Search This Blog

Showing posts with label User Privacy. Show all posts

Source Code & Private Data Stolen From GoTo

GoTo, the parent company of LastPass, has disclosed that hackers recently broke into its systems and seized encrypted backups belonging to users. It claimed that in addition to LastPass user data, hackers managed to obtain data from its other enterprise products.

A data breach including the theft of source code and confidential technical information was announced by GoTo affiliate LastPass in August of last year. GoTo acknowledged being impacted by the attack in November, which was connected to an unidentified third-party cloud security vendor.

Paddy Srinivasan, chief executive of GoTo, revealed that the security breach was more severe than initially suspected and involved the loss of account usernames, salted and hashed passwords, a piece of the Multi-Factor Authentication (MFA) settings, along with some product settings and license data.

Despite the delay, GoTo did not offer any restoration assistance or guidance for the impacted consumers. According to GoTo, the company does not keep track of its client's credit card or bank information or compile personal data like dates of birth, addresses, or Social Security numbers. Contrast that with the incident that affected its subsidiary, LastPass, in which hackers grabbed the contents of users' encrypted password vaults along with their names, email addresses, phone numbers, and payment information.

LastPass' response to the leak was ripped apart by cybersecurity experts, who charged the firm with being opaque about the gravity of the situation and failing to stop the hack. To provide more reliable authentication and login-based security solutions, GoTo is also transferring its accounts onto an improved Identity Management Platform.

The number of impacted consumers was not disclosed by GoTo. Jen Mathews, director of public relations at GoTo, claimed that the company has 800,000 clients, including businesses, but she declined to address other queries.

Cyber Attack at ODIN Intelligence Discloses a Massive Trove of Police Raid Files

 

A forensic extraction report outlined the contents of a suspect's phone, specific tactical plans for upcoming police raids, and private police reports with descriptions of alleged crimes and suspects. These documents are part of a sizable data cache that was taken from the internal servers of ODIN Intelligence, a tech company that offers software and services to law enforcement agencies, after its website was hacked and defaced over the weekend. 

In a message posted on ODIN's website, the group responsible for the hack claimed that it had attacked the business after its founder and CEO Erik McCauley denied a Wired report that found the company's flagship app SweepWizard, which is used by police to coordinate and plan multiagency raids, was insecure and leaked sensitive information about upcoming police operations to the open web.

The hackers claimed to have "shredded" the company's data and backups but not before stealing gigabytes of data from ODIN's systems. They also published the company's Amazon Web Services private keys for accessing its cloud-stored data.

All across the United States, ODIN creates and offers police departments apps like SweepWizard. The business also develops tools that let law enforcement keep an eye on convicted sex offenders from a distance. However, ODIN also came under fire for using derogatory language in its marketing and providing authorities with a facial recognition system for identifying homeless people last year. 

Prior to publication, several emails to ODIN's McCauley seeking comment went unanswered. However, the hack was confirmed in a data breach disclosure submitted to the California attorney general's office. 

The breach exposes gigabytes of sensitive law enforcement data uploaded by ODIN's police department clients in addition to enormous amounts of ODIN's own internal data. The breach raises concerns about ODIN's cybersecurity as well as the security and privacy of the thousands of people whose personal information was exposed, including crime victims and suspects who have not been charged with any crimes.

The information included dozens of folders with detailed tactical plans for upcoming raids, suspect mugshots, fingerprints, biometric descriptions, and other personally identifiable information, such as intelligence on people who might be present at the time of the raid, like children, roommates, and cohabitants, some of whom are listed as having "no crim[inal] history." Many of the documents had the disclaimers "confidential law enforcement only" and "controlled document," indicating that they should not be shared with anyone outside of the police force. 

Some of the files had the designation "test document" and had officer names like "Superman" and "Captain America" that were fictitious. But ODIN also employed real people, including Hollywood actors, who are unlikely to have given their permission for their names to be used. The goal of the raid was to "find a house to live in," according to a document with the title "Fresno House Search" that had no markings indicating it was a test of ODIN's front-facing systems. 

The ODIN sex offender monitoring system, which enables police and parole officers to register, supervise, and monitor convicted criminals, was also included in the cache of data that was leaked. More than a thousand documents, including names, home addresses (if not incarcerated), and other personal details, related to convicted sex offenders who are required to register with the state of California were found in the cache.

The website for ODIN is still unavailable as of Tuesday. It went offline shortly after it was defaced.

37 Million Accounts' Data were Stolen from T-Mobile in a Data Breach Involving APIs

 

T-Mobile, a wireless provider in the United States, reported earlier this week that an unidentified malicious intruder broke into its network in late November and stole information on 37 million customers, including addresses, phone numbers, and dates of birth. 

The breach was found Jan. 5, according to T-Mobile, which disclosed this in a filing with the U.S. Securities and Exchange Commission. According to the company's investigation to date, the stolen data didn't include passwords or PINs, bank account or credit card information, Social Security numbers, or other official identifications. 

The malicious activity "appears to be fully contained at this time, but our investigation is still ongoing," T-Mobile said, adding that the data was first accessed on or around Nov. 25.

In recent years, the company has experienced numerous hacks. In its filing, T-Mobile stated that it did not anticipate the most recent breach to materially affect its business.

However, Neil Mack, a senior analyst at Moody's Investors Service, stated in a statement that the breach raises concerns about management's cyber governance, may alienate customers, and may draw the attention of the Federal Communications Commission and other regulators. 

The frequency of these cybersecurity incidents at T-Mobile is alarmingly high compared to that of its telecom competitors, Mack said, even though they may not be systemic in nature. 

