Search This Blog

Showing posts with label Data Safety. Show all posts

Experts Look into WhatsApp Data Leak: 500M User Records for Sale


On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum. The dataset is said to contain WhatsApp user data from 84 different countries. 

According to the threat actor, there are over 32 million US user records included. Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey each have a sizable number of phone numbers (20 million). The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens. The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.

Since such data is frequently used by attackers in smishing and vishing attacks, we advise users to be cautious of any calls from unknown numbers, as well as unsolicited calls and messages. According to reports, WhatsApp has more than two billion monthly active users worldwide. The seller of WhatsApp's database provided a sample of data to Cybernews researchers upon request. The shared sample included 1097 UK and 817 US user numbers.

Cybernews probed all of the numbers in the sample and was able to confirm that they are all WhatsApp users. The seller did not say how they obtained the database, only that they "used their strategy" to collect it, and assured Cybernews that all the numbers in the instance belong to active WhatsApp users.

Cybernews contacted WhatsApp's parent company, Meta, but received no immediate response. We will update the article as soon as we learn more. The data on WhatsApp users could be obtained by harvesting information at scale, also known as scraping, which is against WhatsApp's Terms of Service.

This claim is entirely speculative. However, large data dumps posted online are frequently obtained through scraping. Over 533 million user records were leaked on a dark forum by Meta, which has long been chastised for allowing third parties to scrape or collect user data. The actor was practically giving away the dataset for free.

Days after a massive Facebook data leak made headlines, a popular hacker forum listed an archive containing data purportedly scraped from 500 million LinkedIn profiles for sale. Phone numbers that have been leaked could be used for marketing, phishing, impersonation, and fraud.

Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data. We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”

Microsoft Announces the Microsoft Supply Chain Platform


Software as a Service (SaaS) applications from Microsoft that combine artificial intelligence, collaboration, low-code, security, and supply chain management have been launched as the Microsoft Supply Chain Platform.

Dynamics 365, Microsoft Teams, Power BI, Power Automate, Power Apps, Azure Machine Learning,
Azure Synapse Analytics, Azure IoT, the Microsoft Intelligent Data Platform, Azure Active Directory,
Defender for IoT and Microsoft Security Services for Enterprise are among the Microsoft
applications and platforms in this group.
Microsoft's PowerApps low-code development platform is intended to let users create a connected supply chain. It enables supply chain information, supply and demand insights, performance tracking, supplier management, real-time collaboration, and demand management to lessen risk.

Additionally, it addresses order tracking and traceability, pricing management, warehouse
management, and inventory optimization. According to Microsoft, businesses are suffering from an overabundance of petabytes of data that are dispersed among legacy systems, enterprise resource planning (ERP) software, and custom solutions, giving them a fragmented view of their supply chain.

The Microsoft Supply Chain Center preview has also been released by Microsoft. It promises to track global events that may impact a customer's supply chain, coordinate actions across a supply chain, and use AI to lessen supply and demand mismatches. According to Microsoft, this constitutes the foundation of the supply chain platform.

"Although supply chain disruption is not new, its complexity and the rate of change are outpacing organizations' ability to address issues at a global scale. Many solutions today are narrowly focused on supply chain execution and management and are not ready to support this new reality," said Charles Lamanna, corporate vice president, of Microsoft Business Applications and Platform, in a press release.

"Businesses are dealing with petabytes of data spread across legacy systems, ERP, supply chain management and point solutions, resulting in a fragmented view of the supply chain," Lamanna stated. 

"Supply chain agility and resilience are directly tied to how well organizations connect and orchestrate their data across all relevant systems. The Microsoft Supply Chain Platform and Supply Chain Center enable organizations to make the most of their existing investments to gain insights and act quickly." 

Even though it wants to serve as a platform for the entire supply chain, it will continue to collaborate with businesses like Accenture, Avanade, EY, KPMG, PwC, and TCS. Data from standalone supply chain systems, SAP and Oracle ERP systems, Dynamics 365, and other systems will be fed into the Microsoft Supply Chain Center.

Data ingestion for supply chain visibility is made possible via the Supply Chain Center's Data Manager capability. FedEx, FourKites, Overhaul, and C.H. Robinson are some of the partners in the preview launch. The supply and demand insights module, the order management module, the built-in Teams connection, and partner modules within the center are just a few of the prebuilt modules that the Supply Chain Center provides to solve supply chain disruptions.

