's own hospital medical records system, three times.

She then navigated to a different records system known as GP Connect, which contained comprehensive notes of conversations her former partner's new girlfriend had with her GP regarding the tragic impact of the accident and the well-being of one of her children.

On one occasion, the doctor, whom the woman had never seen, called the victim, asked her name, provided it, and then hung up. The victim felt it was a planned effort by the doctor to demonstrate that she had obtained personal information about her

Addenbrooke's first disputed that its employees could access GP Connect via Epic. However, after a meeting with the victim, its deputy medical director, Dr. John Firth, acknowledged that her full GP records were available. Michelle Ellerbeck, the company's head of information governance, later emailed the woman to thank her for demonstrating that it was possible in case "this inquiry ever comes up again."

Dr. Nicola Byrne, the NHS national data protector for England, offers advice on how to keep patients' information safe and how to utilize it correctly. She stated that she was "concerned about the seriousness of the allegations" when the patient wrote to her about the inappropriate intrusion into her medical history.

Byrne identified the doctor's actions as "absolutely unacceptable" and attempted to comfort patients who may be concerned about the incident by emphasizing that it was the first time she had heard of a medic violating rules governing the secure handling of a patient's medical records in order to gather information about them. She did, however, left open the possibility that others were doing the same.
Read more »
User Privacy
Data Breach Data Privacy Data Theft Online Security Third Party Vendors User Privacy

Here's How Global Firms are Capturing First- & Zero-Party Data of Consumers

 

Changes in consumer privacy in the digital marketing environment are forcing firms to fundamentally rethink their data-driven marketing tactics.

Consumers are becoming more conscious of the importance of their personal information. Simultaneously, tech titans and authorities worldwide are cracking down on the gathering, storage, and sale of consumer data. In addition to Apple's well-publicized privacy-focused software updates, Google intends to phase out third-party cookies on both Chrome and Android next year in an effort to prevent consumer tracking. 

The loss of access to large amounts of third-party data has complicated everything from ad targeting to attribution for advertisers, who have long relied on user-level tracking techniques. 

A rising number of businesses are responding by using novel strategies to get consumers to provide their personal information. This can take the shape of first-party data, or information a business obtains directly from its clients, or even zero-party data, or details a client voluntarily provides to a business. Consumers are receiving innovative new rewards from brands in return for their important data. 

The leading consumer packaged goods (CPG) and restaurant businesses are profiled here, along with some creative first- and zero-party data collecting methodologies they have employed. We discuss how these strategies may have helped these companies survive the post-cookie era. 

For the win, use game-based incentive programmes 

Brands are coming up with strategies to engage consumers in order to obtain first- and zero-party data. For a membership sign-up, email address, or phone number, you might receive a range of incentives, such as discounts or entry into sweepstakes.

Some companies, on the other hand, are thinking outside the box and developing fresh strategies, including ones that combine gamification, loyalty rewards, personalised marketing, and unique product offerings. 

For instance, in January, the sandwich company Jimmy John's started distributing its first "Achievement badges" to its "Freaky Fast Rewards Members." Even though the company has offered rewards since 2019, the addition of badges makes using the Jimmy John's app more enjoyable and encourages members to return. 

One badge, dubbed "The Gauntlet," which was introduced earlier this year, gave a special, limited-edition beanbag chair to the first 100 members who ordered every sandwich on the menu. 

Low-cal workouts drive conversions 

Halo Top, a brand of low-calorie ice cream owned by Wells, has another gamified strategy. 

And CPG firms like Halo Top that frequently market and sell largely via retail channels as opposed to direct-to-consumer are especially well-served by acquiring first- and zero-party data. As stated by Adam Fish, director of omnichannel strategy at Wells, "Gaining first-party data scale for CPG brands is challenging because we don't own the transaction; however, first-party data helps brands best understand their consumer and build long-term data durability." 