T-Mobile announced in August 2021 that personal information including Social Security numbers and driver's licence information had been stolen. As a result, the company agreed to pay $350 million to customers who brought a class action lawsuit. There were almost 80 million affected Americans. 

Additionally, it announced at the time that it would invest $150 million in other technologies and data security through 2023. Prior to the August 2021 intrusion, the company disclosed breaches in which customer information was accessed in January 2021, November 2019 and August 2018. 

After acquiring rival Sprint in 2020, Bellevue, Washington-based T-Mobile rose to prominence as one of the nation's major providers of mobile services. After the merger, it claimed to have more than 102 million clients.

US Criminals Responsible for Widespread Credit Card Fraud

 

In a case that sounds like a script, US criminals stole more than $1 million by using hundreds of credit cards that were advertised for sale on the dark web. A portion of the details surrounding this complex criminal enterprise have become public after a federal indictment by the U.S. Department of Justice.

The defendant in the case of United States v. Trevor Osagie admitted to planning to steal credit card data between 2015 and 2018. Osagie worked with a gang of robbers to cause damages totaling more than $1.5 million. 

At least 4,000 people were affected. Osagie could be sentenced to up to 30 years in prison and must pay a $1 million fine, according to Bleeping Computer. May 25, 2023, has been designated as the judgement date. The top search engines do not index the websites and services found on the dark web, and only obscure methods are used to access them. The dark web isn't always used for illegal activities, but because of its encryption and anonymity, criminals are drawn to it. 

Using the dark web, Osagie was able to recruit and supervise additional conspirators who played different roles in the fraud. Hamilton Eromosele is charged with leading a criminal organisation that used social media to identify "employees" who would use stolen credit cards to make expensive purchases.

Ismael Aidara then opened fake bank accounts and credit cards while Malik Ajala provided the stolen card information. There are six additional characters in this story, all of whom went to the US to participate in any activity requiring their actual presence. The indictment's namesakes all entered guilty pleas, demonstrating the prosecution's strong case. 

This is what happened. Members of this criminal network received the information after it had purchased flights to the United States, rentals, and lodging using stolen credit and debit card information from the dark web. As the shopping spree continued, expensive items and gift cards would be purchased. 

Social media promoted travel and enormous profits alongside the "workers" who travelled and purchased items for other group members. A portion of the funds were given to the criminal organisation. The police caught the criminals after a chaotic three-year rampage.

How to Safeguard Your Data in the Era of Privacy Violations

 

When our information falls into the wrong hands, it could cause a lot of harm, especially since con artists frequently prey on helpless victims. More evidence that widespread fraud and scams are on the rise comes from the recent data breaches at Optus and Medibank. According to the Attorney-office, General's identity theft, con artists, and credit card fraud cost Australians $900 million annually. However, there are extra precautions we can take to safeguard ourselves. How? Read on.

Invest in a password manager

Don't make it simple for con artists to figure out. The word "password" is one of the most popular passwords, did you know that? one more typical one? 123456. Although they are simple to remember, none of us can expect to remember every password we have. There are fortunately some excellent password manager products available. The best cloud-based password manager, according to Finder.com.au, is LastPass, which is also reasonably priced. 1Password was singled out as a flexible password manager that's particularly useful for iPhone or Mac users. Both are capable of creating passwords and checking accounts for security holes. Additionally, they advise changing insecure passwords and synchronising your passwords between your computer and smartphone.

Multi-factor authentication 

We should all use multi-factor authentication whenever possible, according to the Cyber Security Stakeholder Group (CSSG), a group made up of the ATO, tax practitioner industry groups, governmental organisations, and industry partners. Users must provide multiple pieces of information, such as a text message sent to your phone when logging into a website, as part of multi-factor authentication. Your accounts may become more difficult for others to access by adding this extra layer of security. 

Consider a credit ban 

Think someone has stolen your identity? By obtaining a credit ban, you can prevent scammers from taking out loans in your name. It is a gratis service. IDCare.org, an independent organisation that offers free assistance to people affected by fraud or scams, suggests that you can apply to credit reporting agencies for a credit ban to prevent people from obtaining credit or loans in your name. The 21-day suspension can be extended. When a bank or credit provider verifies your eligibility for credit, they consult credit reporting agencies, and if you have placed a ban on your credit report, the check will be unsuccessful if someone attempts to take out a loan in your name. 

Maintain software updates

The Australian Tax Office reports an increase in the use of malicious software. Accidentally clicking on an email or website link that can infect your computer can be simple.

"Your device might occasionally be affected by ransomware. When you use ransomware, your computer can be locked until you pay a fee to let criminals install software that gives them access to your bank accounts and lets them steal your money," the ATO warned. The response? Install the most recent security updates, perform routine antivirus scans, and use a spam filter on your email accounts to protect yourself. Weekly malware and anti-virus scans should be conducted, and security software should be current. 

Consult your bank 

You may have received correspondence from your bank about enhancing security as a result of the most recent data breaches. For instance, Westpac requires the presentation of forms of identification. So that no one can pretend to be you, request additional checks from your financial institution. 

In order to alert you to any unusual activity on your accounts, The Commonwealth Bank advises customers to activate location-based security, set notification preferences, and review registered devices. Yet another wise move? If you're worried about your accounts right now, you might want to think about lowering your daily withdrawal caps.

Internet Security: How to Defend Yourself Against Hackers

 

When was the last time you used WiFi in a public setting? Nowadays, almost every coffee shop, library, airport, and hotel provides a way for you to use your phone or other mobile devices to access the internet. That implies that, unless you have taken precautions to protect your data, the information on your phone may be accessible to hackers in the area. 

