Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Private Data. Show all posts

Researchers Develop AI "Worms" Capable of Inter-System Spread, Enabling Data Theft Along the Way

 

A team of researchers has developed a self-replicating computer worm designed to target AI-powered applications like Gemini Pro, ChatGPT 4.0, and LLaVA. The aim of this project was to showcase the vulnerabilities in AI-enabled systems, particularly how interconnections between generative-AI platforms can facilitate the spread of malware.

The researchers, consisting of Stav Cohen from the Israel Institute of Technology, Ben Nassi from Cornell Tech, and Ron Bitton from Intuit, dubbed their creation 'Morris II', drawing inspiration from the infamous 1988 internet worm.

Their worm was designed with three main objectives. Firstly, it was engineered to replicate itself using adversarial self-replicating prompts, which exploit the AI applications' tendency to output the original prompt, thereby perpetuating the worm. 

Secondly, it aimed to carry out various malicious activities, ranging from data theft to the creation of inflammatory emails for propagandistic purposes. Lastly, it needed the capability to traverse hosts and AI applications to proliferate within the AI ecosystem.

The worm utilizes two primary methods for propagation. The first method targets AI-assisted email applications employing retrieval-augmented generation (RAG), where a poisoned email triggers the generation of a reply containing the worm, subsequently spreading it to other hosts. The second method involves inputs to generative-AI models, prompting them to create outputs that further disseminate the worm to new hosts.

During testing, the worm successfully pilfered sensitive information such as social security numbers and credit card details.

To raise awareness about the potential risks posed by such worms, the researchers shared their findings with Google and OpenAI. While Google declined to comment, an OpenAI spokesperson acknowledged the potential exploitability of prompt-injection vulnerabilities resulting from unchecked or unfiltered user inputs.

Instances like these underscore the imperative for increased research, testing, and regulation in the deployment of generative-AI applications.

Meta is Collecting Consumers Data from Thousands of Firms

 

Consumer Reports conducted an experiment which revealed that Instagram and Facebook collect your private data from thousands of firms. The company is also the largest reporter of potentially child sexual abuse materials (CSAM), yet many of these reports are sent in a fashion that raises legal concerns.

To find out where parent firm Meta gets its personal data from for targeted advertising, Consumer Reports sought the assistance of over 700 volunteers.

The Markup, an American nonprofit news publication, says the study found that Meta collected data from an average of 2,230 companies. Markup assisted Consumer Reports in finding study participants. The last three years' worth of participant data were retrieved from Facebook settings and sent to Consumer Reports in an archive. 

A total of 186,892 companies shared data concerning them to the social network, according to Consumer Reports. 2,230 companies on average shared the data of each study participant to Facebook. This figure varied widely, with the data from some participants suggesting that over 7,000 companies submitted their data. 

Undoubtedly, data brokers were the most common source of private information that the social media giant collected, but Amazon and Home Depot were also in the top 10. 

The websites you visit are the most frequently acquired sort of data, either through cookies or tracking pixels that allow for the creation of an interest and activity profile. 

If you search for bathroom fittings on Amazon, for instance, adverts for that particular product category or more general ones like home renovations may appear. Similarly, if you visit a lot of tech websites, you may be served gadget ads. 

Meta states that it provides consumers with choices and is open about the data it collects and uses: “We offer a number of transparency tools to help people understand the information that businesses choose to share with us, and manage how it’s used.” 

However, the Electronic Privacy Information Centre argues that suggesting that customers understand the extent and nature of this tracking is foolish. 

“This type of tracking which occurs entirely outside of the user’s view is just so far outside of what people expect when they use the internet […] they don’t expect Meta to know what stores they walk into or what news articles they’re reading or every site they visit online,” the centre stated.

Anthropic Pledges to Not Use Private Data to Train Its AI

 

Anthropic, a leading generative AI startup, has announced that it would not employ its clients' data to train its Large Language Model (LLM) and will step in to safeguard clients facing copyright claims.

Anthropic, which was established by former OpenAI researchers, revised its terms of service to better express its goals and values. The startup is setting itself apart from competitors like OpenAI, Amazon, and Meta, which do employ user material to enhance their algorithms, by severing the private data of its own clients. 

The amended terms state that Anthropic "may not train models on customer content from paid services" and that Anthropic "as between the parties and to the extent permitted by applicable law, Anthropic agrees that customer owns all outputs, and disclaims any rights it receives to the customer content under these terms.” 

The terms also state that they "do not grant either party any rights to the other's content or intellectual property, by implication or otherwise," and that "Anthropic does not anticipate obtaining any rights in customer content under these terms."

The updated legal document appears to give protections and transparency for Anthropic's commercial clients. Companies own all AI outputs developed, for example, to avoid possible intellectual property conflicts. Anthropic also promises to defend clients against copyright lawsuits for any unauthorised content produced by Claude. 

The policy complies with Anthropic's mission statement, which states that AI should to be honest, safe, and helpful. Given the increasing public concern regarding the ethics of generative AI, the company's dedication to resolving issues like data privacy may offer it a competitive advantage.

Users' Data: Vital Food for LLMs

Large Language Models (LLMs), such as GPT-4, LlaMa, and Anthropic's Claude, are advanced artificial intelligence systems that comprehend and generate human language after being trained on large amounts of text data. 

These models use deep learning and neural networks to anticipate word sequences, interpret context, and grasp linguistic nuances. During training, they constantly refine their predictions, improving their capacity to communicate, write content, and give pertinent information.