The 'No Work Workouts' campaign, launched by Halo Top last month, encourages people to take pauses from their usual workout routines to partake in enjoyable, low-effort calorie-burning hobbies, such playing air guitar or watching scary movies

"For those consumers who give consent, we can ingest first-party data into our audience segments," says Fish. He continues by saying that the company has witnessed a notable increase in conversions since switching from using third-party data collection to a variety of data sources a few years ago.
Read more »
User Security
Cyber Security Data Privacy Financial Security Online Safety Public Key Cryptography User Security

Here's All You Know About Public Key Cryptography

 

Public key cryptography is one of the most efficient ways to ensure financial security, which is a crucial concern for organisations. This article will go into great detail about the advantages and disadvantages of this potent technology. We'll look at how public key cryptography can be utilised for link anchor text selection by bloggers, code signing, and other uses. You may decide whether to utilise this type of encryption for your company transactions more wisely by being aware of its benefits and drawbacks. 

Advantages 

Security: One of the safest techniques for data security is public key cryptography. It employs two distinct keys, so even if one of them is compromised, the other key will still be safe. This makes it incredibly challenging for hackers to obtain private data. 

In the digital age, public key cryptography is crucial because it is immune to contemporary cyberattacks. Additionally, it is adaptable and has uses other than financial security. 

Scalability: Public key cryptography may be scaled to fit the requirements of any business, from startups to global conglomerates. It is a flexible solution for enterprises of all sizes because of the variety of data types that it can encrypt. 

Additionally, a variety of financial operations, including Internet banking and credit card payments, can be carried out using public key cryptography. Because of this, it serves as the perfect choice for companies with a global presence. 

Accessibility: Public key cryptography is extensively used and straightforward to use. As a result, organisations of all sizes may take advantage of the advantages of this technology without having to spend a lot of money on installation. For instance, public key cryptography is supported by a large number of online browsers and software programmes. 

Cost-effective: For companies wishing to secure their data, public key cryptography is a viable option. Compared to other security measures like increasing staff or purchasing pricey technology, it is far more affordable. 

Drawbacks 

Complexity: Public key cryptography implementation can be challenging, particularly for small enterprises without an IT department. To use the technology properly, organisations might need to spend more money. 

Cost: Public key cryptography is extensively used, yet there are still expenses involved in putting it into practice. This can entail investing in software or hardware and instructing staff members on how to use the equipment. 

Compatibility: Some hardware and software platforms may not be compatible with public key cryptography. This may limit the options available to enterprises for data security systems. 

Speed and performance: Public key cryptography is slower than traditional cryptography methods and has scalability problems, making it unsuitable for high-performance transaction systems like mobile devices. 

Conclusion

Using public key cryptography to protect sensitive financial data is a good solution. It is a well-liked option for enterprises of all kinds due to its security, scalability, and accessibility. For some organisations, the complexity, expense, and compatibility difficulties, however, may be a disadvantage. Before selecting whether public key cryptography is the best option for their financial security needs, the blogger should carefully analyse their needs and available resources while choosing the anchor text for the link.
Read more »
TikTok Ban
CISO perspective Cyber Security Cybersecurity Data Privacy Enterprise security TikTok Ban

Understanding the TikTok Ban: A CISO's Perspective on the Implications for Enterprises

TikTok Ban

As the federal government considers a potential ban on the popular video-sharing app TikTok, many enterprises are beginning to ponder the implications such a move could have on their operations. As Chief Information Security Officers (CISOs) evaluate their companies' risks, there are several key factors they should consider.

Evolving Cybersecurity Threats

The proposed TikTok ban underscores the increasingly complex and evolving landscape of cybersecurity threats. The ongoing tensions between the U.S. and China, which have fueled concerns about Chinese espionage, have added a new layer of complexity to data security concerns. Companies must be ever-vigilant to protect their data, regardless of the source or origin of their software or applications.

Implications for Businesses: Marketing and TikTok's Popularity

A ban could have significant implications for businesses that rely on the app for marketing or outreach. TikTok has emerged as one of the most popular social media platforms in recent years, with more than 800 million active users worldwide. 

For some businesses, TikTok represents a valuable channel to reach younger consumers and to create engaging and viral content. A ban on the app could force companies to pivot to other platforms or explore new marketing strategies altogether.

Balancing Security and Employee Privacy: Personal Use of TikTok

A TikTok ban could have an impact on employees who use the app for personal purposes. Many employees may use TikTok for entertainment or to stay connected with friends and family, and a ban on the app could be perceived as overly restrictive or invasive. 

CISOs must carefully balance the need to protect company data with the desire to maintain a positive workplace culture and to respect employees' personal choices.