According to Microsoft, the data remains consistent regardless of the module used because the center runs on a Dataverse common data service environment, eliminating the need to check which reports have the most recent data.

How these Invisible Images Enable Companies Eavesdrop on your Email — Here’s all you need to know


The emails are eavesdropping on you. Most of the billions of emails that arrive in our inboxes every day contain hidden trackers that can tell the recipient when you open them, where you open them, how many times you've read them, and much more — a privacy nightmare that many call "endemic." Fortunately, you can take measures to safeguard yourself and your inbox. 

Advertisers and marketing firms, in particular, embed tracking pixels in their promotional emails to keep track of their mass campaigns. Senders can learn which subject lines are the most "clickable," and which of their targets are potential customers, based on how people interact with them.

Though this is beneficial from an analytics standpoint, it is frequently done covertly and without consent.  There is a simple way to disable email tracking. Continue reading to learn more about these troublesome little pixels and how to get rid of them.
Email tracking pixels:

The email tracking pixel is a surprisingly simple concept that allows anyone to secretly collect a plethora of information about you as soon as you interact with their messages.

When someone wants to know if you read their email, they insert a tiny 1 pixel by 1 pixel image into it. When you open the email, it sends a ping to the server where the image is stored and records your interaction. The sender can tell your location by checking where that network ping was launched and what type of device was used, in addition to whether or not you clicked their email and how many times you clicked it.

There are two possible explanations for why you never notice that tracking graphic. For starters, it's insignificant. Second, it's in GIF or PNG format, enabling the company to keep it transparent and invisible to the naked eye. A sender will frequently conceal this in their signature. As a result, that fancy font or flashing company logo at the bottom of a commercial email may be more than just a cosmetic presence.

More importantly, studies have revealed that by pairing your location and device specifications, advertisers and other malicious actors can link your email activities with your browser cookies. This opens a can of worms because it allows them to identify you wherever you go online and connect your email address.

Most email clients, including Gmail and Outlook, do not have this feature built-in, but you can use third-party tools. It's recommended to use the Chrome and Firefox extensions Ugly Email for Gmail. It places an "eyeball" icon next to emails containing tracking pixels and prevents them from spying on you. If you use Yahoo or Outlook, you can also use Trocker, which marks emails with trackers on their websites.

These extensions, however, are only available on your computers. You'll need to subscribe to a premium email client like HEY to detect email trackers on your phone.

How to block email tracking pixels?

Email trackers are easy to detect because they rely on hidden media attachments. The simplest method is to simply disable image loading in your email apps by default and only do it manually for emails you trust or when there is an attachment to download.

1. Adjust your existing inbox: On Gmail, the option to block external images is available under Settings > Images > Ask Before Displaying External Images on the web and mobile apps. On Outlook apps, it’s found under Options > Block External Images on mobile and Options > Trust Center > Automatic Download on desktop.

Though Apple Mail also lets you accomplish this from Preferences > Viewing > Load remote content in messages, you can directly block trackers on it as long as you’re on macOS Monterey. Head over to Mail > Preferences > Privacy and check the “Protect Mail Activity” box. 

2. Get yourself a private relay email address: The issue with the methods discussed previously is that they only block tracking pixels after the email has already arrived in your inbox — they don't remove them entirely. To ensure that you never open an email containing trackers by accident, you'll need a proxy address that scans your messages and eliminates any malware before they show up in your inbox.

Another advantage is that you can keep your personal email address private and only provide a relay ID to websites, newsletters, and other services. There are numerous free services that provide a proxy email address. 

Email Protection from DuckDuckGo is recommended. It allows you to create a new custom relay address, which secures your mail before forwarding it to your personal inbox by booting the trackers and encrypting any unsecured links in the body. DuckDuckGo adds a small section at the top of forwarded emails that tells you whether it found any trackers in it and, if so, which companies were responsible for it.

To sign up for the DuckDuckGo app on an Android or iPhone, go to Settings > Email Protection. You can get started on a desktop with the DuckDuckGo browser extension or its Mac browser.

Google Reaches an Agreement with 40 States Over Location Tracking Practices


Google has consented to a $391.5 million settlement with 40 states over its use of location tracking, according to Oregon Attorney General Ellen Rosenblum. Even when users thought they had turned off location tracking in their account settings, Google continued to collect information about their whereabouts, according to Oregon's Attorney General's office. 