To safeguard your devices and sensitive data, abide by the following advice:

Utilize a firewall 

Firewalls are programmes that are integrated into Windows and macOS in order to erect a wall between your data and the outside world. Firewalls protect the network of your company from unauthorised access and notify you of any intrusion attempts. 

Before you go online, make sure the firewall is turned on. Depending on your broadband router, which additionally protects your network with a built-in firewall, you can also buy a hardware firewall from companies like Cisco, Sophos, or Fortinet. An additional business networking firewall can be bought if your company is bigger. 

Install antivirus protection 

Malware and computer viruses are pervasive. Computers are protected from malicious software and unauthorised code by antivirus programmes like Bitdefender, Panda Free Antivirus, Malwarebytes, and Avast. Viruses can cause effects that are obvious, like slowing down your computer or deleting important files, or they can be less obvious. 

By identifying real-time threats and protecting your data, antivirus software is crucial to safeguarding your system. Some cutting-edge antivirus programmes offer automatic updates, further safeguarding your computer against the fresh viruses that surface daily. Do not forget to use your antivirus programme after installing it. To keep your computer virus-free, run or programme routine virus scans. 

Set up a spyware removal programme 

Spyware is a special kind of software that covertly monitors and gathers data from individuals or businesses. It tends to present unwanted advertisements or search results that are intended to direct you to specific (often malicious) websites and is built to be difficult to detect and remove. In order to access passwords and other financial information, some spyware logs each keystroke. Even though anti-spyware focuses solely on this threat, it is frequently offered as part of popular antivirus packages from companies like Webroot, McAfee, and Norton. Through the scanning and blocking of threats, anti-spyware packages offer real-time protection. 

Create strong passwords 

The key to preventing network intrusions is to use strong passwords. It is more difficult for a hacker to access your system the more secure your passwords are. Longer and more complex often equates to more security. Use a password with at least eight characters, a mix of uppercase, lowercase, and computer symbols, and at least one number.

Hackers have a variety of tools at their disposal to quickly crack short, simple passwords. Never use recognisable words or phrases that stand in for birthdays or other personally identifiable information. Do not use the same password twice. Consider using a password manager like Dashlane, Sticky Password, LastPass, or Password Boss if you have too many passwords to remember.

5 Updates to Secure Data as Workers Return to Work

According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years.

Employees should be aware of data security practices since the 2022 Verizon Data Breach Investigations Report states, 82% of data breaches are caused by human error, placing companies of all sizes at risk.

5 Upgrades to Data Security


1. Protect data, not simply the barrier

With approximately 90% of security resources going toward firewall technology, it appears that many firms are focusing on protecting the walls around their data. However, there are potential ways for firewalls, including via clients, partners, and staff. Such individuals can all get beyond external cyber security and abuse sensitive data. 

2. Be aware of threats

Insider threats can be challenging to identify and stop due to their nature. It might be as simple as a worker opening an email attachment that is from a credible source and activating a ransomware worm. Threats of this nature are the most frequent and expensive worldwide.

3. Encrypt each device

A growing number of individuals prefer to work on personal devices. A solid, unchangeable data backup strategy might aid a business in making a speedy incident recovery. 

4. Create secure passwords

Most firms tend to display weak password policies, resulting in basic, generic, and hackable passwords for vital accounts that have access to private and priceless data. Passwords should be fairly complex; they should be updated every 90 days. 

5. Develop a company safety strategy

Each person who has a username and password is responsible for data security. IT administrators must regularly remind managers and employees that they are never permitted to share their login information with any third parties.

Data security is identified as the largest disruptor in 2023 by researchers as businesses continue to boost their cybersecurity resilience. According to the poll, 68% of managers say that the company has a cybersecurity unit and another 18% indicate companies are in process of building one. Only 6% of participants claimed to have no cybersecurity section.

A breach could cost significantly more than an audit from a data security firm. The estimated cost of a data breach in the US increased from $9 million to $9.4 million in 2022, as per Statista.

Norton LifeLock Issues a Warning for Password Manager Account Breach

 

Customers of Norton LifeLock have been the victims of a credential-stuffing attack. In accordance with the company, cyberattackers utilised a third-party list of stolen username and password combinations to attempt to hack into Norton accounts and possibly password managers. 

Gen Digital, the LifeLock brand's owner, is mailing data-breach notifications to customers, mentioning that the activity was detected on December 12 when its IDS systems detected "an unusually high number of failed logins" on Norton accounts. According to the company, after a 10-day investigation, the activity dates back to December 1. 

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers had access to names, phone numbers, and mailing addresses from any Norton account. And it added, "we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password." 

Those "details" are, of course, the strong passwords generated for any online services used by the victim, such as corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and so on.

Threat actors utilize a list of logins acquired from another source — such as purchasing cracked account information on the Dark Web — to try against new accounts, hoping that users have repurposed their email addresses and passwords across multiple services. As a result, the irony of the Norton incident is not lost on Roger Grimes, KnowBe4's data-driven defense evangelist.

"If I understand the reported facts, the irony is that the victimized users would have probably been protected if they had used their involved password manager to create strong passwords on their Norton login account. Password managers create strong, perfectly random passwords that are essentially unguessable and uncrackable. The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager," he stated via email.

Identity and access management systems have recently been attacked by attackers, as a single compromise can unlock a veritable treasure trove of information across high-value accounts for attackers, not to mention a variety of enterprise pivot points for moving deeper into networks.