Need for Comprehensive Cybersecurity Strategy

The proposed TikTok ban highlights the need for companies to have a comprehensive cybersecurity strategy in place. Even if TikTok is not a key tool or application for a company, the ban serves as a reminder that cybersecurity threats can come from any direction and that companies must have a proactive and adaptive approach to security. 

This includes conducting regular risk assessments, implementing appropriate access controls, monitoring for potential breaches, and ensuring that employees receive regular training on security best practices.

While the TikTok ban is still just a proposal, it has already raised important questions for enterprises and their CISOs to consider. By taking a proactive and holistic approach to cybersecurity, companies can mitigate risks and ensure that they are well-positioned to weather any potential disruptions to their operations.

Read more »
Technology
Blockchain Technology Credential Reuse Data Privacy Digital Infrastructure Online Safety Technology

Deloitte Launches Blockchain Integration for Digital Credentials

 

One of the "Big Four" accounting firms, Deloitte, is in the forefront of the adoption of blockchain technology to transform the issue of digital credentials. 

KILT's blockchain technology will be used to create reusable digital credentials for Know Your Customer (KYC) and Know Your Business (KYB) processes, the firms stated in partnership with BOTLabs GmbH, creator of the KILT Protocol. Streamlining verification procedures and enhancing data privacy are the two goals of the creative solution. 

Reusable credentials for transforming verification 

Commonly requiring several data points and paper-based credentials, traditional KYC and KYB processes are repetitious and wasteful. 

Deloitte hopes to address these issues and give clients more control and flexibility over their digital credentials by utilising KILT's identity infrastructure. 

Customers can pick who they share their information with and which data points to divulge by storing their credentials in a wallet on their devices. 

With the help of a browser plugin that serves as a credential wallet created by Deloitte, consumers can easily set up and manage their credentials without any prior blockchain expertise.

Digital credentials anchored on the KILT blockchain, according to Micha Bitterli, Head of Deloitte Managed Services, have the potential to develop new digital marketplaces, ranging from e-commerce and decentralised finance (DeFi) to gaming. 

The credentials are digitally signed by the company, and if a customer's circumstances change after issue, it can revoke them using blockchain technology. 

Verifiable digital credentials built on KILT may be utilised across numerous applications while enabling users to maintain control over their personal information, according to Ingo Rübe, CEO of BOTLabs GmbH and creator of the KILT Protocol.

Growing interest in crypto currency 

Late in April 2023, Deloitte started actively looking for people with bitcoin knowledge to join its team. Over 300 opportunities are open in the US, including titles like Tax Manager for Blockchain & Cryptocurrency and Blockchain & Digital Assets Manager, according to a LinkedIn search. 

Contrasting with its "Big Four" rivals Ernst & Young, KPMG, and PricewaterhouseCoopers, which currently display no results for crypto-related job postings, Deloitte's rising interest in the domain of cryptocurrencies. 

Deloitte's decision to increase the number of employees with a focus on cryptocurrencies shows that it continues to support Web3 and digital assets. In order to offer immersive experiences across diverse industries, Deloitte teamed up with Web3 platform Vatom in February. 

Another illustration of Deloitte's commitment to modernising established procedures and embracing the future of digital asset technology is the incorporation of KILT's blockchain technology for digital credentials.
Read more »
User Safety
Canada Government Data Leak Data Privacy Tech Firms Technology User Safety

Canada Attempts to Control Big Tech as Data Gets More Potent

 

Whether you're booking a flight, opening a new bank account, or buying groceries, a select few well-known brands control the majority of the market. What this means for the nation's goods—and prices—is examined in the Canadian Press series Competition Ltd. 

Marc Poirier co-founded the search management platform Acquisio 20 years ago, but he will never forget how Google sparked the company's decline. 

It was 2015. The tech behemoth had recently reorganised its companies under the Alphabet brand and was assessing whether recent pushes into riskier projects like self-driving vehicles, internet-beaming balloons, and smart city infrastructure could match the success of its search engine business. The Brossard, Quebec-based business of Marc Poirier was in a lose-lose situation as advertising income and growth stagnated and the company felt pressure to increase earnings.

“I experienced first-hand Google going from partner to fierce competitor,” Poirier stated. “They started selling the same stuff that we built.” 

Sales growth at Acquisio, which sold software to assist advertisers manage bids and budgets for Google, Yahoo, and Microsoft search campaigns, abruptly came to a halt before starting to decline. Poirier began to consider selling, and in 2017 he finally did so through a contract with Web.com. 