Commencing in 2023, the settlement requires Google to be more transparent with users and provide clearer location-tracking disclosures. The settlement was led by Rosenblum and Nebraska Attorney General Doug Peterson. As per the release, it is the largest consumer privacy settlement ever led by a group of attorneys general.

“Consistent with improvements we’ve made in recent years, we have settled this investigation which was based on outdated product policies that we changed years ago,” said Google spokesperson José Castañeda in a statement.

The basis of the investigation was revealed in a 2018 Associated Press report.

Rosenblum said in the release, “For years Google has prioritized profit over their users’ privacy. They have been crafty and deceptive. Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers.”

Google paid $85 million to settle a similar lawsuit with Arizona last month, and the company is facing additional location tracking lawsuits in Washington, D.C., Indiana, Texas, and Washington state. According to the four AGs, Google was using location data for its ad business. 

The lawsuits instruct the court to order Google to hand over any algorithms developed with allegedly ill-gotten gains, as well as any monetary profits.

The Impact of Geopolitical Turmoil on the Cybersecurity Threat Landscape


With over 10 terabytes of data stolen each month, ransomware remains one of the top threats in the new report, with phishing emerging as the most common initial vector of such attacks. Other threats that rank high alongside ransomware are attacks on availability, also known as Distributed Denial of Service (DDoS) attacks. 

However, geopolitical situations, particularly Russia's invasion of Ukraine, have acted as a game changer for the global cyber domain during the reporting period. While the number of threats continues to rise, we are also seeing a wider range of vectors emerge, such as zero-day exploits and AI-enabled disinformation, and deepfakes. As a result, more malicious and widespread attacks with greater destructive potential emerge.

EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners, and therefore all EU citizens.”

During the reporting period of July 2021 to July 2022, the most prominent threat actors were state-sponsored, cybercrime, hacker-for-hire actors, and hacktivists.

Based on an analysis of the proximity of cyber threats to the European Union (EU), the number of incidents in the NEAR category has remained high over the reporting period. This category includes affected networks, systems, and networks that are controlled and ensured within EU borders. It also includes the affected population within the EU's borders.

Threat assessment across industries

The threat distribution across sectors, which was added last year, is an important aspect of the report because it contextualizes the threats identified. This analysis shows that no industry is immune. It also reveals nearly 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%), and the general public (12%) while the other half is shared by all other sectors of the economy.

ENISA classified threats into eight categories. The frequency and severity of these threats determine how prominent they remain.
  • Ransomware: 60% of affected organizations may have paid ransom demands
  • Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
  • Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smashing, and vishing
  • Threats against data: Increasing in proportionally to the total of data produced
  • Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes, and disinformation-as-a-service
  • Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Emerging contextual trends:
  • Cunning threat actors are turning to zero-day exploits to accomplish their goals.
  • Since the Russia-Ukraine war, a new wave of hacktivism has emerged.
  • DDoS attacks are becoming more sophisticated as they migrate to mobile networks and the Internet of Things (IoT), which are now being used in cyber warfare.
  • Deepfakes and disinformation powered by AI By flooding government agencies with fake content and comments, the proliferation of bots modeling personas can easily disrupt the "notice-and-comment" rule-making process as well as community interaction.
  • Threats against availability: The largest denial of service (DDoS) attack ever was launched in Europe in July 2022
  • Internet: the destruction of infrastructure, outages, and rerouting of internet traffic.
A threat impact assessment reveals five types of impact: reputational, digital, economic, physical, and social damage. Although the impact of most incidents is unknown because victims fail to disclose information or the information is incomplete.

The motivation of the top threats was examined. According to the findings, ransomware is solely motivated by monetary gain. Geopolitics, with threats such as espionage and disruptions, can provide motivation for state-sponsored groups. Ideology may also be the driving force behind hacktivist cyber operations.

Enterprises Enhancing Data Protection for Cloud Workloads


Most businesses are opting for multiple cloud services to guard their data, according to Cloud Protection Trends Report 2023 published by Veeam software. 

The report covered four important “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). 

The report is the result of a third-party research firm that surveyed 1,700 IT firms from 7 nations (US, UK, France, Germany, Japan, Australia, and New Zealand), on their utilization of cloud services in both production and protection scenarios. Here are key highlights of Cloud Protection Trends Report 2023: 

• Technical failures are the most frequent cause of downtime with an average of 53% of respondents experiencing outages across infrastructure/networking, server hardware, and software. 46% of respondents experienced cases of an administrator configuration error, while 49% were hindered by accidental deletion, overwriting of data or corruption caused by users. 