LastPass, for example, was targeted in August 2022 through an impersonation attack in which cyber attackers breached its development environment and stole source code and customer data. A follow-up attack on a cloud storage bucket utilized by the company occurred last month.

In March of last year, Okta revealed that cyberattackers had used a third-party customer support engineer's system to obtain access to an Okta back-end administrative panel used for customer management, among other things. There were approximately 366 customers affected, with two actual data breaches occurring.

Goodbye, Passwords; Here is What Will Happen Next

 

We all have way too many passwords, and they probably are not nearly as secure as we believe. Passkeys are the next step in the evolution of passwords and aim to make passwords obsolete in favour of a more secure system. 

Password issues

We have been logging into websites, apps, and devices using usernames and passwords for a very long time. The idea is straightforward: You choose a username — often just your email address — and pair it with a special password that (ideally) only you know. 

Passwords pose a significant problem, and almost exclusively their creators are to blame. It's simple to fall into the trap of using real words or phrases because you have to remember the password. Instead of using different passwords for each website or app, it's also very common to use the same password in multiple places. 

Using your birthdate or the name of your pet as a password is obviously not very secure, but many people still do it. Then, if they succeed, they can try it in all the other places you used the same password. Because of this, it is critical to use two-factor authentication and unique passwords. This problem has been addressed by password managers, which generate random strings of characters for you and remember them for you. Although that is an improvement over creating your own plain language passwords, there is still room for growth. bring up passkeys. 

Difference between a passkey and a password

The username and password system hasn't changed much over the years. Consider passkeys to be a complete replacement for the antiquated password system. To sign into apps and websites, you basically use the same method you use to unlock your phone. 

That is one of the most significant differences between traditional passwords and passkeys. Your Facebook password is valid everywhere Facebook is accessible. A passkey, on the other hand, is tied to the device on which it was created. Because you're not creating a password that can be used anywhere, the passkey is much more secure. 

You can use the same security procedure to authenticate a QR code scanned from your phone to sign in on another device. Nothing can be leaked or stolen because there are no passwords used. You don't need to be concerned about a stranger across the country using your password because you must sign in with your phone in hand. 

Passkeys are an industry standard that is based on WebAuthn. Apple, Google, and Microsoft have joined the FIDO Alliance to work on eliminating passwords for authentication. Passkeys are the way of the future. 

 Should You Use Passkeys? 

Passkey usage is only now beginning to become more common as of the time of this writing. As previously mentioned, passkeys are supported by Apple, Google, and Microsoft. In addition, 1Password, Dashlane, PayPal, eBay, Best Buy, Kayak, and GoDaddy support them. Support is continually being added by more businesses. 

But the situation is more complex than that. You also need a browser that is compatible with websites. You'll need to use Apple Safari or Google Chrome to create a passkey for Best Buy.

You also need a password manager and an operating system that are both compatible. That is Keychain in the Apple universe. It is Password Manager or a third-party app for Google. Windows Hello is Microsoft's. 

As you can see, there are a number of layers of compatibility required, but passkey adoption is still in its infancy. You do not need to worry about any of that as a user. If a service supports the feature and you are using a compatible device, the service will ask you if you'd like to create a passkey. 

It's simple to decide to try using a passkey if you have the option. It is not only much simpler to use, but also more secure. It is more convenient to scan your fingerprint or use your Face ID to log into a website than it is to type cumbersome passwords. A passwordless future is here.

PyPl Hosting Malware and AWS Keys 

 

The Python package repository PyPI was discovered to be hosting malware and AWS keys. Tom Forbes, a software developer, created a Rust-based application that searched all new PyPI packages for AWS API keys. The tool returned 57 successful results, some from Louisiana University, Stanford, Portland, Amazon, Intel, and Stanford.

Forbes explains that his scanner searches for AWS keys in fresh releases from PyPI, HexPM, and RubyGems on a recurring basis using GitHub Actions. If it does, it creates a report containing the pertinent information and commits it to the AWS-cred-scanner repository.

According to Forbes' article, "The report comprises the keys that have been found, as well as public link to the keys and additional metadata regarding the release." Github's Secret Scanning service engages because these keys have been uploaded to a public GitHub repository, alerting AWS that the keys have been compromised.

As per Forbes, "It relies on the specific rights granted to the key itself. Other keys I discovered in PyPI were root keys, which are equally permitted to perform any action. The key I discovered that was leaked by InfoSys in November had full admin access, meaning it can do anything. If these keys were stolen, an attacker would have unrestricted access to the associated AWS account."

He claimed that other keys might have more circumscribed but nonetheless excessive permissions. For instance, he claimed it frequently happens that a key meant to grant access to just one AWS S3 storage bucket has unintentionally been configured to give access to every S3 bucket connected to that account.

GitHub's automated key scanning, which includes keys in npm packages, is cited by Forbes as an effective tool. Expressions that GitHub employs to search for secrets are sensitive and cannot be made public. As a result, PyPI and other third parties are basically unable to leverage this decent infrastructure without providing all of the PyPI-published code to GitHub. Further, Forbes recommended that businesses carefully consider their security procedures.

Cybersecurity firm Phylum reported that it uncovered a remote access trojan dubbed pyrologin in a PyPI package in December. Last month, ReversingLabs, another security company, also discovered a malicious PyPI package: the malware was disguising itself as an SDK from SentinelOne, a different security company. And in November, W4SP malware was discovered in dozens of recently released PyPI packages.3,653 harmful code blocks were eliminated as a result of a large-scale malware culling carried out by PyPI in March 2021. 