The diversity and volume of the data on which LLMs are trained have a significant impact on their performance, making them more accurate and contextually aware as they learn from different language patterns, styles, and new information.

This is why user data is so valuable for training LLMs. For starters, it keeps the models up to date on the newest linguistic trends and user preferences (such as interpreting new slang).

Second, it enables personalisation and increases user engagement by reacting to specific user activities and styles. However, this raises ethical concerns because AI businesses do not compensate users for this vital information, which is used to train models that earn them millions of dollars.

1.5 Billion Real Estate Records Leaked, Including Elon Musk and Kylie Jenner

 

Jeremiah Fowler, a cybersecurity researcher, uncovered and notified VPNMentor about an exposed database related to the New York-based online business Real Estate Wealth Network. The compromised database had 1.5 billion records, including real estate ownership data for millions of people. 

The database, which had a total size of 1.16 TB (1,523,776,691 records), had organised folders containing information on property owners, sellers, investors, and internal user tracking data. It included daily logging records from 4/22/23 to 10/23/23 that included internal user search data. 

Cameron Dunlap founded Real Estate Wealth Network in 1993 to provide education and resources for real estate investors. The platform costs a one-time, non-refundable fee of $1,450 for access to a vast collection of data, which includes online courses, training materials, a community, and mentorship/coaching from experienced experts. 

Upon further investigation, Fowler discovered that the exposed database contained the purported property ownership data of celebrities including Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi. 

The online disclosure of celebrities' addresses could pose a number of threats, including concerns for their safety, invasion of privacy, stalking, and harassment by fans or malicious people. 

"The data was organised in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgements, obituary (death), vacant properties, and more," VPNMentor’s blog post read. 

Everyone, famous or not, is at risk because real estate tax data, which includes information on property ownership, assessed property values, tax assessment history, and property tax payment history, can be used by criminals to gather personal information on property owners. 

Threat actors can utilise the data to target individuals with social engineering or phishing attacks, with the goal of obtaining financial or other personal information. The disclosure of data revealing whether a person bought their home with cash, without a mortgage loan, or has fully paid off their mortgage may increase the risk of financial fraud.

Property and mortgage fraud remain major issues, with the FBI reporting 11,578 incidents resulting in $350 million in losses in a single year, a 20% rise from 2017. Typically, property fraud entails taking a homeowner's identity and fabricating ownership documentation. 

Although the disclosed database has been locked from public access, a Real Estate Wealth Network representative confirmed ownership. The duration of the exposure and the possibility of unauthorised entry remains unknown. Only a forensic audit conducted internally could determine whether the records were accessed, extracted, or downloaded. 

This incident serves as a clear warning of the possibility of fraudulent activity involving easily accessible information. Property owners should be vigilant when disclosing personal information, especially in response to unsolicited requests for property information. Understanding the risks associated with semi-public data is critical for asset protection.

Insomniac Games Cybersecurity Breach

A cyberattack has compromised the prestigious game company Insomniac Games, exposing private data without authorization. Concerns over data security in the gaming business have been raised by this hack, which has spread throughout the community.

Targeting Insomniac Games, the company behind the well-known Spider-Man series, the cyberattack was purportedly executed by a gang going by the name Rhysida. Fans and the gaming industry were left in a state of anticipation and fear as the hackers obtained access to a treasure mine of data, including secret footage of new projects like Wolverine.

The leaked information not only included sneak peeks into future game developments but also internal data that could compromise the studio's operations. The gravity of the situation prompted a rallying of support for Insomniac Games from both the gaming community and industry professionals.

Amid the chaos, cybersecurity experts have been quick to emphasize the importance of robust security measures in an era where digital attacks are becoming increasingly sophisticated. This incident serves as a stark reminder that even major players in the gaming industry are vulnerable to cyber threats.

Insomniac Games responded promptly to the breach, acknowledging the incident and assuring fans that they are taking necessary steps to address the issue. The studio urged users to remain vigilant and promptly report any suspicious activities related to their accounts.

The gaming community, known for its passionate fanbase, has shown solidarity with Insomniac Games in the wake of the cyberattack. Messages of support have flooded social media platforms, emphasizing the need for collective efforts to combat cyber threats and protect the integrity of the gaming industry.

As the situation unfolds, industry leaders and policymakers are likely to scrutinize the incident to enhance cybersecurity protocols across the gaming landscape. The hack serves as a wake-up call for developers and publishers to invest in cutting-edge security measures to safeguard intellectual property and user data.

Leaders in the industry and legislators will probably be closely examining the incident as it develops to improve cybersecurity practices in the gaming sector. Developers and publishers should take note of this hack and invest in state-of-the-art security solutions to protect user data and intellectual property.

The recent hack on Insomniac Games serves as a reminder that even the biggest names in the gaming business are susceptible to online attacks. The aftermath of this disaster calls for the gaming community as a whole to prioritize cybersecurity in addition to data security. One thing is certain as the gaming industry struggles with the fallout from this breach: protecting digital assets is critical to the business's long-term viability and public confidence.

WALA's Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

 


The Worldwide Australian Labradoodle Association (WALA) has been the target of a new cyberattack in which private data of pet owners, pet microchip numbers, veterinarians, and testing laboratories affiliated with WALA have been leaked to the public as a result of the latest cybersecurity incident. WALA is a prominent worldwide dog breeding organization based in the United States. No security authentication or password was used for this breach to occur. 