• With cybersecurity continuing to be a critical issue, data protection strategies have evolved, and most organizations are giving backup responsibilities to experts, instead of requiring each workload (IaaS, SaaS, PaaS) owner to safeguard their own data. 

•Today, 98% of businesses employ a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery (BCDR) planning, implementation, and testing. 

• Expertise is recognized as the main differentiator by users choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies. 

“The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries,” stated Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam.

“As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another — creating even more complexity in data protection strategy.”

Leaked Amazon Prime Video Server Exposed Users Viewing Habits

A database containing Amazon Prime Video users' viewing habits, which was stored on an internal Amazon server, was accidentally exposed online and could be accessed by anyone with a web browser. 
Anurag Sen, a cyber-security researcher, discovered the database containing Amazon Prime viewing habits on an internal Amazon server that was accessible online. According to TechCrunch, the database was first detected as being exposed to the internet on September 30 by the search engine Shodan.

"But because the database was not protected with a password, the data within could be accessed by anyone with a web browser just by knowing its IP address," the report noted.

The database contained nearly 215 million viewing data entries, such as the name of the show or movie being streamed, the device on which it was streamed, and other internal data. The Amazon Prime Video database was eventually taken down from the Internet. According to an Amazon spokesperson, there was a "deployment error with a Prime Video analytics server."

"This problem has been resolved and no account information (including login or payment details) was exposed. This was not an AWS issue; AWS is secure by default and performed as designed," the spokesperson added.

'The Lord of the Rings: The Rings of Power' attracted more than 25 million global viewers on its first day, the largest debut in Prime Video history, and is closing in on 100 million viewers to date, according to the company's latest Q3 earnings call. It also kicked off Prime Video's inaugural season as the exclusive home of NFL Thursday Night Football with over 15 million viewers for its first game.

Retail Giant Woolworths Discloses Data Breach Impacting Million MyDeal Customers


Woolworths, Australia's largest retailer, revealed on Friday that a recent data breach affected the personal information of 2.2 million MyDeal customers. 

Woolworths purchased 80% of the MyDeal online marketplace in September, but the company claims MyDeal systems are completely separate from its own, and that the incident had no impact on them. A threat actor used a compromised user's credentials to gain access to the MyDeal customer relationship management (CRM) system, according to the company. 

This allowed the attacker to access MyDeal customer data such as name, email address, phone number, delivery address, and, in some cases, date of birth. Woolworths stated that only 1.2 million of the impacted customers' email addresses were compromised.

“MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach. The customer data was accessed within the MyDeal CRM system and the website and app have not been impacted,” the company explained.

Customers who have been affected are being notified via email. The authorities have also been notified.

The breach comes just a few weeks after Optus, an Australian telecommunications company, disclosed a cybersecurity incident affecting nearly 10 million people, including 2.1 million who had their identification numbers compromised.

A New Era of Digital Money & Security


The increasing use of digital financial services—mobile banking, online purchasing, and peer-to-peer payments—means that money is increasingly passing from computer to computer rather than through human hands. There will be no cash, plastic cards, paper bills, checks, envelopes, or stamps. Digital is no longer just another method of transferring funds. 

Every organisation that moves money must interact with customers through computers, smartphones, and other devices, and provide quick, secure payment services. As consumers worldwide sought to shop without contacting anything or going anywhere, the covid-19 pandemic boosted digital money movement, from online purchases to contactless payments and smartphone wallets.

“The common denominator across almost all post-pandemic behavioural shifts is the growing importance of digital payments. Covid forced a market that was already growing to greatly accelerate,” says Paul Fabara, executive vice president and chief risk officer at Visa, whose worldwide networks handled an estimated $13 trillion worth of transactions last year.

According to the World Bank's Global Findex Database, 76% of adults worldwide have a financial institution or mobile money provider account as of 2021, up from 68% in 2017 and 51% in 2011. 71% of adults in developing countries are included in this figure. By 2021, nearly 95% of adults in high-income economies will have made or received digital payments. During the pandemic, 80 million adults in India and 100 million in China made their first digital payment.

Fraudsters are well-known for going where the money is, and their online activities are expanding in lockstep with the increase in digital transactions. As per FBI's Internet Crime Report for 2021, annual losses from cybercrime in the United States nearly doubled between 2019 and 2021, from $3.5 billion to $6.9 billion.