As a result, AWS creates a support ticket to alert the guilty developer and implements a quarantine policy to reduce the risk of key misuse. However, the issue is that an unethical person might produce comparable scanning software with the intention of abusing and exploiting others. 


What Exactly is DNS-over-HTTPS and Do you Need to Use it?

 

Traditional Domain Name System (DNS) traffic, such as user requests to visit specific websites, has been largely unencrypted throughout the history of the internet. This means that every party involved in the DNS value chain that your request goes through has the ability to examine your queries and responses, and even change them, whenever you look up a web address in the "internet telephone book." This is altered by DNS encryption, such as DNS over HTTPS (DoH).

Many of the major internet service providers, including Apple, Mozilla, Microsoft, and Google, have integrated encrypted DNS through DoH into their offerings. While Apple implemented DoH with the iOS 14 and macOS 11 updates in the autumn of 2020, Mozilla was an early adopter, integrating it into its browser in the US as early as late 2018. DoH has also been made available on Chrome for Android by Google. 

A global phone directory on the internet 

The Domain Name System (DNS) essentially serves as the internet's version of the phone book. If you think of it a little like this, the operation of DNS will soon become clear. Therefore, the second-level domain (in the case of international.eco.de, this would be.eco.) is the corporate switchboard number, and the top-level domain (the far right part of a web address, like.com,.org, or.info) is the equivalent to the country code or area code. The third level (international) is the particular extension, meanwhile.

It's much simpler to gain a better understanding of how this directory is put together if you keep that in mind as you work. You can also learn how computers locate the websites they want to visit in order to connect you to the website of your choice.

A website or other internet resource that you have typed into your computer or phone will be located by DNS resolvers. The router at your house or place of business, or a public hotspot, is the first DNS resolver to which your device is locally connected.

Following a series of steps, this resolver looks for any preconfigured settings on the device or a history of previous visits to the specified website (called a cache). If this doesn't work, the resolver will pass the DNS request on to the resolver after it, which could be your current internet service provider (ISP). The same steps will be followed by this resolver, and if all else fails, it will look up the domain in the "internet phone book." 

What dangers is DoH shielding users from?

By preventing DNS data manipulation and eavesdropping, one goal in the development of the DoH protocol was to increase user privacy and security. You are shielded from the possibility that a malicious actor could reroute your DNS traffic to another (malicious) location thanks to DNS traffic encryption. Instead of the actual bank website you wanted to visit, it might be a fake one or something similar. 

Man-in-the-Middle (MITM) attacks are the term used to describe this type of cyberattack. The only practical solution at this time is DNS encryption via DoH (or the related DoT protocol). The monetization of DNS data, for example, when it is used for marketing purposes, is another issue that DoH has been able to address. This is a potential and real privacy concern that should be of interest to everyone. 

User safety in public networks 

An analysis of your behaviour and cross-network tracking may be done using the DNS query data from your mobile device when you use a public wireless (Wi-Fi) network in a hotel, coffee shop, or another location. These DNS services are frequently included in an all-inclusive, globally accessible Wi-Fi solution, but they may not be well-suited to abide by local privacy laws.

Additionally, it is possible that the privacy-protecting configurations are not turned on either. Free public Wi-Fi services are also frequently ineffectively managed in terms of security and performance, particularly when they are run or offered by smaller businesses. You could end up exposed to attacks coming from their own networks if this happens. 

The good news is that DoH safeguards users on these open wireless networks because the Wi-Fi network's DNS resolver is avoided. As a result, user tracking and data manipulation at this level are prevented. That ultimately means that DoH provides a chance to safeguard communications in an unreliable setting. It's a fantastic and incredibly useful solution. 

What alters due to DoH? 

Only the transport mechanism by which your device and the resolver communicate changes with the DNS over HTTPS protocol. The well-known HTTPS protocol is used to encrypt both the requests and the responses. DNS requests using DoH currently avoid the local resolver because there aren't many DoH resolvers in use and technical work is still being done to make it possible for DoH resolvers to be "discovered." Instead, they are handled by a third-party DoH service provider that has been recommended by the relevant software maker or developer. The decision to offer their own DoH services is currently being considered by an increasing number of providers. 

DoH in my company's network—do I want it?

DoH is unquestionably a helpful method of self-protection, particularly when using a public hotspot, but it might not be the best choice in environments with trusted network infrastructure. Corporate networks or using internet access services that you get from a reputable ISP are good examples of this.

For instance, your firm may have good cause to forbid an application that deviates from and overrides the system default. Given that the network administrator has no control over it inside the network, this might even be considered potentially harmful. If DoH is implemented at the system level as opposed to the application level, many of the issues with corporate networks vanish. At the system level, for instance, a corporate network administrator can configure the system and create a policy to ensure that the corporate resolver should be used for as long as the device is connected to the corporate network.

However, DoH should be used to increase security and privacy once the device is connected to a public network. These different configurations are, however, avoided if DoH is applied by default at the application level. 

Concerning factors 

Other issues with the use of external DNS resolution through DoH include potential slow response times, circumvention of parental controls, and legally required blocking, among others. However, depending on the situation, many of the DoH's potential drawbacks are balanced out by just as many benefits. 

There is no question that DNS encryption enhances user security and privacy. DoH can offer a simple method for carrying this out. If you choose to activate DoH, you should make sure to research who will be handling the resolution, how they will handle your data, and whether you can easily turn it off when necessary.

Is Data Safeguarded by an Encrypted Email Service?

