Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tech Firm. Show all posts
Tech Firm
Checkout Data Breach Ransomware ShinyHunters Tech Firm

Checkout Refuses ShinyHunters Ransom, Donates Funds to Cybersecurity Research

 

Checkout, a UK-based financial tech firm, recently suffered a data breach orchestrated by the cybercriminal group ShinyHunters, who have demanded a ransom for stolen merchant data. In response, the company announced it would not pay the ransom but instead donate the equivalent amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to fund cybercrime research initiatives.

The breach occurred after ShinyHunters gained unauthorized access to a legacy third-party cloud storage system used by Checkout in 2020 and earlier. This system, which had not been properly decommissioned, contained internal operational documents, onboarding materials, and data from a significant portion of company’s merchant base, including past and current customers. The company estimates that less than 25% of its current merchant base was affected by the incident.

The tech firm provides payment processing services to major global brands such as eBay, Uber Eats, adidas, GE Healthcare, IKEA, Klarna, Pinterest, Alibaba, Shein, Sainsbury’s, Sony, DocuSign, Samsung, and HelloFresh, managing billions in merchandise revenue. The company’s systems include a unified payments API, hosted payment portals, mobile SDKs, and plugins for existing platforms, along with fraud detection, identity verification, and dispute management features.

ShinyHunters is an international threat group known for targeting large organizations, often leveraging phishing, OAuth attacks, and social engineering to infiltrate systems and extort ransom payments. The group has recently exploited the Oracle E-Business Suite zero-day vulnerability (CVE-2025-61884) and carried out attacks on Salesforce and Drift systems affecting multiple organizations earlier in the year.

Despite the pressure to pay a ransom to prevent the leaked data from being published, Checkout has refused and opted for a different strategy. The company will invest in strengthening its own security infrastructure and protecting its customers more effectively in the future. Additionally, the company has committed to supporting academic research in cybersecurity by channeling the intended ransom funds to prestigious universities.

Checkout has not disclosed the identity of the compromised third-party cloud file storage system or the specific breach method. The company continues to work on bolstering its defenses and has emphasized its commitment to transparency and customer protection. This decision sets a notable precedent for organizations facing ransomware demands, highlighting the importance of proactive security investment and responsible action in the face of cyber threats.
Read more »
Technology
Artificial Intelligence CRM Salesforce Tech Firm Technology

Professor Predicts Salesforce Will Be First Big Tech Company Destroyed by AI

 

Renowned Computer Science professor Pedro Domingos has sparked intense online debate with his striking prediction that Salesforce will be the first major technology company destroyed by artificial intelligence. Domingos, who serves as professor emeritus of computer science and engineering at the University of Washington and authored The Master Algorithm and 2040, shared his bold forecast on X (formerly Twitter), generating over 400,000 views and hundreds of responses.

Domingos' statement centers on artificial intelligence's transformative potential to reshape the economic landscape, moving beyond concerns about job losses to predictions of entire companies becoming obsolete. When questioned by an X user about whether CRM (Customer Relationship Management) systems are easy to replace, Domingos clarified his position, stating "No, I think it could be way better," suggesting current CRM platforms have significant room for AI-driven improvement.

Salesforce vlnerablility

Online commentators elaborated on Domingos' thesis, explaining that CRM fundamentally revolves around data capture and retrieval—functions where AI demonstrates superior speed and efficiency. 

Unlike creative software platforms such as Adobe or Microsoft where users develop decades of workflow habits, CRM systems like Salesforce involve repetitive data entry tasks that create friction rather than user loyalty. Traditional CRM systems suffer from low user adoption, with less than 20% of sales activities typically recorded in these platforms, creating opportunities for AI solutions that automatically capture and analyze customer interactions.

Counterarguments and salesforce's response

Not all observers agree with Domingos' assessment. Some users argued that Salesforce maintains strong relationships with traditional corporations and can simply integrate large language models (LLMs) into existing products, citing initiatives like Missionforce, Agent Fabric, and Agentforce Vibes as evidence of active adaptation. Salesforce has positioned itself as "the world's #1 AI CRM" through substantial AI investments across its platform ecosystem, with Agentforce representing a strategic pivot toward building digital labor forces.