Driving online transactions

According to Aaron Press, research director of worldwide payment strategies at IDC, who tracks the development and adoption of real-time payments, business-to-business customers are beginning to demand the same seamless real-time transactions that consumers expect.“If you think about the way you shop online for personal things or pay your friends using a mobile-to-mobile app, those expectations are finding their way into the business environment,” he says.

According to an MIT Technology Review Insights survey of global business leaders, digital payment technologies are of high interest across all types and sizes of businesses. Although 36% of respondents are new to digital payments, 43% expect to expand their offerings over the next 18 months, and many are experimenting with cross-border transactions (37%), as well as cryptocurrency (18%).

Press concluded, "Digital payments are more efficient and dramatically reduce errors. You’re much less likely to fill out something the wrong way, because there are checks and balances within the system.”

The full report can be viewed here.

Elbit Confirms Data Breach After Ransomware Gang Claims Hack


Elbit Systems of America, a subsidiary of Israel's Elbit Systems, has confirmed a data breach, just months after a ransomware group claimed to have compromised the company's systems. 

The Fort Worth, Texas-based company stated in a notification to the Maine Attorney General's office that the breach occurred on June 8 and was discovered the same day. According to the report, only 369 individuals are impacted. Elbit discovered the breach after observing unusual activity on its network, according to a notification sent to impacted customers by a law firm on its behalf. The network was immediately shut down, and security measures were implemented.

According to an investigation aided by a cybersecurity firm, the attacker may have obtained information belonging to specific employees, such as name, address, social security number, date of birth, direct deposit information, and ethnicity. Individuals affected were notified in July and offered a year of free identity protection and credit monitoring services, according to the company.

Elbit Systems of America provides solutions in the areas of defence, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support.

In late June, the Black Basta ransomware group announced that it had hacked Elbit Systems of America. According to the group's Tor-based leak website, all of the files stolen from Elbit have been made public, indicating that the defence company has declined to pay the hackers' ransom.

At the time of writing, the Black Basta website was extremely slow and only displayed a few documents reportedly stolen from the defence contractor, including a payroll report, an audit report, a confidentiality agreement, and a non-disclosure agreement. Elbit has been contacted for more information about the incident by SecurityWeek.

The Black Basta ransomware operation first surfaced in April, and cybersecurity experts have discovered links to the notorious Conti group. In order to increase its chances of getting paid, the operation employs a double extortion strategy that involves encrypting files and stealing valuable data from compromised systems. The group has grown into a major threat, with approximately 100 victims listed on the Black Basta leak website.

Elbit Systems of America has previously been targeted by hackers. In 2018, the company admitted to being targeted after a hacker allegedly stole account information from its systems. However, it did not confirm an actual breach or data theft at the time.

Optus Data Breach: Australia’s Telco Giant Confirms Data of Millions of Users Compromised


Australia’s second largest Telecom Company, Optus has recently become a victim of a cyberattack that attack apparently led to the exposure of personal data of its current as well as former customers. According to Trevor Long, a Sydney-based tech analyst, the attack is the biggest breach of personal data from any Australian firm. 

The firm states that as soon as the attack was detected, it worked towards containing the attack, subsequently shutting it down before customers could suffer any harm. The company believes that one of the networks was still exposed to the test network with internet access. 

The data breach notification read, “Following a cyberattack, Optus is investigating the possible unauthorized access of current and former customer [..] Upon discovering this, Optus immediately shut down the attack.” 

In the wake of the attack, the firm confirmed that its customers' private data could be compromised since the attackers had an access to the customer identity database and opened it to other systems via Application Programming Interface (API). The firm further told that its network was accessed from an external source.  

The exposed data, as per the firm’s statement in a press release included customers’ names, dates of birth, contact numbers, email addresses, residential addresses, and identity documents numbers such as passport and driving licenses. The company’s services on the other hand, including mobile and home internet, have not been compromised and the attackers were void of access to messages and phone calls. 

Is Human Error Responsible For The Breach? 

At a media briefing, when asked about the possibility of a human error being responsible for the breach, Optus CEO Kelly Bayers Rosemarin stated that “I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so will not be divulging details about that.” 

The company has denied any claims of a human error that could execute this data breach. The CEO also apologized to the firm’s customers, stating it was challenging to offer immediate advice unless the case investigation was complete. 