Email is the primary form of communication in both our personal and professional lives. Users might be surprised to hear that email was never intended to be secure due to our dependency on it. Email communication carries some risks, but you may still take precautions to protect your inbox. 

What is encryption in email?

One of the most important applications for practically any organization nowadays is email. Additionally, it's among the primary methods for malware to infect businesses.

Email encryption is the process of encrypting email communications to prevent recipients other than the intended ones from seeing the content. Authentication may be included in email encryption.

Email is vulnerable to data exposure since it is usually sent in clear text rather than encryption. Users beyond the intended receivers can read the email's contents using tools like public-key cryptography. Users can issue a public key that others can use to encrypt emails sent to them, while still holding a private key that they can use to decrypt those emails or to electronically encrypt and verify messages they send.

Impacts of an Encrypted Email Service

1. Safeguards Private Data 

It is crucial to ensure that only intended recipients view the material sent via email as it frequently contains sensitive data and business secrets. It is also vital that cyber criminals are unable to decrypt the data being transmitted between people. 

Services for encrypted email are created in a way that protects user privacy rather than invading it. Not simply because they are run by very small teams, but also because their platforms were created with security in mind, encrypted email services are intrinsically more secure. To begin with, the majority employ zero-access encryption, which ensures that only the user has access to confidential data.

2. Cost-effective 

It is not necessary to buy additional hardware whenever the server which hosts the email service currently includes encryption. Many firms have invested in their own servers although it might not be essential.  A reliable third-party service is substantially less expensive.

3. Barrier Against Government Monitoring 

One can learn everything you need to know about Gmail and Yahoo from the fact that no major whistleblower, activist, dissident, or investigative reporter trusts them to transmit sensitive information, at least in terms of government surveillance. Google, for instance, makes it very plain on its official website that it reserves the right to accede to requests from the government and provide useful information.ProtonMail is founded in Switzerland, a country with some of the world's strongest privacy rules.

4. Prevents Spam

Spam attachments frequently contain malware, ensuring that hackers gain access. When you or another person uses encrypted email to deliver attachments, the email includes a digital signature to verify its authenticity. No individual will accept spoofed emails this way. 

Establish strong digital practices to prevent exposing oneself vulnerable. Update your hardware and software. We must improve internet security measures as our reliance on technology increases. Services for secure, encrypted email provide everything that caters to your privacy needs. 

Avoiding These WiFi Errors is Essential Because They Put Your Data at Risk

 

Your WiFi connection might go unnoticed by you. The world is in order as long as it is operational. But maintaining your privacy and keeping your data to yourself requires a secure WiFi network. And you might be unknowingly making one of the numerous WiFi errors that jeopardise your security and data. The most frequent WiFi errors that put your data at risk are discussed by tech expert and writer Monserrat Cancino at Tech Detective, along with the fixes you should keep in mind to address the issue. 

Public Wi-Fi 

When you need to connect at the airport, coffee shop, or mall, having a public Wi-Fi network is very helpful. However, Cancino warned that doing this might put your data in danger. "As you can see, when you join a Wi-Fi network, a connection is made between your device and a server that allows you to access the Internet. 

According to Cancino, public Wi-Fi makes it simpler for hackers to put themselves between any unprotected device connected to that hotspot and the server, which gives them easy access to your information. The solution is to use caution when connecting to a public WiFi network. 

"Avoid accessing your bank accounts, email, and any other apps that may contain sensitive personal information (home address, credit card number, phone, etc.) if you have to connect to a public Wi-Fi network because your mobile data has run out," Cancino advised. In order to avoid connecting to a public network, "I also advise purchasing a data plan." 

Keeping your system and apps outdated

Cancino reminds us that updates may include new security features to safeguard your information in addition to fixing any performance problems. So you're putting your data at risk if you haven't updated your device or installed apps in a while, Cancino said. To avoid having to install updates manually, make sure your device's 'Automatic Downloads' feature is turned on. Keep in mind that this feature will only operate if you have disabled low power mode and are using a fast Internet connection. 

Not altering the settings on your router

Cancino cautions that hackers can easily access router default settings because they are shared by all routers made by the same manufacturer. As soon as you purchase a new router, try changing your IP address and password.

Straightforward Wi-Fi password 

It's common to use simple passwords to access your Wi-Fi network, Cancino said, if you're forgetful like me. Because hackers might target you and use your information, doing this, unfortunately, puts your information at risk. For each of your accounts, use a different password that is at least eight characters long. Don't forget to include numbers, symbols, lowercase and uppercase letters, he advised. "When creating a new password, please avoid writing consecutive keyboard combinations, such as 123, and don't use any personal information like nicknames." 

Reluctancy in using VPN 

Virtual private networks (VPNs) are excellent for protecting your information because they prevent websites and hackers from tracking or accessing it. Additionally, they conceal your IP address, allowing you to browse and access content that was originally made available in a different country securely (great news if you enjoy streaming movies or TV shows! )," said Cancino. To protect your devices, consider setting up a VPN.

Hackers Target Chick-fil-A Customers Credentials

Chick-fil-A- is investigating concerns of suspicious transactions on its mobile app after multiple users claimed that hackers gained their personal data, including bank account details.

Customers at Chick-fil-A, a well-known chicken restaurant business, may be the latest targets of hackers. According to a recent article in Nation's Restaurant News, the fast food chain is investigating potential hacks of mobile apps that have exposed customers' sensitive information.