Broader implications

Several commentators took an expansive view, warning that every major Software-as-a-Service (SaaS) platform faces disruption as software economics shift dramatically. One user emphasized that AI enables truly customized solutions tailored to specific customer needs and processes, potentially rendering traditional software platforms obsolete. However, Salesforce's comprehensive ecosystem, market dominance, and enterprise-grade security capabilities may provide defensive advantages that prevent complete displacement in the near term.
Read more »
User Privacy
Dark Web Data Breach Data Leak Private Data Tech Firm User Privacy

Private Data of 7.5 million BoAt Users Leaked in Massive Data Breach

 

More than 7.5 million boAt customers' customer information has surfaced on the dark web. It is possible to purchase personally identifiable information (PII) such as a name, address, contact number, email ID, customer ID, and more. The threat actor leaked around 2GB of data on the forum. 

On April 5, a hacker dubbed ShopifyGUY claimed to have accessed the data of audio products and smartwatch maker boAt Lifestyle. The threat actor leaked data breach files comprising 75,50,000 entries of personally identifiable information (PII) from consumers. Forbes India validated the report by speaking with a number of the consumers who have recently purchased boAt items. 

These data breaches have implications that extend beyond the immediate loss of private data. People are more susceptible to monetary fraud, phishing scams, and identity theft. Threat Intelligence Researcher Saumay Srivastava notes that sophisticated social engineering assaults could be carried out by threat actors who employ users' personal information to get access to bank accounts, carry out transactions, and fraudulently use credit cards.

“The consequences for companies include a loss of customer confidence, legal consequences and reputational harm. The major implications make it even more essential to implement adequate security practices,” Saumya added. 

The leaker's profile (ShopifyGUY) is rather new, with only this leak under his belt. Because the data is genuine, the hacker will establish a good reputation among the forum community, increasing future data purchases, explains Rakesh Krishnan, senior threat analyst at NetEnrich. 

"Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago and put the data on the forum yesterday.”

Ideally, the company should notify all users, conduct a thorough investigation into how the attackers gained access and what else they could access, and then overhaul their security measures to ensure this does not happen again, but realistically, it will deny and move on, explains Yash Kadakia, founder of Security Brigade. 

The data is available for eight credits on several forums, thus it practically costs two euros to purchase it. It will most likely be available for free on Telegram within a few days. Many scammers will use this information to carry out various phone and email scams, Kadakia noted. 

According to an IDC report, boAt, which was founded in 2016 by Aman Gupta, a judge on Shark Tank, and Sameer Mehta, is now the second most popular wearable brand as of the third quarter of 2023. The Gurugram-based business is well-regarded by Indian customers and is renowned for its affordable headphones and other audio equipment. In addition, it produces speakers and smartwatches.
Read more »
UK Government
Apple criticism Cyber Security global privacy tools Investigatory Powers Act legislative amendments privacy-focused tech public safety Tech Firm UK Government

Apple Raises Concerns Over UK's Ability to 'Secretly Veto' Global Privacy Tools

 

Apple has strongly criticized the UK government's move to require pre-approval of new security features introduced by technology companies. Proposed amendments to the Investigatory Powers Act (IPA) 2016 suggest that if the UK Home Office rejects an update, it cannot be released in any other country without public notification. The government justifies these changes as necessary to balance technological innovation and private communications with public safety.

The Home Office expressed support for privacy-focused technology but emphasized the need to prioritize national security. A government spokesperson stated that decisions regarding lawful access to protect the country from threats must be made by democratic authorities and approved by Parliament. The proposed amendments are set to be debated in the House of Lords.

Apple condemned the proposed changes, labeling them as an "unprecedented overreach" by the UK government. The tech giant expressed deep concerns about the potential risks to user privacy and security. Apple argued that if enacted, the amendments could allow the UK to globally veto new user protections, hindering the company from offering enhanced security measures to customers.

The existing Investigatory Powers Act, criticized as a "snoopers charter," has faced opposition from Apple in the past. In July 2023, Apple threatened to withdraw services like FaceTime and iMessage from the UK to maintain future security standards. However, the proposed amendments extend beyond specific services to encompass all Apple products.

