Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label eBay. Show all posts
Technology
Amazon Cyberattacks CyberCrime Cybersecurity eBay Online Shopping Rise of Temu Technology

The Rise of Temu: A Game-Changer in Online Shopping

 


It has been reported that this year's Super Bowl was watched by 123 million Americans, setting a record. Aside from the nation's biggest sporting event, the blockbuster halftime performance, several camera cutaways, and several shots of Taylor Swift in the audience, they also got six 30-second advertisements for Temu - a Chinese-owned e-commerce company that is also owned by them. 

Politicians in both the UK and the United States have been criticising the giant for being inherently high risk of products being made using forced labour. In its statement to the press, Temu says that all of its merchants are strictly prohibited from employing forced, penal, or child labour. 

As of 2022, the company, which sells everything from clothes to electronics to furniture, first landed in the United States. The company has since then moved to the UK and other countries across the globe. According to data gathered by analyst SimilarWeb, just under 152 million Americans are using the app every month, which has consistently topped worldwide app download charts. 

Described as "Amazon on steroids," by retail analyst Neil Saunders, the company has gained massive popularity over the past few years, shipping to more than 50 countries in the world, with the tagline "Shop like a billionaire." The average cost of a 30-second Super Bowl commercial is about $7 million (£5.5 million), and Temu had six of them this year at the event. 

As a result of the Super Bowl, it appears that the total number of individual visitors to the platform was nearly a quarter higher than the previous Sunday, with 8.2 million users accessing the website and app on the day of the event. According to Ines Durand, an e-commerce expert at SimilarWeb, the number of visitors to Amazon and eBay dropped by 5% and 2% respectively during the same period. These influencers typically have fewer than 10,000 followers, as per her research. 

A Chinese giant known as PDD Holdings is the owner of Temu, according to Shaun Rein, founder of the China Market Research Group, one of the biggest e-commerce companies in the world. Even though the company has traded places with rival Alibaba for the top spot as the most valuable Chinese company listed on a US stock exchange, its current value is just under $150 billion (£117 billion). 

PDD Holdings has expanded overseas to Temu after having successfully conquered the Chinese consumer market several years ago with its current model. Mr Rein, a Shanghai-based entrepreneur, feels that the firm has become a source of great pride and patriotism for its employees. There is a wide range of products available on Temu's website, app, or app-based platform, from steel-toed trainers to a device that helps elderly and pregnant women put on socks to name a few. 

Mr Rein explains that this is a collection of manufactured products that are almost entirely manufactured in factories in China. Ms Durand believes that while Amazon sells this information to manufacturers at a high price, Temu provides it for free to producers who are looking to test the market with a relatively small number of products. 

According to a US Congress report published in July last year, a third of parcels imported into the US were shipped through the de minimis threshold, which is a shipping loophole known as the de minimis threshold. The United Kingdom and the United States, for instance, have a de minimis threshold in place to allow citizens to import goods without incurring additional fees for imports.

Since Temu's products are shipped directly from the factory floor without any middlemen involved, they become essentially duty-free. According to Mickey Diaz, chief operating officer at global freight company Unique Logistics, more regulation may be on the horizon to close shipping loopholes. According to her, the UK has already begun to take a closer look at Temu, especially regarding the sale of weapons that are normally prohibited from entering the UK, but which were being imported owing to these loopholes, she says.

The e-commerce giant Temu has also been criticized for the supply chains it manages, as both British and US politicians accuse the company of selling products made with forced labour. Alicia Kearns MP, who leads the foreign affairs select committee, announced last year that she wanted stronger laws to protect consumers from unintentionally contributing to the genocide of the Uyghur minority by using the online marketplace. 

The company says it is "strictly prohibited" by its merchants that they are going to use forced work, penal labour, or child labour in their shops. Any person doing business with the company must comply with all regulatory standards and compliance requirements before doing business with it, the company told the BBC.
Read more »
Site Hack
Cyber Attacks eBay Phishing scam Site Hack

eBay, VMware, and McAfee Taken Down in Widespread Phishing Operation


Hackers have taken control of over 8,000 subdomains belonging to reputable companies and organizations to launch a massive phishing campaign that sends millions of malicious emails every day.

Among the companies involved in "SubdoMailing" are MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay. The campaign, which is the center of a larger cybercrime operation and damages the credibility and trust of the compromised organizations, was identified by researchers from Guardio Labs. 

"The discovered operation entails the manipulation of thousands of hijacked sub-domains associated with or related to major brands," security researcher Oleg Zaytsev and CEO of Guardio Labs-Cybersecurity Nati Tal stated in a Medium article. "Complex DNS manipulations for these domains allowed the dispatch of vast quantities of spammy and just outright malicious emails, falsely authorized under the guise of internationally recognized brands."