Security researcher Jeremiah Fowler was the one who brought the incident to light. Fowler explained that the data leak occurred as a result of a misconfiguration of the WALA cloud server. There were approximately 56,000 documents that were exposed in the leaky server, together with a size of 25 gigabytes, which represented a trove of sensitive and personal information. 

Fowler's analysis concluded that the exposed records contained PII information, which can include names, addresses, phone numbers, email addresses, microchip numbers, and other medical-related information regarding the owners of the pets, the records also contained other medical information about these pets. 

An openly available cloud storage database contained 56,624 files in formats such as .pdf, .png, and .jpg, all with sizes of 25 GB, and which were stored as a total of 25,512,680 documents. The database appears to belong to a group called the Worldwide Australian Labradoodle Association (WALA). This was further investigated upon finding out who owned the database. 

Australian Labradoodles is a breed that is promoted by an international breed organization dedicated to breeding. There is a large number of members and affiliate breeders in WALA across the world, however, the organization's main office is located in the state of Washington, United States. In addition to its headquarters in the United States, WALA has regional offices throughout the world, namely Australia, Europe, and Asia. 

It is, by definition, a non-profit organization, which brings together Australia's Australian Labradoodle breeders worldwide, and in particular its members are committed to ensuring the long-term success of the breed through the stabilization of high breeding standards, and the building of a comprehensive and accurate pedigree repository, as well as the preservation of health records. 

Documents contained in the package included health reports, DNA tests, and a pedigree or lineage history of all of the dogs that showed the offspring, parents, grandparents, and so on. It was also found in the files that the information about the dogs' owners, veterinarians, and testing laboratories was also included, and that other information was also included, such as the digital chip numbers or the tattooed identification numbers of the dogs. 

There are many kinds of documents with names, addresses, phone numbers, and email addresses in them. It all depends on what the document is about. Pet medical data has a lot of implications that have never been considered when users think of a data breach involving health records. The pet industry generates tremendous amounts of money every year, and history has shown that there is always an element of risk involved when there is a possibility of making money. 

Approximately 67% of US households - or 85 million families - own one or more pets which is about the number of households in this country. This means that they spend about 123.6 billion U.S. dollars a year on pets, according to the American Pet Products Association (APPA). Pet insurance policies typically cover accidents, illnesses, and, in some cases, routine care. 

Additionally, certain policies even provide coverage for hereditary conditions and wellness check-ups, ensuring comprehensive protection for your beloved pet's health. It is crucial to consider the potential risks associated with a data breach in the context of pet insurance fraud. The exposed information could be exploited to manipulate and falsify medical documents, thereby facilitating fraudulent insurance claims. This alarming possibility highlights the importance of robust security measures to safeguard sensitive data. 

It is worth noting that historical data reveals a significant surge in this type of fraud between 2010 and 2015, with fraudulent claims witnessing an astounding increase of over 400% during that period. This emphasizes the need for constant vigilance and proactive measures to combat such fraudulent activities. 

The primary purpose of pet microchipping is to find or identify lost pets and reunite them with their owners. This technology plays a crucial role in ensuring the safety and security of our beloved furry companions. Knowing a pet’s microchip number alone does not inherently pose a significant risk to the pet’s safety or security; however, when combined with other information and ownership data, there could be potential risks. 

It is important to be aware of the potential dangers that may arise from the misuse of this information. Hypothetically, criminals could falsely claim ownership of a lost or stolen pet using a publicly leaked microchip number, putting the pet's well-being at risk. This highlights the need for pet owners to be vigilant and take necessary precautions. Pet theft is a real concern — an estimated 2 million dogs are stolen every year in the United States. 

The alarming rise in pet theft cases is a cause for concern among pet owners nationwide. Labradoodles, known for their adorable appearance and friendly nature, can sell for as much as 5,000 USD, making them a potentially valuable target for criminals.

Pet owners need to be proactive in safeguarding their pets and ensuring their well-being at all times. Even if the criminal does not have physical access to the pet, there are other risks. A social engineering scheme would allow criminals to contact pet owners, posing as authority figures, and request personal information from them to update the microchip database, certifications, or other registrations. This would then be done by using social engineering tactics. 

The criminal, if successful, has the potential to acquire both credit and banking information or personally identifiable information (PII) from the owners. This could potentially pave the way for various forms of fraudulent activities, including identity theft. It is worth noting that the chip number is intricately connected to the owner's contact details within the microchip database, thereby raising concerns regarding the exposure of personal information.

In light of this, pet owners are advised to exercise caution when confronted with requests for information about their pet's microchip. As a precautionary measure, it is always advisable to verify the identity of individuals claiming to be authority figures and promptly report any suspicious activity related to their pet's microchip to the appropriate microchip registry and local authorities. By doing so, pet owners can actively contribute to safeguarding their personal information and preventing potential instances of fraud or identity theft. 

Any organization that collects and stores documents on animals or humans should take all possible steps to secure potentially sensitive information. This includes implementing a multi-layered security strategy that ensures all software, including database management systems, is regularly updated with security patches to address known vulnerabilities. 

By regularly updating the software, organizations can stay ahead of potential threats and protect stored information. Another good practice is to regularly monitor your network and database activity for suspicious behaviour. This can help identify any unauthorized access attempts or unusual activity that may indicate a security breach. 

In addition, conducting penetration testing and vulnerability assessments can help proactively identify and remediate weaknesses or misconfigured access settings. These assessments provide valuable insights into the organization's security posture and can guide the implementation of appropriate security measures. Lastly, it is important to notify customers or members of any serious data incident. By doing so, they can be made aware of what was exposed and take necessary precautions if criminals attempt to contact them or use the information for fraud. This level of transparency and communication builds trust with customers and helps them stay vigilant in protecting their personal information.

