Search This Blog

Showing posts with label Mobile Apps. Show all posts

Car Rental Giant Sixt Hit by Cyberattack, Operations Shut Down

Rental car giant Sixt, a company based in Germany announced that it has been hit by a cyberattack that resulted in large-scale inconvenience in Sixt's global operations. In April, the company closed down some parts of its IT infrastructure to restrict a cyberattack. 

Only important systems were operating, like the company website and mobile applications. Sixt said that the disturbance for employees and customers was expected, it believes that the disruption was contained to great extent. 

According to the company, it has offered business continuity to its customers, but the temporary disruptions in customer care centers and few branches can be expected for some time. "As a standard precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, in particular, the website and apps were kept up and running," said Sixt in a statement. Sixt did most of the car bookings with pen and paper last week, and systems that were not important have been shut down after the cyberattack. 

Calling customers were provided an automated notification "due to a technical problem, we are currently unavailable." No more details are available as of now, Sixt said that it has launched an inquiry into the issue, however, didn't disclose any information on how the attack happened. Sixt is requesting its customers to be patient until the issue is resolved. No ransomware group has claimed the responsibility for the attack as of now, however, the chances of ransomware are highly likely. 

According to Bleeping Computer, ransomware groups are targeting companies like Sixt because of the upcoming tourism season. Vacations are easy money for car rental companies. Ransomware groups generally operate during high traffic periods to increase the chances of damage to the targets. 

The greater the damage, the easier the ransom payment. Sixt said "impacts on the company, its operations and services have been minimized to provide business continuity for customers. However, temporary disruptions, in particular in customer care centers and selective branches, are likely to occur in the short term."

Mental Health Apps Fail Privacy Guidelines Spectacularly, Says Mozilla

An inquiry into mental health and prayer apps disclosed a problematic lack of concern around user security and privacy. Last Monday, Mozilla published the findings of new research about these kinds of apps, which mostly deal with sensitive issues like depression, anxiety, mental health awareness, PTSD, domestic violence, etc., and religion-based services. Mozilla's recent "Privacy Not Included," guide says that even though these apps manage personal information, they regularly share data, allow easy passwords, pick vulnerable users via targeted ads, and show poorly written and vague privacy policies. 

In a study consisting of 32 applications focused on mental health and religion, Mozilla identified 25 apps that failed to meet its Minimum Security Standards. The privacy standards work as the main highlight for the Privacy Not Included reports. The unauthorized sharing and selling of user data, poor data management services, poor encryption, weak password guidelines, inaccurate vulnerability management system, and different lax privacy policies can lead to the downgrading of a vendor product in accordance with Mozilla's standards. 

Once an app fails to touch these minimum standards, they are labeled with a "the privacy not included" warning tag. Mental health and healing-related applications have received an accolade, but they can't be covered. To protect users' privacy and security, these applications are the worst in any product category that Mozilla experts have investigated or reviewed in the past six years. The examined apps include Better Help, Talkspace, Calm, 7 Cups, Glorify, Wysa, Headspace, and Better Stop Suicide. 

As a result, every one of these apps now has a dedicated slot that users can access to know more about the app's privacy and security rating. According to ZDNet, "while the app gathers some personal information and says that users can reach out to them if they have further queries, they did not respond to Mozilla's attempts at contact and did not mention who "trusted partners'" were when data sharing. Only two applications on the list, PTSD Coach and the AI chatbot Wysa seemed to take data management and user privacy seriously."

How Australia’s Leader Lost Control of His Chinese Social Media Account

 

After Prime Minister Scott Morrison's WeChat account was hacked, a Liberal member of parliament accused the Chinese government of foreign intervention. 

"It is a matter of record that the platform has stopped the Prime Minister's access, while Anthony Albanese's account is still active featuring posts criticising the government," Liberal representative Gladys Liu stated

"In an election year especially, this sort of interference in our political processes is unacceptable, and this matter should be taken extremely seriously by all Australian politicians." 

Liu stated she would stop utilizing her professional and personal WeChat accounts until the platform presented an explanation for the incident as part of her accusations against the Chinese government. 

Several Coalition members have supported Liu's charges and boycott, with Liberal Senator James Paterson, chair of the Parliamentary Joint Committee on Intelligence and Security, asking for Opposition Leader Anthony Albanese to boycott WeChat as well. 

The Prime Minister's office is attempting to contact the Chinese government regarding the account hijacking, according to Stuart Robert, the Minister responsible for digital transformation, who told The Today Show on Monday morning. 

"It is odd, and of course, the Prime Minister's office is seeking to connect through to them to work out and get it resolved," Robert said. 

Morrison's WeChat account was apparently changed and he had accessibility issues months ago, according to NewsCorp Australia, with the Prime Minister being unable to access the account at all.

Morrison's account is linked to a Chinese national based in Fujian, according to Australian Strategic Policy Institute senior analyst Fergus Ryan, because WeChat's policies at the time mandated accounts to be linked to the ID of a Chinese national or a business registered in China. 

A Tencent spokesman confirmed to ZDNet on Monday evening that the account was originally registered by a PRC individual, but that it is currently being managed by a technology services organisation. 

"Based on our information, this appears to be a dispute over account ownership -- the account in question was originally registered by a PRC individual and was subsequently transferred to its current operator, a technology services company -- and it will be handled in accordance with our platform rules," the Tencent spokesperson said. 

"Tencent is committed to upholding the integrity of our platform and the security of all users accounts, and we will continue to look into this matter." 

According to ABC News, Morrison's WeChat account was sold to Fuzhou 985 Information Technology in November of last year by the registered owner. 

The Chinese corporation allegedly purchased the social media account since it had roughly 75,000 followers and had no idea it was owned by Morrison. 

WeChat has been subjected to increasing restrictions in China, after being placed on notice last year for gathering more user data than was considered essential while providing services.

Swiss Army Bans WhatsApp at Work

 

A spokesman for the Swiss army announced Thursday that the use of WhatsApp while on duty has been prohibited, in favour of a Swiss messaging service regarded more safe in terms of data security. 

Using other messaging applications like Signal and Telegram on soldiers' personal phones during service activities is likewise barred. 

Commanders and chiefs of staff got an email from headquarters at the end of December advising that their troops switch to the Swiss-based Threema. According to army spokesman Daniel Reist, the recommendation applies "to everyone," including conscripts serving in the military and those returning for refresher courses. 

Switzerland is known for its neutrality. However, the landlocked European country's long-standing position is one of armed neutrality and has mandatory conscription for men.

During operations to assist hospitals and the vaccination campaign in Switzerland's efforts to prevent the Covid-19 pandemic, the concern of using messaging apps on duty came up, as per Reist. The Swiss army will bear the cost of downloading Threema, which is already used by other Swiss public agencies, for four Swiss francs ($4.35, 3.85 euros). 

Other messaging services, such as WhatsApp, are governed by the US Cloud Act, which permits US authorities to access data held by US operators, even if it is stored on servers located outside of the nation. Threema, which claims to have ten million users, describes itself as an instant messenger that collects as little data as possible. It is not supported by advertisements. 

The company states on its website, "All communication is end-to-end encrypted, and the app is open source." 

According to an army spokesman mentioned in a Tamedia daily report, data security is one of the reasons for the policy change. As per local surveys, WhatsApp is the most popular messenger app among 16- to 64-year-olds in Switzerland.