Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Lawsuits
Apple iPhone slow-down Lawsuits

Apple Admits to Slowing Down Old iPhones, Faces Lawsuits

Earlier this week, in response to a blog post by John Poole at Geekbench, Apple revealed that the company actually does slow down their iPhones when they get older, a fact that has been long suspected by iPhone users.

Apple said that it started the practice a year ago, to compensate for battery degradation, rather than push people to upgrade their smartphones faster.

This fact has led to a social media storm and outrage amongst users. Many have pointed out that a better solution may have been to make the battery replaceable and to inform customers, providing them an opt-out.

Apple is now facing two class-action lawsuits alleging that the company was intentionally and deceptively slowing down its phones so that users would buy the latest model, thus bringing more profits for Apple.

According to the lawsuit’s press release by a law firm in Chicago, Apple’s this move is “deemed purposeful, and if proven, constitutes the unlawful and decisive withholding of material information.” The second lawsuit comes from California stating that Apple should have provided its customers an option to choose between the slow-down, or opt out.
Read more »

UK hounded 100 Hacking Groups

Intelligence services of United Kingdom are tracking the activity of 100 hacking groups from around the world who have tried to steal their sensitive data, Ciaran Martin, the head of the National Cyber Security Centre (NCSC) said Sunday.

"The 100 [hacking] groups range from fully subordinate employees of the state… all the way to small criminal groups operating outside any legal framework," Martin said in an interview with The Sunday Times newspaper.

Russia, China, North Korea, and Iran has the most active number of hacking groups, and under each group, there are more than 1,000 working hackers, official report.

According to the intelligence services, this year alone, they have reportedly detected more than  750 cyber attacks targeting the country's infrastructure and financial system. The hackers are using the stolen information and fake data as a weapon.

This year have really seen some of the worst cyber attacks in the history of mankind which affected people around the world. "WannaCry" malware was one of the worst, while UK and US government has blamed North Korea for this cyber attack.


Read more »

Parents should be on guard against hackable toys

While Internet-connected toys are particularly appealing to a generation of tech-obsessed kids, security experts warn against the potential dangers of some of these flashy gadgets, such as the Bluetooth-enabled “My Friend Cayla” doll, which uses speech recognition technology to recognize a child’s speech and hold a conversation.

In February, Germany’s telecommunications watchdog, the Federal Network Agency, called the doll an “illegal espionage apparatus” and told parents to immediately destroy it.

The doll, which is manufactured by the U.S. company Genesis Toys, violated the country’s regulation of wireless devices with hidden cameras or microphones. Hackers could easily access the doll via Bluetooth, listen in on conversations and even directly hold a conversation with the child playing with it, the Guardian reported.
The number of internet-connected toys has grown rapidly in recent years. But in common with much of the so-called "Internet of Things", cyber-security has been left rushing to catch up.

A leading cyber-security expert, Professor Bill Buchanan of Edinburgh Napier University said parents must become much more tech savvy to stop hackers turning toys against their children.

Buchanan studies threat analysis, cryptography and digital forensics. He also hacks internet-connected toys to highlight the possible pitfalls.

Prof Buchanan said: "We are part of the internet and we need to understand the risks that we face."

To illustrate the problem, Prof Buchanan is talking to Trent the teddy bear. Trent is brown and cuddly and has a little red heart on his chest which indicates that a message has arrived.

Buchanan could hack the system of the teddy and one has to be only within a range of the bear to do it.

A few taps of the keyboard and some specially-written code is running. A browser interface gives him control of how fast Trent's heart beats and - crucially - the ability to slot his own audio message into Trent's circuitry.

Cloudpets, the maker of the Trent, said they are always improving their products to combat new vulnerabilities.

In 2015, when Mattel rolled out its Wi-Fi enabled talking “Hello Barbie” doll, it was proven to be easily hackable. And in Norway, a consumer watchdog council said some smartwatches designed for children are vulnerable to hackers, according to Wired.com.
Read more »
white hat hacking
gift cards security threat white hat hacking

Security Flaw in Nordstrom Gift Cards Revealed by Security Expert

Cybersecurity expert Jim Stickley has found a flaw in the Nordstrom gift cards that allows hackers to drain money from the card by pulling the pins from the website.

He demonstrated the same in an interview with TODAY by hacking a $50 gift card from Nordstrom.

According to Stickley, the Nordstrom cards have shorter PINs and had no protection from bots, which has made this method of hacking possible. He added that this was the reason why Nordstrom cards are especially susceptible to hacking.

The flaw has since been fixed after NBC News brought it to the retailer’s attention.