Data from 8,000 Consumers May Have Been "Compromised," Electric Ireland Warns

 

Electric Ireland may be required to compensate customers whose data was compromised if they were defrauded. And it has been revealed that it was garda, not the energy utility, who learned that customer data had been tampered with. 

This week, the energy company issued a note to 8,000 people warning them that their financial and personal data may have fallen into the wrong hands, raising the possibility of fraud. The letter included a form on which those affected by the data breach were asked to reveal whether they believed they had been the victims of fraud. 

"Reports of potentially fraudulent activity sent to us by return post will be collated and shared with the gardaí," stated Electric Ireland. 

Electric Ireland would only respond, when asked if it would pay out compensation to those who were duped as a result of the data breach, with the words, "customers who believe they suffered a financial loss should also approach their bank or financial institution." 

However, it is understood that if a customer's bank or credit card company declines to compensate them, the ESB-owned supplier might wind up having to pay compensation to customers who incur financial loss as a result of the data breach. 

Furthermore, it has surfaced that the gardaí affiliated with the Garda National Cyber Crime Bureau detected the data breach. The Garda National Economic Crime Bureau was then tasked with looking into the situation. 

"An Garda Síochána got in touch with the impacted utility company right away and is still in communication with them. There isn't any more information available as this is an ongoing investigation, the statement stated. 

Electric Ireland was not mentioned by name, but this week the energy provider acknowledged that 8,000 customers' financial and personal information might have been compromised. People affected by the breach may need to cancel the debit and credit cards they use to pay their energy bills as it seems so severe. 

It has been advised for those who use bank accounts to pay Electric Ireland to look back two years to see if their accounts have been compromised. The letter goes on to say that customers who have not received a letter from Electric Ireland are not required to take any action.

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

 

The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.

According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas. 

The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world. 

A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity. 

The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards. 

He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology. 

Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers. 

As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.

He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches. 

Past violations of cybersecurity

Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines. 

The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude. 

Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.

Here's How Hackers Sell and Trade Your Data in the Metaverse

 

Your data might be lost in the metaverse, a place where reality takes on new forms and lovely virtual landscapes arise. 

Imagine yourself in a bustling digital marketplace, surrounded by avatars dressed in the latest digital attire. A secret underground network is concealed in the metaverse's shadowy side while you're taking in all the sights and sounds. Here, data sellers and hackers can be found together, chatting about the most recent hacks and online theft. 

Darkverse: A flip side of metaverse

If you're not sure what the darkverse is, think of the wild west of the digital world; it's a place where wicked acts flourish in the absence of law. Cybercriminals, hackers, and other malicious actors dwell in this shadowy domain and operate outside the bounds of morality and the law, significantly jeopardising the stability and security of the metaverse. 

Identity theft, fraud, and data breaches are commonplace in the darkverse, preying on unsuspecting users who take a chance in this dangerous environment. Automated bots roam freely, spamming and deceiving innocent users, while cutting-edge AI and deepfake technology generate fake data, obscuring a matter of truth and reliability. 

What type of data is sold on metaverse? 

Cybercriminals have adapted to this environment by selling all forms of stolen data to the highest bidders, and metaverse data marketplaces are similarly active. Personal data, which can include your name, address, phone number, and other information, comes first on the list. 

Identity theft is common in the metaverse, as malicious actors might adopt your online persona for profit or other reasons. So, before you go in, it's useful to learn about the most common metaverse crimes. 

Another noticeable commodity is financial data. Credit card information, bank account information, and digital wallets are highly sought after because cybercriminals can use this information to conduct unauthorised transactions, depleting victims' accounts in the blink of an eye. 

Access credentials are another common item on the illicit market. If hackers obtain your usernames and passwords, they will gain access to your digital life and cause havoc on your social media, emails, and more vital accounts. In virtual worlds and blockchain-based games, rare skins, strong weaponry, and one-of-a-kind artefacts are stolen and sold for real-world cash. 

Finally, private communications containing sensitive information are a bonanza for hackers. They'll try to pry into your personal communications, gathering compromising information to use against you or sell to the highest bidder. 

Mitigation tips 

Since the metaverse has yet to make an appearance, little can be said about how to address these challenges. So far, people's hopes are aligned with Zuckerberg himself. He might develop a robust cybersecurity structure for the metaverse and implement techniques to assure data privacy and security.

However, given the privacy concerns that have emerged as a result of the idea, there are a few ways that users, whether companies or individual netizens, can secure data privacy and security within the metaverse. 

Organisations can govern the use of such information because accumulating personal information and surveillance is not something that anyone other than Facebook can control. Any organisation that establishes virtual offices in the metaverse should have stringent data privacy and security rules in place. Users should be able to control how much personal information they are willing to reveal. 

Aside from that, organisations using AR/VR devices or platforms should rigorously monitor the risks of hack assaults, data breaches, and other hostile attacks. Similarly, these organisations will need to plan ahead of time for hostile AI attacks and enable defence against them. 

Individual users who join the metaverse should be cautious about the amount and type of information they reveal. Furthermore, it is critical that they implement internet security measures meant to safeguard customers from privacy intrusions and data breaches.