According to Krebs on Security, one bank claimed it had nearly 9,000 customer card details listed in an alert sent to various financial institutions regarding a breach at an anonymous retailer that occurred between December 2, 2013, and September 30, 2014, and that Chick-fil-A locations were the only common point-of-purchase. As per Krebs, "the majority of the fraud, according to a financial source, appeared to be centered at sites in Georgia, Maryland, Pennsylvania, Texas, and Virginia."

Customers are recommended to promptly change their passwords to new ones that are distinct, complex, and therefore not used for other online platforms or accounts if they detect anything unusual.

In regard to the reports, Chick-fil-A posted a statement on social media stating that the company is aware of the matter and is working quickly to resolve it. The business does point out that it has not discovered proof that its internal security has been infiltrated by hackers or otherwise compromised.

Customers who are impacted can find information on what to do if they see any suspicious activity on their accounts, can see mobile orders placed without their consent, or discover that their loyalty points were fraudulently redeemed or used to purchase gifts on a support page on Chick-fil-One A's Membership Program customer service website.

Hackers Expose Credentials of 200 million Twitter Users

Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from 400 million Twitter users.

A flaw in a Twitter API that appeared from June 2021 until January 2022, allowed attackers to submit personal details like email addresses and obtain the corresponding Twitter account. Attackers used the vulnerability to harvest information from the network before it could be fixed. 

The bug also exposed the link between Twitter accounts, which are frequently pseudonymous, numbers and addresses linked to them, potentially identifying users even if it did not allow hackers to obtain passwords or other sensitive data like DMs. 

The email addresses for a few listed Twitter profiles were accurate, according to the data that Bleeping Computer downloaded. It also discovered that the data had duplicates. Ryushi, the hacker, asked Twitter to pay him $200,000 (£168,000) in exchange for providing the data and deleting it. The information follows a warning from Hudson Rock last week regarding unsubstantiated claims made by a hacker that he had access to the emails and phone numbers of 400 million Twitter users.

Troy Hunt, the founder of the security news website Have I Been Pwned, also investigated the incident and tweeted his findings "Acquired 211,524,284 distinct email addresses; appears to be primarily what has been described," he said. 

The social network has not yet responded to the enormous disclosure, but the cache of information makes clear how serious the leak is and who might be most at risk as a consequence. Social media companies have consistently and quickly minimized previous data scrapes of this nature and have dismissed them as not posing substantial security risks for years.

FCC Wants Telecom Companies to Notify Data Breaches More Quickly

 

The Federal Communications Commission of the United States intends to improve federal law enforcement and modernise breach notification needs for telecommunications firms so that customers are notified of security breaches as soon as possible.

The FCC's proposals (first made public in January 2022) call for getting rid of the current requirement that telecoms wait seven days before notifying customers of a data breach. 

Additionally, the Commission wants telecommunications providers to notify the FBI, Secret Service, and FCC of any significant breaches. 

According to FCC Chairwoman Jessica Rosenworcel, "We propose to eliminate the antiquated seven business day mandatory waiting period before notifying customers, require the reporting of accidental but harmful data breaches, and ensure that the agency is informed of major data breaches.

In a separate press release, the FCC stated that it was considering "clarifying its rules to require consumer notification by carriers of inadvertent breaches and to require notification of all reportable breaches to the FCC, FBI, and U.S. Secret Service." 

In 2007, the Commission passed the first regulation mandating that telecoms and interconnected VoIP service providers notify federal law enforcement agencies and their clients of data breaches. 

The severity of recent telecom hacks demonstrates the need for an update to the FCC's data breach rules to bring them into compliance with federal and state data breach laws governing other industries. For instance, Comcast Xfinity customers reported in December that their accounts had been compromised as a result of widespread attacks that avoided two-factor authentication.

Verizon informed its prepaid customers in October that their accounts had been compromised and that SIM swapping attacks had used the exposed credit card information.

According to reports, T-Mobile has also experienced at least seven breaches since 2018. The most recent one was made public after Lapsus$ hackers broke into the business' internal systems and stole confidential T-Mobile source code.

Finally, in order to end an FCC investigation into three separate data breaches that affected hundreds of thousands of customers, AT&T paid $25 million in April 2016.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel stated. "To better protect consumers, boost security, and lessen the impact of future breaches, this new proceeding will take a much-needed, fresh look at our data breach reporting rules."

WhatsApp Allows Communication Amid Internet Outages

On January 5, WhatsApp revealed a new feature that enables users to connect via proxy servers so they may continue using the service even when the internet is restricted or disrupted by shutdowns.

Concept of Whatsapp proxy 

When selecting a proxy, users can connect to WhatsApp via servers run by individuals and groups devoted to promoting free speech throughout the world. According to WhatsApp, using a proxy connection preserves the app's privacy and security settings, and end-to-end encryption will continue to secure private conversations. As per the firm, neither the proxy servers, WhatsApp, nor Meta will be able to see the communications that are sent between them.

When it comes to assisting users when WhatsApp is prohibited in a country, the messaging service stated, "If WhatsApp is restricted in your nation, you can utilize a proxy to connect and communicate with loved ones. End-to-end encryption will still be used to protect private communications while using a proxy connection to WhatsApp."

In accordance with the new rules, internet service providers had to remove anything that law enforcement regarded to be illegal and cooperate with police investigations, which included locating the authors of malicious materials.WhatsApp countered this claim by saying that it will continue to secure users' private messages and would not compromise their security for any government.

According to Juras Jurnas of the proxy and online data collecting company Oxylabs, "For persons with government restrictions on internet access, such as was the situation with Iran, utilization of a proxy server can help people keep a connection to WhatsApp as well as the rest of the public, internet free."