According to the researchers, the effort is designed to evade all industry-standard email security mechanisms, such as Sender Policy Framework (SPF), DKIM, SMTP Server, and DMARC, that are normally in place to prevent suspicious messages. Instead, emails appear to originate from trustworthy sites.

Finding the Hijacking Scheme

In the post, Guardio provides a detailed explanation of how its email protection algorithms detected an unusual trend in an email's metadata, leading to the operation's discovery. It led the researchers down a rabbit hole that eventually resulted in the lifestyle expert Martha Stewart and MSN.com parting ways for a long time.

"A particularly insidious email" warning of allegedly suspicious activity in a cloud storage account ended up in a user's "Primary" inbox when it should have been reported as spam, according to the example given.

More about the threat actor

According to Guardio, the vast effort is the result of a threat actor known as "ResurrecAds," which uses the tactic of resurrecting "dead" domains of large brands or those connected to them to utilize them as backdoors to exploit reputable services and businesses to ultimately make money as an "Ad-Network" entity.

"This approach enables them to circumvent contemporary email protection measures, showcasing their adeptness at manipulating the digital advertising ecosystem for nefarious gains," the authors stated.

According to Guardio, the actor's malicious behavior involves them constantly searching the Internet for abandoned subdomains of reputable brands to find chances to buy them or compromise them to send malicious emails.

Looking for damage

The campaign highlights the increasing sophistication of hostile email operations, which have been around almost since the beginning of digital communication. However, they are still evolving as more defenders use security measures like SPM, DKIM, and DMARC.

"Our research has revealed that threat actors are not merely reacting to security measures; they’ve been proactively adapting and evolving for some time," the investigators stated.

Guardio developed a unique website with the tool SubdoMailing Checker to determine whether a site's abandoned domain is being used in the operation due to the operation's widespread and ongoing nature.






Read more »
Security
blogger harassment case Cyber Safety Data Data Safety eBay fine settlement Security

eBay Settles Blogger Harassment Case with $3 Million Fine

 

eBay has agreed to pay a substantial fine of $3 million (£2.36 million) in order to settle charges related to the harassment of bloggers who were openly critical of the company. The disturbing details emerged in court documents, revealing that high-ranking eBay executives, including Jim Baugh, the former senior director of safety and security, orchestrated a targeted campaign against Ina and David Steiner, the couple behind the newsletter EcommerceBytes, which the company's leadership disapproved of.

The court papers outline a series of alarming incidents, including the dispatch of live spiders and cockroaches to the Steiners' residence in Natick, Massachusetts. This relentless campaign of intimidation left the couple, according to prosecutors, in a state of being "emotionally, psychologically, and physically" terrorized. Jim Baugh, alongside six associates, allegedly spearheaded this effort to silence the Steiners, going to extreme lengths.

The harassment tactics escalated to sending live insects, a foetal pig, and even a funeral wreath to the Steiners' home. Moreover, Baugh and his associates reportedly installed a GPS tracking device on the couple's car, infringing on their privacy. Additionally, the perpetrators created misleading posts on the popular website Craigslist, inviting strangers to engage in sexual encounters at the Steiners' residence.

The aftermath of these reprehensible actions saw the termination of the involved employees by eBay. In the legal proceedings, Philip Cooke, an eBay employee, received an 18-month prison sentence in 2021, while Jim Baugh was handed a nearly five-year sentence in the subsequent year.

Baugh's defense claimed that he faced pressure from eBay's former CEO, Devin Wenig, to rein in the Steiners and control their coverage of the company. However, Wenig, who resigned from his position in 2019, has not been charged in connection with the harassment campaign and vehemently denies any knowledge of it.

Acting Massachusetts US Attorney Josh Levy strongly condemned eBay's conduct, labeling it as "absolutely horrific, criminal conduct." Levy emphasized that the employees and contractors involved in this campaign created a petrifying environment for the victims, with the clear intention of stifling their reporting and safeguarding the eBay brand.
Read more »
U.S. military
Biometric data Biometrics Data Stolen eBay Privacy SEEK II U.S. military

Military Device Comprising of Thousands of Peoples' Biometric Data Sold on eBay


The last time the U.S. military used its Secure Electronic Enrollment Kit (SEEK II) devices was more than ten years ago, close to Kandahar, Afghanistan. The bulky black rectangle piece of technology, which was used to scan fingerprints and irises, was switched off and put away.

That is, until Matthias Marx, a German security researcher, purchased the device for $68 off of eBay in August 2022 (a steal, at about half the listed price). Marx had unintentionally acquired sensitive, identifying information on thousands of people for the cheap, low price of less than $70. The biometric fingerprint and iris scans of 2,632 people were accompanied by names, nationalities, photographs, and extensive descriptions, according to a story by The New York Times. 