Chastity Device Designer Exposes Customers’ Private Data Due to Server Vulnerabilities

 

A security researcher found that users of a company's chastity device ran the risk of having their private information exposed. The researcher was able to access over 10,000 users' email addresses, plaintext passwords, home locations, IP addresses, and GPS coordinates thanks to security weaknesses in the company's servers. 

The researcher attempted to notify the company of the vulnerabilities and persuade them to make the necessary repairs after finding them. The company hasn't yet replied to the flaws or fixed them, though. 

TechCrunch, a security news portal who initially published the report, has chosen to withhold the company's identity in order to protect its users from the continued risks they face. To notify people of the issue at hand, it contacted the company's web provider and China's Computer Emergency Response Team (CERT). Unfortunately, the company has not made any efforts to fix these issues. 

The researcher defaced the company's homepage in an effort to alert the company and its customers. But within a day, the firm fixed the vulnerabilities without restoring the website or removing the researcher's warning. 

In addition to the issues that were exposed, the researcher also found that the company's website was leaking records of customers' PayPal payments, including their email addresses and the dates of their payments.

The chastity device that the company sells is designed to be controlled by a partner using an Android app. By sending exact GPS locations, the software enables partners to follow a device user's movements. Unfortunately, hackers have previously exploited vulnerabilities in sex devices like chastity cages to their advantage, and have taken control of these gadgets to demand victims for ransom payments. 

This incident highlights the necessity of resolving security issues in internet-connected devices, especially those that involve sensitive personal data. It is critical for companies to make the security of the data of their customers first priority and to take immediate action to patch any vulnerabilities identified.

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Here's How You Can Remove Private Info From Google Search Results

 

Have you ever come across something about yourself that was private or secret in a search engine result? That would not only be embarrassing, but it might also raise security risks like identity theft.

Google is trying to make it less complicated for you to locate and delete any personal information that appears in a search now. The search engine giant highlighted new privacy features and tools in a blog post earlier this week in an effort to help you safeguard your personal information. 

The first thing on the list is a new dashboard for an existing feature called 'Results about you'. This function, which was introduced in 2022, allows you to keep track of any personal information that appears in a search result so that you can ask Google to delete it. 

With the help of a recent upgrade, the 'Results about you' dashboard will not only assist you in finding those particulars but also enable you to ask for their removal using the same tool. The function will also notify you if fresh information starts to show up in open search results. 

You may access the dashboard by visiting the Results about your website on the web or by clicking your account photo in the Google mobile app and choosing Results about you. Run a name search on Google from there. For the purpose of limiting the results, you might need to include your city and state.

If a search generates your email address, phone number, or home address, you can request that Google remove the information by clicking or touching the three-dot icon and selecting Remove result. Next, specify why you want the data erased. Complete the remaining steps before submitting the request to Google.

In response, the company will analyse your request to see if it fits the policy standards for removal, which could take a few days. If your request gets approved, Google will eliminate the specific result you specified. You can also check on your requests at the dashboard, which displays all requests, including those in process, accepted, denied, and undone.

However, keep in mind that deleting items from a Google search does not actually remove the content. By going directly to the source website or employing a different search engine, people might still be able to locate it.

Defending Against Stealer Log Cyber Threats

Cyber attacks are a serious concern in a digital environment that is becoming more linked. Silent cyber threats have become more common among the many different types of cyberattacks because of their covert nature and potentially disastrous outcomes. The stealer log, a tool used by bad actors to steal sensitive information from unwitting victims, is one notable variation. This article addresses ways to lessen the impact of the stealer log lifecycle on people and organizations while also delving into its complexities.

According to cybersecurity experts, a stealer log is a sophisticated malware designed to covertly infiltrate systems, gather confidential data, and exfiltrate it without arousing suspicion. These logs can harvest a wide array of information, including login credentials, financial data, and personal identification. An analysis by Flare Systems reveals that stealer logs often initiate their lifecycle through phishing emails or compromised websites, thus underscoring the importance of email security and robust browsing practices.

"Stealer logs are a testament to cybercriminals' evolving tactics. Understanding their lifecycle is crucial in building effective defenses against these threats," remarks Dr. Emily Parker, a cybersecurity analyst.

The lifecycle of a stealer log typically encompasses several stages:

  • Infiltration: Cybercriminals distribute malware through deceptive emails or exploit kits on compromised websites. Users are tricked into downloading and executing the malware, unknowingly granting it access to their systems.
  • Data Collection: Once inside the system, the stealer log meticulously captures sensitive data. It can record keystrokes, take screenshots, and extract stored passwords from browsers and other applications.
  • Encryption and Exfiltration: The stolen data is encrypted and transmitted to a remote server controlled by the attackers. This step ensures that the information remains hidden from security measures.
  • Remote Command and Control: Attackers can remotely control the malware, allowing them to update its functionality, deploy additional payloads, or pivot to new attack vectors.

Efforts to counter the stealer log threat are underway. A study highlights the significance of multi-factor authentication (MFA) and security awareness training in safeguarding against these threats. "Employing MFA adds an additional layer of protection, requiring attackers to breach multiple barriers, which can significantly impede their progress," states cybersecurity expert John Anderson.

Moreover, Flare Systems emphasizes continuous monitoring and incident response readiness as vital components of effective defense strategies. Regular system scans, behavioral analysis, and prompt patching of vulnerabilities can help detect and mitigate potential breaches before they escalate.

As cyber-attacks get more sophisticated, it is crucial to comprehend the lifecycle of tools like stealer logs while creating proactive security measures. By combining user education, technological advancements, and stringent security protocols, people and organizations can continue to have an advantage in the continuous struggle with cyber attackers. By being knowledgeable and using the right strategies, one can move confidently and resiliently in the digital world.