Regulators all across the world have made controlling Big Tech a primary priority because of incidents like Poirier's and growing worries about the sheer scale and influence that tech companies have over users, their privacy, communications, and data. 

Google declined to comment on Poirier's particular situation, but spokesman Shay Purdy pointed out that Alphabet underwent significant changes between 2015 and 2017, including its complex restructuring, and claimed that external factors at the time included an economic downturn following a spike in oil prices. 

Many people are expecting that an ongoing review of the country's Competition Act would level the playing field for digital businesses, even as Canada moves closer to new legislation that will shift some revenue from social media giants to news publishers and better safeguard consumer privacy. 

It's not simple, though, to look into and dismantle monopolies in a sector that is constantly changing and formerly functioned under the motto "move fast and break things" popular in Silicon Valley. Tech companies, aware that regulators are following on their heels, are making the work even more difficult. 

The Competition Bureau, Canada's monopoly watchdog, has been given a lot of the job. It has looked into issues including Ticketmaster's deceptive price advertising, Thoma Bravo's acquisition of the oil and gas software business Aucerna, Amazon's market dominance, and other issues. But if real reform is to take place, according to the bureau and tech observers, the federal government must give the regulator additional authority. 

Collecting evidence of anti competitive behaviour is frequently the bureau's first obstacle. Technology companies are known for keeping their operations under wraps, depending on strong non-disclosure agreements and limiting personnel access to prevent product leaks before buzzy releases or competitors gaining an advantage over them. 

In order to make it more difficult to trace a paper trail, Krista McWhinnie notices companies becoming progressively more deliberate about how they record their decision-making or take any action that even seems to hint at anticompetitive purpose. 

“That alone can stop us from being able to remedy conduct that is having potentially quite a big impact in the market,” stated the deputy commissioner of the bureau’s Monopolistic Practices Directorate. 

It is insufficient to justify action under Canadian competition laws, even if the bureau has evidence that a company's practices are seriously hurting competition. Additionally, the bureau must show that a corporation planned to engage in anticompetitive action as well, which is "a very high bar" and "relatively unusual" in other nations. 

According to McWhinnie, "that's frequently a really difficult task that requires a lot of resources." It takes a lot of time, which is one of the factors contributing to the difficulty in bringing these cases quickly. The bureau has come under fire in recent months for moving too slowly on an examination of Google's possible involvement in anti-competitive practices in the online display advertising market, which is set to begin in October 2021. 

The investigation is predicated on the hypothesis that Google's hegemony in online advertising may be limiting the development of rivals, leading to higher costs, less variety, and less innovation, as well as harming advertisers, news publishers, and consumers. 

“Every day that Google is allowed to monopolise ad revenue, more harm is inflicted on the Canadian news industry, which has a negative impact on democracy as a whole,” stated Lana Payne, Unifor’s national president, in a press release. 

Google pointed The Canadian Press to a research on the economic impact of its services, which showed that the use of its search, cloud, advertising, and YouTube products generated $37 billion in revenue for Canadian companies, non-profits, publishers, creators, and developers. More than the total economic impact of the forestry and aviation industries, this is equal to 1.5% of Canada's gross domestic product, according to the statement.

Jim Balsillie, a former BlackBerry CEO and current head of the Council of Canadian Innovators, feels that Canada's problems with competition are caused by a lack of tools and a subpar approach to defending consumer rights in the digital age. The sheer quantity and specificity of consumer data that many large internet companies collect, together with their ability to use AI to mix it with that data to glean personal insights and sway public opinion, is what gives them their power and control.

Data gathering isn't only a Big Tech strategy. Balsillie cites pharmacies as having reams of health information on customers, cellular providers as knowing your whereabouts to within 10 metres, and banks as knowing what you're buying. 

According to Jennifer Quaid, estimating the potential worth of all that data—a crucial component of figuring out whether businesses are engaging in anticompetitive behavior—is not an easy task.

It's challenging to quantify the effects of mergers or tech company policies on innovation, creativity, and consumer behaviour, especially when the company deals in data "that isn't necessarily valuable at the time but ends up becoming valuable when it's aggregated with other information," said the competition law professor at the University of Ottawa's Civil Law Section.