Civil liberties groups, including Big Brother Watch, Liberty, Open Rights Group, and Privacy International, jointly opposed the bill in January. They expressed concerns that the changes could compel technology companies to inform the government of any plans to enhance security or privacy measures, effectively turning private companies into tools of surveillance and undermining device and internet security.

These proposed amendments follow a review of existing legislation and encompass updates related to data collection by intelligence agencies and the use of internet connection records. The contentious debate over balancing privacy, security, and technological innovation is set to unfold in the House of Lords.
Read more »
Zero Day exploit
Bitdefender Data Breach FTC Malicious actor Tech Firm Zero Day exploit

Organizations Struggle with Data Breach Disclosure

A recent survey conducted by cybersecurity firm Bitdefender highlights the ongoing struggle of organizations to handle data breaches and cybersecurity challenges. The survey revealed that a third of organizations have admitted to covering up data breaches, while 42% of IT leaders were instructed to maintain breach confidentiality. This trend of hiding data breaches is alarming as it puts customers' personal information at risk and undermines their trust in the organization.

The survey also highlighted the top cybersecurity concerns for businesses globally, with the most significant challenge being phishing attacks, followed by ransomware and zero-day exploits. These attacks are increasingly sophisticated and can cause significant financial and reputational damage to organizations.

According to Bogdan Botezatu, director of threat research and reporting at Bitdefender, "There is a significant gap between businesses' perceptions of their cybersecurity preparedness and the reality of their protection measures." The survey shows that while organizations are aware of the risks and the importance of cybersecurity, many are not taking sufficient measures to protect their systems and data.

It is essential for organizations to be transparent about data breaches and take necessary precautions to prevent them. They need to prioritize cybersecurity measures and invest in the latest technologies to protect their data from threats. As Botezatu emphasized, "By underestimating their exposure, businesses are not only putting themselves at risk but also their customers."

According to the poll, firms must act quickly to prevent cybersecurity problems and data breaches. In addition to making ensuring companies have sufficient security measures in place, they must be open about any security-related events. Only by implementing these measures can businesses keep the confidence of their customers and safeguard their data from online threats.



Read more »
Tech Firm
Crypto Scam cryptocurrency Cyber Fraud Phony Websites Tech Firm

Fake Crypto Giveaways Use Elon Musk Ark Invest Video to Steal Millions of Dollars

 

Using a “double your funding” scheme, threat actors once again are luring their victims with the promise of high Bitcoin profits. Millions of dollars have been stolen with the help of fake endorsements from the prominent faces of Elon Musk, Jack Dorsey, and Cathie Wood.

The unknown fraudsters made more than $1.3 million in just a few weeks after re-streaming an edited model of an old live panel dialogue on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” convention. 

Cybersecurity analysts from cybersecurity firm McAfee have published a report on this, in which they spotted 11 fraudulent websites linked to the videos. McAfee updated the report after it was published to say that the number of these websites had elevated to 26 in just 24 hours. 

“The YouTube streams promoted several websites with a similar theme. They claim to send cryptocurrencies at twice the value received. For example, if you send 1BTC, you will receive 2BTC back,” said McAfee. 

Additionally, researchers examined the crypto wallets associated with the sites to which the victims had to send their “investment”. For example, on May 5, there were trades worth $280,000. Total damage was estimated at $1.3 million. Numbered, but there are certainly a significant number of other victims.

Bleeping Computer also uncovered about 10 YouTube channels reposting the manipulated discussion. The title of just about all of them included the strings Tesla, Elon Musk, Ark Invest, or a mixture of them. Interestingly, a few of these channels selling a cryptocurrency rip-off website have massive followership, between 71,000 and 1.08 million subscribers. 

In the majority of cases, the number of subscribers for these channels seems to have been artificially blown so as to add credibility to the videos promoting the scam, since they haven’t any different content material out there. 

Previously, fraudsters used different movies associated with Elon Musk, together with SpaceX launches or Tesla movies, to efficiently promote pretend giveaways and earn hundreds of thousands of dollars.

In 2020, Brad Garlinghouse, CEO of financial tech firm Ripple filed a lawsuit against YouTube for failing to remove fake videos featuring his name. Last March, he ended up settling with the tech giant. YouTube claimed that it wasn’t responsible for the content third parties published on its platform.
Read more »
Subscribe to: Comments (Atom)