Data Breach from Accreditation Org Exposes Sensitive Data of Educational Institutions

 

Jeremiah Fowler, a cybersecurity researcher, has disclosed an extensive data breach that has caused significant worries regarding the safety of sensitive data in the education sector. A staggering 682,438 records concerning educational institutions were found in an unencrypted database that Fowler discovered.

The exposed data belongs to the Southern Association of Independent Schools, Inc (SAIS), a well-known non-profit organisation that assists schools and educators throughout the United States and numerous other countries. 

The data dump featured a huge array of sensitive information spanning from 2012 to 2023, making it a gold mine for potential cyber thieves. The hacked documents included student and instructor data, health information, social security numbers (SSN), active shooter and lockdown notices, school maps, financial budgets, and other information. 

Confidential third-party security research assessing flaws in school security, camera positions, access points, and other crucial information that could represent a real-world security risk to students and faculty were of special concern.

The compromised database contained an incredible 572.8 GB of data in several file forms, including PDF, Excel, PPTX, doc, docx, png, jpg, and pages.


Potential threats and implications 

According to Fowler's blog post, the compromised records included student PII, private medical information, teacher background checks, pay information, and interview details. Additionally, the hack exposed budgets, financial reports, vehicle registrations, insurance policies, tax records, training materials, and a large amount of other unrelated information. 

The data breach highlighted a variety of potential threats, from simple extortion to more complex identity theft and financial crimes. Criminals who gain access to such private information may use it to commit fraud, such as applying for credit or loans in the names of educational institutions. 

Safety measures 

Schools, educational institutions, and accreditation authorities must give top priority to installing fundamental security measures like firewalls, encryption, and multi-factor authentication if they are to reduce potential threats in the future. 

Additionally, to effectively address and manage data breaches, should they occur, detailed incident response plans should be established, as well as routine employee training on cybersecurity best practices.

Hackers Infect Call of Duty Players with Self-Spreading Malware


Hackers have recently been discovered abusing Call of Duty players with a self-propagating software attack, raising serious concerns among the gaming community. This malicious activity, which security researchers have uncovered, has aroused concerns since it may compromise user data and interfere with gaming activities. 

Cybercriminals have reportedly been targeting Call of Duty users with a self-spreading malware strain, according to TechCrunch. The malware is made to fast propagate from one player to another by using the game's connected network infrastructure as a distribution channel. Unsuspecting players engage with the virtual environment, and the malware stealthily infiltrates their computers, potentially allowing illegal access to private data.

Particularly sneaky is the malware's method of dissemination. When playing online games with other infected individuals or taking part in shared gameplay events, players frequently become infected without being aware of it. Players who have been infected by the malware multiply exponentially as it spreads through in-game social interactions, which broadens the threat's reach and impacts.

Since this problem is so serious, numerous cybersecurity companies and gaming communities have responded. In order to stop and stop the spread of malware, researchers from reputable security groups have been actively examining the behavior of the malware. The malware is highly versatile and challenging to entirely eradicate because of its self-propagating nature, which presents challenges.

Players of Call of Duty and the game industry as a whole could face serious dangers. Personal information, including login credentials, payment information, and other sensitive details, is vulnerable to exploitation after it has been compromised. The malware's presence can also have a negative effect on the gaming experience by causing latency, crashes, or unapproved access to in-game resources.

Security professionals advise players to exercise caution and take the appropriate safety measures to protect their systems. The chance of infection can be reduced by upgrading antivirus software often, using secure passwords, and keeping an eye out for shady in-game activities.

The issue is being actively addressed by gaming firms and platform suppliers as well. In order to put in place practical solutions that can identify and stop the spread of malware in real-time, they are stepping up security precautions and working with cybersecurity professionals.

Players must be aware of any threats in this situation, as well as stay current on the most recent information from reliable sources about current events. A primary goal for the gaming business and its devoted community must be maintaining player safety and security as the gaming landscape changes.

Employees are Feeding Sensitive Data to ChatGPT, Prompting Security Concerns

 

Despite the apparent risk of leaks or breaches, according to the latest study from Netskope, employees are still sharing private company information with chatbots like ChatGPT and AI writers. 

The study, which examines 1.7 million users across 70 international organisations, discovered an average of 158 monthly cases of source code being posted to ChatGPT per 10,000 users, making it the most significant corporate vulnerability ahead of other types of sensitive stuff. 

Although there are far fewer instances of private data (18 incidents/10,000 users/month) and intellectual property (4 incidents/10,000 users/month) being posted to ChatGPT, it is obvious that many developers are just unaware of the harm that may be done by leaked source code. 

Netskope also emphasised the surge in interest in artificial intelligence along with continuing exposures that can result in weak points for businesses. The study indicates a 22.5% increase in GenAI app usage over the previous two months, with major companies with more than 10,000 users using an average of five AI apps per day.

In comparison to other GenAI apps, ChatGPT leads with eight times as many daily active users. Each user has the ability to do a great deal of harm to their employer with an average of six prompts per day. 

Grammarly (9.9%) and Bard (4.5%) round out the top three generative AI apps used by companies worldwide, joining ChatGPT (84%) at number one. Bard is growing at a strong 7.1% each week compared to ChatGPT's 1.6% per week. 

Ray Canzanese, director of threat research at Netskope, argues that while many may claim that posting source code or other sensitive information can be avoided, it is "inevitable." Canzanese instead lays the burden of implementing AI controls on the organisations. 