The CEO also mentioned the strong cyber defense softwares invested in Telco pertaining to the attacks. She further said that this attack should be a wake-up call for all organizations in order to avoid becoming a victim of a data breach. 

Attackers Compromise Employee Data at PVC-Maker Eurocell

According to a law firm, a leading British PVC manufacturer has been contacting current and former employees to notify them of a "substantial" data breach. 

A data protection law specialist, Derbyshire-based Eurocell, which also operates as a distributor of UPVC windows, doors, and roofing products, disclosed the news in a letter to those affected. The firm apparently explained in it that an unauthorised third party gained access to its systems, as per Hayes Connor.

The compromised data included employment terms and conditions, dates of birth, next of kin, bank account, NI and tax reference numbers, right-to-work documents, health and wellbeing documents, learning and development records, and disciplinary and grievance docs. That's a lot of information for potential fraudsters to use in subsequent phishing or even extortion.

Eurocell has reportedly stated that there is no proof of data misuse, but this will provide little comfort to those affected. It is also unknown how many employees would be affected.

“The company has over 2,000 current employees, but it is possible that many more former employees could also be at risk given the type of information that has been exposed,” warned Hayes Connor legal representative, Christine Sabino.

“Every employer has various obligations when it comes to data security, which means they have a duty to keep sensitive information secure. This type of incident warrants a significant investigation. Our team has started to make our own enquiries into the case and are determined to ensure our clients get the justice they deserve.”

Hayes Connor made headlines earlier this year when it announced that over 100 current and former employees of a leading luxury car dealership would sue the firm following a data breach. On that occasion, they were dissatisfied with LSH Auto's lack of transparency regarding the incident.

Dark Data: A Crucial Concern for Security Experts


BigID recently released a research paper that examines the current problems that businesses face in safeguarding their most critical information. A number of important findings emerged from the research:
  • Dark data is extremely concerning to 84 per cent of businesses. This is data that businesses aren't aware of, but which accounts for more than half of all data in existence and can be extremely sensitive or vital. 
  • Unstructured data is the most difficult to manage and safeguard for eight out of ten businesses. Unstructured data generally comprises a variety of sensitive information and is challenging to scan and identify due to its inherent complexity. 
  • More than 90% of businesses have trouble implementing security standards involving sensitive or important data. Data policy reach and enforcement are crucial for proper data asset management, remediation, and security. 
Data is an organization's most valuable asset, relying on it every day to make critical strategic and operational choices. Unfortunately, most of this data is highly sensitive or critical, and it can be exposed accidentally or maliciously in some instances. 

Dimitri Sirota, CEO of BigID stated, “Data is the fuel that drives a company forward. However, a lot of this data is personal and as it accumulates, so does cyber risk. You owe it to your customers, partners, and employees to keep this data safe, let alone to keep your business running. This report reinforces the fact that most continue to struggle to confidently protect their most valuable data.” 

Sensitive or essential data is being spread throughout the environment at unprecedented rates, thanks to the rapid rise of public, private, hybrid, and multi-cloud models. As the scope of this type of data grows, so does the risk to the organisation. 

The research looks into the most significant security issues, the core causes of these problems, and practical ways to improve data security so that teams can protect their most valuable data assets.

Payment Fraud Attack Rate Across Fintech Increased by 70% in 2021


The index based on a global network of over 34,000 sites and apps and a poll of over 1,000 consumers, reveals that payment fraud attacks across fintech increased by 70% in 2021, the greatest increase of any category in the network. 

Payment fraud has increased in tandem with a whopping 121 percent year-over-year increase in fintech transaction volumes on Sift's network, making this industry a tempting target for cybercriminals. These escalating attacks, as per this data, were mostly focused on alternative payments such as digital wallets, which witnessed a 200 percent increase in payment fraud, as well as payments service providers (+169 percent) and cryptocurrency exchanges (+140 percent). 

These approaches were targeted towards buy now/pay later (BNPL) providers, which showed a 54 percent increase in fraud attack rates year over year. Sift's Trust and Safety Architects discovered a rising number of fraud schemes on Telegram in late 2021, providing unlimited access to BNPL accounts via fake credit card numbers and compromised email addresses, demonstrating the wide range of methods fraudsters use to target the whole fintech sector.