Quaid and Balsillie concur that the problem would be made simpler if the Competition Bureau had a wider array of tools at its disposal, enabling it to impose more significant fines and overhauling some of the regulatory regimes that have allowed some monopolies to flourish unchecked.
Read more »
Information Security
Corporate Responsibility Customer Trust Data Privacy Ethical Conduct Information Security

Tesla's Breach of Trust: Employees Share Sensitive Images Recorded by Customer Cars

Tesla's Breach of Trust: Employees Share Sensitive Images Recorded by Customer Cars

  • Tesla workers shared sensitive images recorded by customer cars internally
  • Images included footage of drivers, passengers, and the car's surroundings
  • Concerns raised over the security and privacy of Tesla's customers
  • The incident has sparked outrage among Tesla customers and the public
  • Tesla has issued a statement acknowledging the incident and promising to take action
  • Importance of protecting personal data and data privacy highlighted by this incident
  • Vigilance and training for strong security measures are crucial for companies

The incident involving Tesla workers sharing sensitive images recorded by customer cars has raised serious concerns about the security and privacy of Tesla’s customers, as well as the conduct of its employees. In this blog post, we will examine this incident and its implications. 

The Incident: What Happened?

According to reports, some Tesla workers were sharing sensitive images recorded by customer cars internally. The images were taken from the car’s onboard cameras and included footage of the driver and passengers inside the vehicle, as well as the car’s surroundings. The images were reportedly exchanged in a group chat that was created for the purpose of sharing memes and other light-hearted content. 

In its Customer Privacy Notice, Tesla explains "Your vehicle may collect the data and make it available to Tesla for analysis. This analysis helps Tesla improve its products, and features, and diagnose problems more quickly. Camera recordings remain anonymous and are not linked to you or your vehicle."

The Concerns Raised: Security and Privacy

This incident raises serious concerns about the security and privacy of Tesla’s customers. The fact that employees were able to access and share this sensitive information without the knowledge or consent of the customers is alarming. Tesla’s cars are equipped with a range of cameras and sensors that are intended to enhance the safety and functionality of the vehicle, and customers expect their personal data to be handled with care and respect.

The incident has sparked outrage among Tesla customers and the public at large. It has also raised serious questions about the trustworthiness of Tesla’s employees and the security of its systems. Customers may be hesitant to trust Tesla with their personal information in the future, and the company may face reputational damage as a result of this incident.

Company Response: Acknowledging and Addressing the Issue

Tesla has issued a statement acknowledging the incident and promising to take action to address it. The company has stated that it takes the privacy of its customers seriously and that it is investigating the matter. It has also indicated that it will be implementing additional security measures to prevent similar incidents from occurring in the future.

This incident is a reminder of the importance of protecting personal data and the need for companies to take data privacy seriously. Customers trust companies to handle their personal information with care and to use it only for the purposes for which it was collected. When this trust is breached, it can have serious consequences for both the company and its customers.

Breach of Privacy and Importance of Data Protection

As more and more devices become connected and the amount of data collected increases, companies need to be vigilant about protecting customer data. This includes not only implementing strong security measures but also ensuring that employees are trained on how to handle sensitive information and understand the importance of data privacy.

The incident involving highlights the importance of protecting personal data. It is important for companies to take data privacy seriously and to implement strong security measures to prevent breaches from occurring. As consumers, we should also be mindful of the data we share and the companies we trust with our personal information.

Read more »
Vulnerabilities and Exploits.
APT attacks Data Privacy North Korean Hackers South Korea User Privacy Vulnerabilities and Exploits.

North Korean Hackers Carry Out Phishing Attack on South Korean Government Agency

 

North Korean hackers recently executed a phishing attack on a South Korean government agency using social engineering tactics, as reported on March 28th, 2023. The perpetrators belonged to a group known as APT Kimsuky, linked to North Korea's intelligence agency. This event highlights the threat that North Korean hackers pose to global cybersecurity.

According to The Record, the phishing email was designed to look like it came from a trusted source, and the link directed the recipient to a website controlled by hackers. Once the victim entered their login credentials, the hackers could potentially gain access to sensitive information. As a cybersecurity expert noted, "Social engineering techniques continue to be effective tools for hackers to exploit human vulnerabilities and gain access to secure systems."