According to James Robinson, the company's Deputy Chief Information Security Officer, "organisations should focus on evolving their workforce awareness and data policies to meet the needs of employees using AI products productively." 

The company advises IT teams and admins to deploy suitable contemporary data loss protection technology, regularly teach users, prohibit access to superfluous or overly risky apps, and provide frequent user coaching.

Typo Delivers Millions of US Military Emails to Russia's Ally Mali

 

Due to a small typing error, millions of emails from the US military were unintentionally forwarded to Mali, a Russian ally. For years, emails meant for the US military's ".mil" domain have been transmitted to the west African nation with the ".ml" extension. 

According to reports, some of the emails contained private information including passwords, medical information, and high officers' travel schedules. The Pentagon claimed to have taken action to resolve the situation.

The Financial Times, which broke the story, claims that Dutch internet entrepreneur Johannes Zuurbier discovered the issue more than ten years ago. He has held a contract to handle Mali's national domain since 2013 and has apparently collected tens of thousands of misdirected emails in recent months. 

None were tagged as classified, but they included medical data, maps of US military bases, financial records, and planning documents for official trips, as well as some diplomatic letters, according to the newspaper. 

This month, Mr Zuurbier issued a letter to US officials to raise the alarm. He stated that his contract with the Mali government was about to expire, implying that "the risk is real and could be exploited by US adversaries." On Monday, Mali's military administration was set to take control of the domain.

According to current and former US officials, "classified" and "top secret" US military communications are routed through separate IT networks, making it unlikely that they will be accidentally compromised. 

However, Steven Stransky, a lawyer who previously served as senior counsel to the Department of Homeland Security's Intelligence Law Division, believes that even seemingly innocuous material could be beneficial to US adversaries, especially if it includes specifics on individual employees. 

"Those sorts of communications would mean that a foreign actor can start building dossiers on our own military personnel, for espionage purposes, or could try to get them to disclose information in exchange for financial benefit," Mr Stransky explained. "It's certainly information that a foreign government can use." 

Lee McKnight, a Syracuse University professor of information studies, believes the US military was lucky that the issue was brought to its attention and that the emails were directed to a domain used by Mali's government rather than cyber criminals.


He went on to say that "typo-squatting" - a sort of cybercrime that targets individuals who misspell an internet domain - is rampant. "They're hoping that a person will make a mistake, and that they can lure you in and make you do stupid things," he noted. 

Both Mr. McKnight and Mr. Stransky believes that human errors are a major concern for IT professionals working in government and the private sector alike.

Massive Data Breach at HCA Healthcare: 11 Million Patients' Information Compromised by Hackers

 

Hospital and clinic operator HCA Healthcare has announced that it experienced a significant cyberattack, posing a risk to the data of at least 11 million patients. 

The breach affects patients in 20 states, including California, Florida, Georgia, and Texas. HCA Healthcare, headquartered in Nashville, disclosed that the compromised data includes potentially sensitive information such as patients' names, partial addresses, contact details, and upcoming appointment dates.

This breach, discovered by the company on July 5, is considered one of the largest healthcare breaches in history. HCA Healthcare revealed that the hackers accessed various types of information, including patient names, cities, states, zip codes, emails, telephone numbers, dates of birth, genders, service dates, locations, and next appointment dates.

"This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages," the company said in its Monday announcement.

"The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate," it said.

If the estimated number of affected patients reaches 11 million, this breach would rank among the top five healthcare hacks reported to the Department of Health and Human Services Office of Civil Rights. The most severe breach in this sector occurred in 2015 when medical insurer Anthem was compromised, affecting 79 million individuals. In that case, Chinese spies were indicted, but there is no evidence that the stolen data was ever sold.

According to the Associated Press, the suspected hacker behind the HCA breach initially posted a sample of the stolen data online on July 5, attempting to sell it and potentially extort HCA. The hacker claimed to possess 27.7 million records and subsequently released a file on Monday containing nearly 1 million records from HCA's San Antonio division.

To ensure the legitimacy of any invoices or billing requests, HCA is advising patients to contact the chain at (844) 608-1803 before making any payments. The company has reported the incident to law enforcement and engaged third-party forensic and threat intelligence advisors. 

HCA maintains that the breach, which exposed approximately 27 million rows of data related to around 11 million patients, did not include highly sensitive information such as patients' treatment or diagnosis details, payment information, passwords, driver's license numbers, or Social Security numbers.

Although DataBreaches.net initially reported on the hack and shared a code sample purportedly offered by the hacker, HCA's spokesperson clarified that the code was an email template developed by the company, and the client ID mentioned referred to a doctor's office or facility, not a patient.

HCA Healthcare assured that it has not discovered any evidence of malicious activity on its networks or systems related to this incident. As an immediate containment measure, the company has disabled user access to the storage location. 

HCA intends to reach out to affected patients to provide additional information and support, complying with legal and regulatory obligations. It will also offer credit monitoring and identity protection services where necessary. HCA Healthcare operates more than 180 hospitals and 2,000 care locations, including walk-in clinics, across 20 states and the U.K., according to its website.

Reddit Blackout: Subreddits Protest New Pricing Policy

 

In a show of protest against Reddit's new pricing policy, thousands of subreddits are planning to go private for 48 hours starting on Monday. This move aims to bring attention to concerns about the platform's recent changes and their potential impact on the Reddit community.