“Our customers are always our top priority, and if we learn they were negatively impacted by an issue with our gift card systems, we'd work quickly to take care of them,” the company said. “We have a number of gift card security controls in place, and a team of experts that regularly test, review and enhance those controls."

According to National Retail Federation, Americans are expected to spend more than $27.6 million on gift cards this year.
Read more »

Journalists, Bloggers are targeted by Russian Hackers

A Russian television anchor Pavel Lobkov was shocked when he a message flashed across his that most of his intimate messages had just been published to the web.

Few days before this incident, the veteran journalist had done a mind-blowing story about a people living as HIV-positive, which showed a taboo-breaking revelations that drew a massive response from citizens fighting for their lives in Russia.

During a recent interview, Lobkov said, "These were very personal messages, describes how his life was upside down, and frantic calls to his lawyer to stop the spread of nearly 300 pages of Facebook correspondence, including sexually explicit messages. Even after two years, he didn't want to rewind the old times, saying, "it's a very traumatic story."

"I think the hackers in the service of the Fatherland were long getting their training on our lot before venturing outside."

Nearly after two years, the Associated Press has found that Lobkov was targeted by the hacking group known as Fancy Bear in March 2015, nine months before his messages were leaked.

According to the reports, he was among other 200 journalists, publishers, and bloggers who were targeted by the group in early and  mid-2014.

The AP obtained the hacking list from cybersecurity firm SecureWorks, which identified journalists as the third-largest group of victims.

The list of victims includes from various news organizations, nearly 50 of the journalists worked at The New York Times. Another 50 were either foreign correspondents based in Moscow or Russian reporters. Others were prominent media figures in Ukraine, Moldova, the Baltics or Washington.


Read more »
Cyber Attacks
bankruptcy bitcoin exchange cryptocurrency Cyber Attacks

Bitcoin Exchange Files for Bankruptcy After Being Hacked Again

Earlier this week, a major South Korean bitcoin exchange, Youbit, was hacked for the second time in less than 8 months. It has since filed for bankruptcy after releasing that the hackers had stolen 17% of its digital currency reserves.

The exchange trades ten virtual currencies, including bitcoin and ethereum.

Youbit says that the hackers had attacked its “hot-wallet”, which is an account kept online for holding crypto assets, and that its offline, cold-storage holdings are safe and still accessible, adding that all customers will be able to withdraw 75% of their assets once the bankruptcy proceedings are settled.

Allegedly, this attack is an addition to the series of cyberattacks in South Korea, all credited to North Korean hackers targeting the growing market of cryptocurrencies in South Korea.

This hack accentuates the growing concern in the market for the safety of digital currency and holdings.

While with traditional banking, people feel safe with their finances and there is less risk for the customers, cryptocurrencies are highly risky and are increasingly targeted by hackers.
Read more »

North Korea denies "WannaCry" cyber-attack allegations

North Korea on Thursday has denied all US's allegations that it was behind the massive cyber attack "WannaCry" earlier this year which affected more than 150 countries.

A spoke person from North Korea's Foreign Ministry described the accusation as a "grave political provocation" and said Washington had "ulterior motives.”

"This move is a grave political provocation by the US aimed at inducing the international society into a confrontation against the DPRK by tarnishing the image of the dignified country and demonizing it," the spokesperson said.

The malware has infected more than  300,000 computers in 150 countries by encrypting user files and demanding hundreds of dollars from their owners in exchange for the keys to getting their files back.

Recently, White House's  Homeland Security Adviser Tom Bossert wrote an article in a Wall Street Journal accusing North Korea of WannaCry cyberattack, "After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea. We do not make this allegation lightly. We do so with evidence, and we do so with partners."

The White House revealed that Facebook and Microsoft have too joined their fight against North Korea's hackers by shutting down their hacking operations during the last week.

The revelation came on the press conference when Bossert accused North Korea of masterminding the WannaCry ransomware attack.

"Facebook took down accounts that stopped the operational execution of ongoing cyberattacks," Bossert said. "Microsoft acted to patch existing attacks, not just the WannaCry attack."

"Last week, Facebook, Microsoft and other members of the security community took joint action to disrupt the activities of a persistent, advanced threat group commonly referred to as ZINC, or the Lazarus Group," a Facebook spokesman said in a statement.







Read more »

New threat to payment processors

Beware banks and payment processors. Yet another notorious software threatens to put the system in peril much to the worry of the security firms. Sisa has already put the processors on alert after discovering the new hacking mechanism that can send the payment to an unmanned bank with the help of a dangerous server.

 The country’s premier security firm has suggested the banks to reset their passwords for the employees with a safe access to them to help them avoid an impending mess in the mechanism.