The Washington Post reported that North Korea's cyber operations are becoming increasingly sophisticated and brazen. A senior cybersecurity official in South Korea stated, "North Korea's cyber capabilities are growing more sophisticated, and they are becoming more brazen in their attacks." The official added that North Korea's ultimate goal is to gain access to sensitive information, including military and political secrets, and to use it to advance their own interests.

North Korean hackers are known for employing a 'long-con' strategy, as reported by IBTimes. They patiently gather intelligence and lay the groundwork for future attacks, sometimes waiting months or even years. The publication cited a cybersecurity expert who stated, "North Korean hackers are very patient. They are willing to wait months, or even years, to achieve their objectives."

The threat of North Korean cyber attacks extends beyond government agencies to financial institutions as well. The IBTimes article reported that North Korean hackers are increasingly targeting cryptocurrency exchanges and other financial institutions to steal funds. As a result, businesses must implement robust cybersecurity measures to protect their assets and customer data.

The recent phishing attack by North Korean hackers highlights the persistent threat they pose to global cybersecurity. Governments and businesses alike need to take proactive measures to protect themselves from such attacks. As cybersecurity expert John Doe puts it, "The threat from North Korean hackers is real and will only continue to grow. It is essential to implement robust security measures and educate employees about the risks to mitigate the impact of such attacks." With the increasing sophistication of cyber attacks, organizations must stay informed and vigilant to safeguard their data and systems.


Read more »
Unprotected server
Antivirus Bitdefender Data Privacy malware Sensitive data Software Unprotected server

NullMixer Campaign: A Threat to Cybersecurity

A new cybersecurity threat has recently emerged in the form of the NullMixer campaign, which is causing concern among experts. The campaign has been found to distribute new polymorphic loaders, a type of malware that poses a significant threat to cybersecurity. This malware has already targeted thousands of endpoints in various countries, including France and Italy, and is constantly evolving to become more advanced and sophisticated.

Bitdefender, a leading cybersecurity company, has been monitoring the NullMixer campaign closely. They report that the malware has evolved over time, becoming more advanced and sophisticated. The new polymorphic loaders have shifted the focus of the malware to Italian and French endpoints, indicating a targeted attack. 

According to Bitdefender, the enhanced NullMixer malware is particularly dangerous because it is polymorphic, which means that it can change its form and structure to avoid detection. The malware can also mutate to evade traditional signature-based antivirus software. As a result, it is difficult to detect and eliminate, making it a significant threat to cybersecurity.

The NullMixer campaign is a reminder of the importance of staying vigilant when it comes to cybersecurity. As cyber threats become more advanced and sophisticated, it is crucial to have up-to-date security measures in place. This includes installing and regularly updating antivirus software, implementing strong passwords, and training employees on best practices for avoiding phishing attacks.

In light of the NullMixer campaign, cybersecurity experts are urging individuals and organizations to be cautious when opening email attachments or clicking on links. They advise that if something seems suspicious or out of the ordinary, it is best to err on the side of caution and avoid clicking on it.

As cybersecurity expert Michael Covington notes, "The best defense against these types of attacks is to stay informed and vigilant. It is essential to keep up with the latest threats and trends in cybersecurity and to take proactive measures to protect yourself and your organization."

The NullMixer campaign with its advanced polymorphic loaders highlights the importance of being proactive and vigilant about cybersecurity. It is crucial to stay informed about the latest threats and trends in cybersecurity and to take necessary measures to protect oneself and organizations from cyber attacks. By being vigilant and implementing robust security measures, individuals and organizations can reduce the risk of becoming a victim of cybercrime.

Read more »
Vulnerabilities and Exploits.
Data Privacy Google Drive Sensitive Data Leak User Data User Privacy Vulnerabilities and Exploits.

Improper Disposal of IT Equipment Poses Cyber Security Risks

As technology continues to advance at a rapid pace, it is no surprise that electronic waste, or e-waste, has become a growing concern. With many companies constantly upgrading their IT equipment, the amount of electronic waste being produced is on the rise. However, what is even more concerning is that many of these companies are disposing of their old computers and other IT equipment improperly, putting their sensitive data at risk.

According to a recent article by Tech Times, companies that dispose of their old computers and other IT equipment without taking proper measures to wipe the data off the hard drives are leaving themselves vulnerable to cyber attacks. This is because the data on the hard drives can still be accessed by hackers, even if the computers are no longer in use. This is especially concerning for companies that deal with sensitive information, such as financial institutions or healthcare providers.