The protest comes in response to Reddit's decision to introduce a new premium membership tier called "Reddit Premium Platinum," which offers additional features and benefits to users for a monthly fee. This move has sparked controversy and criticism from many Reddit users who fear that it will create a two-tier system and undermine the platform's core principles of free and open discussion.

The blackout is organized by moderators of various subreddits who are concerned about the direction Reddit is taking. By making their communities private, they hope to raise awareness among users and encourage discussions about the potential consequences of the new pricing policy.

The protest is not limited to specific types of subreddits; a wide range of communities across various topics are expected to participate. This includes popular subreddits such as r/AskReddit, r/pics, and r/movies, among others. The blackout is expected to significantly impact the overall activity and engagement on the platform for the duration of the protest.

Critics argue that the new pricing policy could lead to a more commercialized Reddit, potentially favoring large corporations and diminishing the influence of individual users. They express concerns that the platform's sense of community and democratic nature could be eroded as a result.

In response to the planned blackout, Reddit released a statement acknowledging the concerns and stating that they are committed to engaging with users to address their feedback. They emphasized the importance of user input in shaping the platform's future and pledged to continue refining their offerings based on community feedback.

The blackout serves as a reminder of the power of online communities and their ability to mobilize for a common cause. Reddit has a history of user-driven protests that have influenced policy changes in the past. The collective action by subreddit moderators highlights the significance of their role in shaping the platform and the importance of user voices in discussions about its future direction.

As the blackout unfolds, it is yet to be seen how Reddit users and the platform's management will navigate this period of heightened tensions. It will likely serve as a critical moment for both sides to engage in open dialogue and find common ground to address the concerns raised by the community.

Before It's Too Late, Switch to a New LastPass Password Manager

 

One of the most well-known password organisers in the world, LastPass, experienced a significant data breach in December, putting the online passwords and personal information of its users at risk. Time is running out if you still haven't changed your passwords. 

On December 22, LastPass CEO Karim Toubba admitted in a blog post that a security breach the business first disclosed in August ultimately resulted in the theft of crucial vault data and customer account information by a "unauthorised entity." The issue is the most recent in a protracted and alarming line of security occurrences affecting LastPass that stretch back to 2011.

According to Toubba, the unauthorised entity was able to acquire unencrypted customer account data including LastPass usernames, business names, billing addresses, email addresses, phone numbers, and IP addresses. The same unauthorised entity also had access to client vault data, which contains both encrypted and unencrypted information including usernames and passwords for all the websites that consumers have saved in their vaults. If you use LastPass, you should consider switching to another password manager given how seriously your passwords and personal information are at risk from this attack. 

How did it get to this point? 

In an article written by Toubba and posted on the LastPass blog in August 2022, the company claimed that it had "determined that an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information."

When the threat first surfaced, LastPass "engaged a leading cybersecurity and forensics firm," according to Toubba. This was followed by the implementation of "enhanced security measures." But as the breach's extent progressively increased, that blog article would be modified multiple times over the ensuing months. 

Toubba informed readers that the incident's investigation was over in a blog post update on September 15. 

"Our investigation revealed that the threat actor's activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor's activity and then contained the incident," Toubba stated. "There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults." 

Customers were reassured by Toubba at the time that LastPass would take good care of their passwords and personal information. 

It turned out, however, that the unauthorised person was in fact able to access customer data in the end. 

The company "found that an unauthorised entity, using information gained in the August 2022 event, was able to get access to certain components of our customers' information," according to a Nov. 30 update to the blog post by Toubba. 

On December 22, Toubba published a lengthy update to the blog post detailing the worrying specifics of what client data the hackers had really been able to access during the attack. The public only learned the full extent of the problem at that point, when it was revealed that LastPass users' personal information was in the hands of a threat actor and that all of their passwords stood a major risk of being leaked. 

However, Toubba reassured users who adhere to LastPass's recommended password practises and have the most recent default settings enabled that they don't need to take any further action at this time because their "sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture." 

Toubba cautioned, though, that individuals who don't enable LastPass's default settings and don't adhere to the password manager's best practices run the danger of having their master passwords compromised. Toubba advised those people to think about switching the passwords for the websites they had saved. 

How should LastPass users act? 

The firm did not disclose the number of users who were impacted by the hack, and LastPass did not reply to CNET's request for any information on the incident. But if you're a LastPass user, you should act as though your user and vault data are in the possession of an uninvited person with bad intentions. Although the most sensitive information is encrypted, there is still an issue because the threat actor can use "brute force" attacks on the local files they have stolen. If you've complied with LastPass's recommended procedures, it would reportedly take "millions of years" to figure out your master password. 

If you haven't changed your individual passwords, or if you simply want complete peace of mind, you'll need to put in a lot of time and work. Additionally, you should probably stop using LastPass while you're doing that. 

Keeping that in mind, the following is what you must do immediately if you are a LastPass subscriber:

Look for a fresh password manager: Given LastPass' history of security issues and the seriousness of this most recent leak, it's more important than ever to look for an alternative. 

Immediately change your most vital site-level passwords: Passwords for anything, such as online banking, financial information, internal company logins, and medical data, are included in this. Make sure the passwords you choose are both secure and original. 

Turn on two-factor authentication whenever you can: After changing your passwords, make sure that any online account that supports 2FA has that feature enabled. By warning you and requesting your authorization for each login attempt, this will give you an extra degree of security. As a result, even if someone manages to discover your new password, they shouldn't be able to visit a particular website without your secondary authenticating device (typically your phone).