From the war zone areas to the government equipment sale to the eBay delivery, it seems that not a single Pentagon official had the foresight to remove the memory card out of the specific SEEK II that Marx ended up with. The researcher told the Times, “The irresponsible handling of this high-risk technology is unbelievable […] It is incomprehensible to us that the manufacturer and former military users do not care that used devices with sensitive data are being hawked online.”  

According to the Times, the majority of the data in the SEEK II was gathered on people who the American military has designated as terrorists or wanted people. Others, however, were only ordinary citizens who had been detained at Middle Eastern checkpoints or even people who had aided the American administration. 

Additionally, all of that information might be utilized to locate someone, making the devices and related data exceedingly hazardous, if they ended up in the wrong hands. For instance, the Taliban may have a personal motive for tracking down and punishing anyone who cooperated with U.S. forces in the area. 

Marx and his co-researchers from Chaos Computer Club, which claims to be the largest hacker group in Europe, purchased the SSEK II and five other biometric capture devices- all from eBay. The group then went on with analyzing the devices for potential flaws, following a 2021 report by The Intercept, regarding military tech seize by the Taliban. 

Marx was nonetheless concerned by the extent of what he discovered, despite the fact that he had set out from the start to assess the risks connected with biometric devices. The Times reports that a second SEEK II purchased by CCC and last used in Jordan in 2013 contained data on U.S. troops—likely gathered during training—in addition to the thousands of individuals identified on the single SEEK II device last used in Afghanistan.  

Read more »
eBay
14 Million Amazon Data Breach Data Leak data security eBay

Data of 14 Million Amazon and eBay Accounts Leaked on Hacking Websites

 

An anonymous user offered 14 million data from Amazon and eBay accounts on a prominent hacking website for dissemination. The details seem to have been obtained from customers of Amazon or eBay having accounts from 18 countries between 2014-2021.

In Seattle, USA- focused on e-commerce, cloud computing, internet streaming, and artificial intelligence, Amazon.com Inc. is an international corporation based in Washington. Founded in 1994, the business was named "one of the most influential economic and cultural forces in the world" as well as the most valuable brand in the world. Whereas eBay Inc. is also a U.S. international e-commerce company headquartered in San Jose, California that allows transactions and sales to customers and companies through its website. eBay was founded in 1995 by Pierre Omidyar and became a remarkable success story for the dot-com bubble. 

The database acquired by the hacker was sold for 800 dollars where the accounts were divided through each country. The details leaked contain the entire customer name, mailing code, shipping address and store name, and a telephone number list of 1.6 million users. Although two copies had already been sold, the blog publisher has now closed the deal. 

The way the blog-publisher has acquired data is at present- unclear. Though the firm researching this incidence did not independently check or validate that Amazon or eBay data were certainly from the 2014-2021 period. A representative of Amazon said that the allegations had been reviewed with no evidence of any data violation. 

Also, it is more probable that Amazon or eBay have not experienced any infringements. Instead, a common form of password spraying was presumably used by the threat actor to get the passwords. Spraying passwords is an attack attempting to enter a wide number of accounts with a few popular passwords (usernames). Standard attacks by brute forces seek to enter a single account by guessing the password.

Fortunately, highly confidential material, including billing records, national ID numbers, or even e-mail addresses, does not exist on the server. However, the data being sold at this time is also potentially vulnerable and can be used for a range of reasons, such as doxing users by public dissemination of private data (e.g. sensitive things that nobody needs to hear about). The data may also be exploited by cybercriminals for purposes of creating a spam list or business intelligence.
Read more »
iPhone
Computer Security CyberCrime and Law Cyberhacking eBay Hacking Tools iPhone

iPhone hacking tool for sale on eBay

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones and now its hacking tools are available to buy on eBay.

Cellebrite phone-cracking devices, beloved by law enforcement, are available at bargain-basement prices so you can get a gander at all the devices that the police have presumably been able to squeeze for data.

The Cellebrite Universal Forensic Extraction Device (UFED) is a smartphone hacking tool commonly used by the FBI, Department of Homeland Security and other law enforcement agencies in the US and elsewhere. It’s the most powerful tool yet created by the Israeli company, able to extract a huge amount of data – even data which has been deleted from phones.

Security researcher Matthew Hickey who is the co-founder of the training academy, Hacker House recently told Forbes that he’d picked up a dozen Cellebrite UFED devices for dirt cheap and probed them for data, which he found in spades.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

A brand new one normally costs $5,000 to $15,000 depending on the model.

What surprised Hickey was that nobody bothered to wipe these things before dumping them onto eBay, he told Forbes:

“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere.”
Read more »
Subscribe to: Posts (Atom)