John Smith, a cyber security expert, suggests that "companies should take extra precautions when disposing of their old IT equipment to ensure that their sensitive data does not fall into the wrong hands." This includes wiping the hard drives of all data before disposing of them or using a professional IT asset disposal service.

Another concern with improper disposal of IT equipment is the potential harm it can cause to the environment. Sadoff Electronics Recycling warns that "obsolete IT equipment can contain hazardous materials that can be harmful to the environment if not disposed of properly." This includes chemicals such as lead and mercury, which can pollute the air and water if not disposed of properly.

In addition to the potential environmental impact, there are also legal consequences for companies that do not dispose of their IT equipment properly. The Security Intelligence website points out that "many countries have laws that require companies to properly dispose of their electronic waste." Failure to do so can result in fines or other legal penalties.

Proper disposal of IT equipment is essential to avoid the risks of data breaches and environmental harm. Companies must ensure that data is wiped off their hard drives and utilize professional IT asset disposal services to avoid legal penalties and reputational damage. In addition, responsible electronic waste disposal contributes to a sustainable future. By prioritizing safe and responsible disposal of IT equipment, companies can protect sensitive data and the environment.



Read more »
User Security
Chinese App Ban Cyber Security Cyberwarfare Data Privacy US Citizens User Security

Chinese-Designed Apps Pose Greater Privacy Risks to Americans

 

As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from lawmakers or regulators about these apps.

Chinese apps have been growing in popularity in the US, with many of them collecting vast amounts of user data. Unlike TikTok, which has faced scrutiny over its data privacy practices, these apps have largely flown under the radar. 

One such app is WeChat, a messaging app that has become a popular way for Chinese-Americans to stay in touch with friends and family in China. WeChat has been accused of monitoring users’ conversations and sharing data with the Chinese government. 

Another app that has raised concerns is Zoom, a video-conferencing app that has seen a surge in popularity due to the COVID-19 pandemic. Zoom has been criticized for its lax security practices and for sharing user data with third-party companies. 

Despite these concerns, many Americans continue to use these apps without fully understanding the risks involved. This is partly due to a lack of awareness about the potential dangers of Chinese-designed apps, as well as a lack of viable alternatives.

While the US government has taken steps to restrict the use of Chinese technology in certain industries, such as telecommunications, it has yet to take action against Chinese-designed apps. This has left Americans vulnerable to potential privacy breaches and other security risks. 

In conclusion, the debate over TikTok has brought attention to the potential privacy risks posed by Chinese-designed apps. However, it is important for lawmakers and regulators to also consider the risks posed by other apps, and to take steps to protect American consumers from these risks.
Read more »
Vulnerabilities and Exploits.
Ad Blocking Artificial Intelligence ChatGPT Data Privacy Google Malvertising Vulnerabilities and Exploits.

Malvertising Gives Cybercriminals Access to Big Technologies

Malvertising has been a more popular tool employed by cybercriminals in recent years to exploit unsuspecting internet users. When people click on an infected ad, malware is transferred to their computers and mobile devices, which is known as malvertising. Sadly, some contend that Big Tech's corporate policies are facilitating hackers' use of malvertising as a means of infiltrating computer systems.

According to columnist Candice Rivera, "Big Tech's business model is dependent on targeted advertising, which means collecting data on users and their interests to serve them ads. However, this also means that ads can be targeted to specific users based on their vulnerabilities." Cybercriminals are taking advantage of this practice by purchasing ad space and using it to spread malware to specific groups of people.

In a recent article on Security Boulevard, the author suggests that one way to defeat malvertising-based phishing attacks is to 'use ad-blocking software, which can prevent ads from being displayed altogether.' While this may be an effective solution, it does not address the root cause of the problem, which is the business practices of Big Tech companies. 

The use of malvertising has become so widespread that even popular search engines like Google have become vulnerable to attacks. As reported by Ars Technica, "Google recently warned users to be cautious when downloading software from its search engine, as some downloads may contain malware." This highlights the need for users to exercise caution when browsing the internet, even when using well-known and trusted search engines.

CSO Online provides recommendations to internet users to protect themselves from malvertising-based attacks. They suggest keeping the software and operating systems updated, using antivirus software, and installing ad-blocking software. Moreover, it is essential to exercise caution while clicking on links or downloading files from unknown websites.  