After activists in response to the death of Mahsa Amini, 22, while in police detention, the Iranian government restricted access to Instagram and WhatsApp last year. The suspension of Article 370 of the Indian Constitution by the Indian Parliament resulted in a shutdown of the internet in the state of Jammu & Kashmir. This state-imposed lockdown was implemented as a precautionary measure. Only two districts, Ganderbal and Udampur, have 4G availability. After 552 days without internet or with slow internet, the former state was finally connected to 4G on February 6th, 2021.

The business stated it is working to ensure that internet shutdowns never occur and that individuals are not denied human rights or prevented from seeking immediate assistance as these scenarios arise in various locations throughout the world. 

Internet platforms had to comply with police investigations, including locating the authors of malicious information and destroying anything that authorities had determined to be illegal, according to the new legislation.WhatsApp countered that it would maintain the privacy of users' private messages and would not compromise its security for any government.






Ransomware Attacks on U.S. Hospitals Causing Deaths

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use traditional methods, they are also inventing advance technologies to fortify their attacks.

Hospitals and clinics are a top target of malicious attackers since reports suggest that the annual number of ransomware attacks against U.S. hospitals has virtually doubled from 2016 to 2021 and is likely to rise in the future given its pace, according to what JAMA Health Forum said in its recent research. 

As per the report, the security breaches exploited the sensitive information of an estimated 42 million patients. “It does seem like ransomware actors have recognized that health care is a sector that has a lot of money and they're willing to pay up to try to resume health care delivery, so it seems to be an area that they're targeting more and more,” lead researcher Hannah Neprash said. 

JAMA Health Forum conducted research over five years on U.S. medical facilities, in which they have discovered that the attackers exposed a large volume of personal health data over time and in coming years the attacks will increase by large.

According to Neprash’s database, clinics were targeted in 58% of attacks, followed by hospitals (22%), outpatient surgical centers (15%), mental health facilities (14%), and dental offices (12%). 

Threat actors exploit open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites and asking for a ransom to be paid. Unlike other cyber attacks, the goal of malicious actors, here, is to disrupt operations rather than to steal data. 

However, it becomes a great threat because it can jeopardize patient outcomes when health organizations are targeted. 

In 2019, a baby died during a ransomware attack at Springhill Medical Center in Mobile, Ala. As per the data, 44% of the attacks disrupted care delivery, sometimes by more than a month. 

“We found that along a number of dimensions, ransomware attacks are getting more severe. It's not a good news story. This is a scary thing for health care providers and patients,” Neprash added. 

Ponemon Institute, an information technology research group published its report in September 2021, in which they found out that one out of four healthcare delivery organizations reported that ransomware attacks are responsible for an increase in deaths. 

“Health care organizations need to think about and drill on — that is practice — these back-up processes and systems, the old-school ways of getting out information and communicating with each other. Unfortunately, that cyber event will happen at one point or another and it will be chaos unless there is a plan,” said Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society, in Chicago.

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




UAE's Sincere Efforts to Combat Cybercrime

 

The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on "Cybercrime and its Dangers to Society" in conjunction with "Majalis" Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives to foster legal awareness among the constituents of society in order to ensure their protection and to shield them from the risks conveyed by crimes involving the use of contemporary technologies and social media. 

The lecture, delivered by Chief Prosecutor Dr. Abdulla Hamad Al Mansouri, covered the nature and definition of cybercrime, the risks of cyber-extortion, and the legal sanctions. The lecturer also concentrated on the reasons and circumstances that cause members of society to fall victim to cyber-extortionists and provided a number of useful examples drawn from actual prosecution cases. 

In accordance with the terms of Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrime, Dr. Al Mansouri covered the dangers linked with the exploit of social media networks and the responsibility of users. On January 2, 2022, the Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes went into effect.

It aims to increase protection against online crimes committed using networks, platforms, and information technology. Additionally, it aims to protect the databases and websites of the UAE's government, stop the spread of rumours and false information, protect against electronic fraud, and uphold individual rights and privacy. 

The Abu Dhabi Judicial Department has previously drawn attention to the risks posed by cybercrime. In order to ensure the defence and safety of society from crimes utilising modern technologies, particularly through the pervasive use of social media, the ADJD organised two lectures on "Cybercrime and its Risks to Society" in July of last year. One occasionally comes across news of people who fall prey to online predators or scammers; even children are a target of these crimes. 

The Dubai Police General HQ has urged the public to use social media platforms responsibly and to be on the lookout for online scammers and cybercriminals. These statements were made by Expert Major General Khalil Ibrahim Al Mansouri, Assistant Commander-in-Chief for Criminal Investigation Affairs at Dubai Police, as he discussed Operation "Shadow," which was carried out nearly three years ago and resulted in the arrest of 20 African gangs for extortion crimes against social media users and for blackmailing and cyber extortion. He added that the police had detained a married couple who had fooled users of social media by pretending to be a domestic helper recruitment agency. 

The world's largest trade fair for safety, security, and fire protection, Intersec 2023, will take place over 47,000 square metres at the Dubai World Trade Center from January 17 to 19, and the Dubai Electronic Security Centre (DESC), which works to ensure the emirate becomes a leader in cybersecurity and the protection of information from external cyber threats, has been named the official government partner. 

At Intersec's Cyber Security sector, specialists in the public and private sectors, national leaders, advisors, economists, and corporate buyers will be present. According to Dr. Bushra Al Blooshi, Head of Research & Innovation at DESC, "Given the rapidly developing technology of today, cybersecurity is an absolute necessity for businesses, especially with remote working culture and digital transformation."