Along with a 23 percent increase in blocked payment fraud assaults in 2021, Sift noticed a network-wide rise in daily transaction volumes across all industries. Similarly, 49 percent of poll respondents indicated they've been a victim of payment abuse in the last one to three years, with 41 percent of those who have been victims in the last year alone. Financial service websites were regarded as the sites that pose the most risk by 33% of the victims, which could have a detrimental impact on the customer’s trust. 

Jane Lee, Trust and Safety Architect at Sift. stated, “Many brands fail to realize that the damage of payment fraud goes beyond the initial financial impact. The vast majority of consumers report abandoning brands after they experience fraud on a business’s website or app, diminishing customer lifetime value and driving up acquisition costs. Further, potential customers who see unauthorized charges from a particular company on their bank statements will forever associate that brand with fraud. In order to combat these attacks and grow revenue, businesses should look to adopt a Digital Trust & Safety strategy—one that focuses on preventing fraud while streamlining the experience for their customers.”

Facebook has Exposed a 'God Mode' Token that Might be Used to Harvest Data


Brave stated that it is prohibiting the installation of the popular Chrome extension L.O.C. because it exposes users' Facebook data to potential theft. "If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user's Facebook data," explained Francois Marier, a security engineer at Brave, in a post. "The API used by the extension does not cause Facebook to show a permission prompt to the user before the application's access token is issued." 

Loc Mai, the extension's developer, stated in an email that the Graph API on Facebook requires a user's access token to function. The extension sends a GET request to Creator Studio for Facebook to receive the token, which allows users of the extension to automate the processing of their own Facebook data, such as downloading messages. The request returns an access token to the extension for the logged-in Facebook user, allowing additional programmatic interactions with Facebook data. 

Zach Edwards, a security researcher, said, "Facebook faced nearly an identical scandal in 2018 when 50 million Facebook accounts were scrapped due to a token exposure." Nonetheless, Facebook appears to regard this data dispensing token as a feature rather than a bug. 

According to Mai, his extension does not harvest information, as stated in the extension's privacy policy. Currently, the extension has over 700,000 users. "The extension does not collect the user's data unless the user becomes a Premium user, and the only thing it collects is UID – which is unique to each person," explained Mai. 

As per Mai, the extension saves the token locally under localStorage.touch. This is a security concern but is not evidence of wrongdoing. L.O.C. is still available on the Chrome Web Store. A malicious developer, on the other hand, might harvest Facebook data using the same access technique, because Facebook is releasing a plain-text token that grants "god mode," as Edwards describes it. 

According to Edwards, Facebook's Terms of Service fall short in this regard because, while the company requires individuals to utilize its app platform, it does not prohibit people from utilizing browser extensions. 

This loophole, which exposes user data, is exacerbated by the way Chrome extensions now work. According to Edwards, Chrome extensions can seek authorization on one domain you control and another you don't, and then open a browser tab upon installation to scrape API tokens and session IDs for various types of apps.

Swiss Army Bans WhatsApp at Work


A spokesman for the Swiss army announced Thursday that the use of WhatsApp while on duty has been prohibited, in favour of a Swiss messaging service regarded more safe in terms of data security. 

Using other messaging applications like Signal and Telegram on soldiers' personal phones during service activities is likewise barred. 

Commanders and chiefs of staff got an email from headquarters at the end of December advising that their troops switch to the Swiss-based Threema. According to army spokesman Daniel Reist, the recommendation applies "to everyone," including conscripts serving in the military and those returning for refresher courses. 

Switzerland is known for its neutrality. However, the landlocked European country's long-standing position is one of armed neutrality and has mandatory conscription for men.

During operations to assist hospitals and the vaccination campaign in Switzerland's efforts to prevent the Covid-19 pandemic, the concern of using messaging apps on duty came up, as per Reist. The Swiss army will bear the cost of downloading Threema, which is already used by other Swiss public agencies, for four Swiss francs ($4.35, 3.85 euros). 

Other messaging services, such as WhatsApp, are governed by the US Cloud Act, which permits US authorities to access data held by US operators, even if it is stored on servers located outside of the nation. Threema, which claims to have ten million users, describes itself as an instant messenger that collects as little data as possible. It is not supported by advertisements. 

The company states on its website, "All communication is end-to-end encrypted, and the app is open source." 

According to an army spokesman mentioned in a Tamedia daily report, data security is one of the reasons for the policy change. As per local surveys, WhatsApp is the most popular messenger app among 16- to 64-year-olds in Switzerland.