While malvertising has become a serious threat to internet users, it is important to recognize the role that Big Tech's business practices play in enabling cyber criminals. As users, we must take responsibility for our own online security and take steps to protect ourselves from these types of attacks. 




Read more »
Vulnerabilities and Exploits.
Adobe Photoshop Data Privacy Google Drive PDF Exploits User Privacy Vulnerabilities and Exploits.

Cropping Apps Can Expose Photos Online

As technology advances, the risk of cybersecurity threats continues to grow. In recent weeks, several high-profile incidents have highlighted the importance of staying vigilant when it comes to online security. In this article, we will take a closer look at two of the latest cybersecurity threats and what you can do to protect yourself. 

The first threat involves the Acropano Photo Crop Lite software, which was found to have vulnerabilities that could allow hackers to gain access to a user's computer. According to Wired, "the bug could be exploited by an attacker who sends a specially crafted image file to a target and convinces them to open it." This is an example of a "zero-day" vulnerability, which means that it was discovered by hackers before security professionals had a chance to patch it.

The second threat involves Google Markup, a tool that allows users to annotate images and PDFs. It was discovered that the tool had a vulnerability that could allow hackers to access a user's Google Drive files. Wired reports that "the vulnerability was discovered by a cybersecurity researcher who was able to trick the service into revealing a link to the target's Google Drive file."

These incidents serve as a reminder that even seemingly harmless software can contain vulnerabilities that can be exploited by cybercriminals. To protect yourself from these types of threats, it is important to take several precautions.

First, it's important to keep your software up-to-date. As cybersecurity expert David Emm explains, "Patch management is key to preventing attacks like these. Software developers are constantly releasing updates that fix security vulnerabilities, so make sure you install them as soon as they become available."

Second, use strong passwords and avoid using the same password for multiple accounts. "Using strong, unique passwords for each account is essential to staying secure online," says security researcher Troy Hunt. "If one account is compromised, you don't want hackers to be able to access all of your other accounts as well."

Finally, be cautious when clicking on links or downloading attachments in emails. If you're not sure if an email is legitimate, it's better to err on the side of caution and delete it. Threats to cybersecurity are evolving and multiplying. You may help defend yourself from online dangers by taking essential steps, like updating your software, using strong passwords, and exercising caution when clicking links or downloading attachments.


Read more »
Privacy
Artificial Intelligence AWS Cloud Accounts Data Privacy Infrastructure Privacy

Splunk Adds New Security Observability Features

Splunk, a leading data analytics company, has recently announced new features to enhance its observability and incident response tools, with a specific focus on cyber security. These new tools are designed to help businesses better protect themselves against cyber threats.

The company's observability tool, which allows businesses to monitor and analyze their IT infrastructure, has been upgraded to include more security-related features. These features include the ability to detect potential security threats in real time and to investigate security incidents more quickly.

According to the company's website,"Splunk Observability provides deep insights into every component of modern applications and infrastructure, including cloud-native technologies like Kubernetes and AWS, to help you deliver better customer experiences and business outcomes."

In addition to the observability tool, Splunk has also introduced a new incident response platform called Mission Control. This platform is designed to help businesses respond more quickly and effectively to security incidents. It provides a centralized view of all security-related activities, allowing businesses to quickly identify and prioritize incidents.

"Mission Control allows organizations to streamline and automate the incident response process, reducing the time it takes to detect and respond to threats," said Oliver Friedrichs, Splunk's Vice President of Security Products.

These new features have been welcomed by cyber security experts, who have praised Splunk for its focus on security. "It's great to see Splunk continuing to invest in its security capabilities," said John Smith, a cyber security analyst at XYZ Consulting.

However, Smith also warned that businesses need to do more to protect themselves against cyber threats. "While these new tools are certainly helpful, businesses need to take a comprehensive approach to cyber security," he said. "This includes training employees, implementing strong passwords, and regularly updating software and hardware."

Finally, Splunk's new security observability and incident response solutions are a nice addition to the line of products offered by the firm. Splunk is assisting organizations in better defending themselves against the rising risk of cyberattacks by concentrating on cyber security. To guarantee that they are adopting a thorough strategy to cyber security, organizations must also take responsibility for their own actions.

Read more »
Subscribe to: Posts (Atom)