 The hackers are believed to have been inserting a harmful software code into the payment application system keeping in contact with the network a separate system to procure the payments with along with vital data. These data are required for the hackers to prepare duplicate cards for a transaction with an unspecified response.

 The experts who are known for the cracking the 2016 debit card breach have observed that the instructions to the banks and payment processors will help them avoid a huge mess up in the entire mechanism. It is not mandatory for the Indian banks to make public the details of the data breach. These banks can’t be forced to appraise their customers of the breach. Only some indications are admissible at the discretions of the banks.

 Two years back, the banks received a set of instructions from the Reserve Bank of India to consider global payment card industry data security standards (PCI-DSS). But ordinary passwords are still operating in some banks being used by the employees. That has forced the security firms to advise the industry to take up the issues with the top Security Standards.
Read more »
WhatsApp
CNIL consent EU Facebook France internet privacy WhatsApp

France’s data protection authority CNIL gives a sharp warning to WhatsApp ;issues a formal notice

Facebook, when it acquired WhatsApp back in early 2014 said that it won't have the capacity to link the WhatsApp users to their Facebook accounts. In any case, things being what they are, turns out it wasn't so difficult after all. A year ago, the organization changed the WhatsApp terms of services to do just that: link the WhatsApp and Facebook profiles belonging to the same user.

Facebook had allowed many of its users to opt out, yet that wasn't sufficient for the regulators. Germany had even requested Facebook to quit gathering WhatsApp data last September, a similar thing happened in the UK several months later and now fast forward to December 2017; there be yet another European nation issuing similar order.

Facebook's messaging service WhatsApp was given a one-month final proposal by one of Europe's strictest privacy watchdogs, which requested it to quit offering user data to its parent without getting the necessary assent. France's information insurance specialist also known as the data protection authority, CNIL gave quite a cautioning to WhatsApp by issuing a formal notice, scrutinizing it for "inadequate and insufficient" participation and cooperation.

The decision comes a year later after the European Union privacy authorities (security specialists) said that they had "genuine concerns" about the sharing of WhatsApp user data for purposes that were excluded in the terms of conditions and the privacy policy when people had signed up to the service.
However, even after the EU slapped Facebook with a €110 million fine over unlawful WhatsApp information sharing, France says that it has still not collaborated with information security expert CNIL, and could confront another sanction if it doesn't start thinking responsibly inside 30 days. The social network is as yet exchanging Whatsapp information for "business intelligence," it claims, and the only possible way that clients can quit is by uninstalling the application.

It was a French regulator, who saw that WhatsApp was sharing user information like phone numbers to Facebook for "business insight" reasons. When it over and over made a request to take a look at the information being shared, Facebook said that it is put away in the US, and "it considers that it is only subject to the legislation of the country," as per the CNIL. The regulator countered that whenever information is assembled in France, it naturally turns into the authority in charge.

The information exchanges from WhatsApp to Facebook occur to some extent without the users' assent, nor the legitimate interest of WhatsApp, CNIL said.

France says that while the notice was issued to Facebook, it's additionally intended to exhort users that this "gigantic information exchange from WhatsApp to Facebook" was occurring. "The best way to deny the information exchange for 'business insight' purposes is to uninstall the application," it adds. In any case, Facebook guarantees that it will keep on working with the CNIL to ensure that the users comprehend what data it gathers as well as how the data is utilized.

The merging of WhatsApp's data with Facebook was the first step taken by Facebook a year ago towards monetising the stage since the social network's CEO Mark Zuckerberg bought the company for about $22bn in 2014.
Read more »

White House blame North Korea for WannaCry

The White House has now publicly blaming North Korea for the massive “WannaCry” malware cyberattack in May that affected hospitals, companies, public services and banks across the world. 

More than 300,000 computers in 150 countries were affected by the attack, causing billions of dollars of damage.

White House Homeland Security Adviser Tom Bossert wrote an article in a Wall Street Journal op-ed on Monday, entitled, “It’s Official: North Korea Is Behind WannaCry,” the Hermit Kingdom was the main culprit behind the May 2017 global cyber attack.

“Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another,” Bossert's op-ed read. “They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive ‘WannaCry’ cyber attack to North Korea.”

At a White House press briefing after this article, Bossert elaborated that after "careful investigation," the government has made such a huge attribution to North Korea. 

"We don’t do this lightly," Bossert said during the briefing. "We do so with evidence and with partners." 

Now, The US and UK governments officially blame North Korea for the worm.

“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless,” Bossert asserted. “Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers.”

He added, “The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.”

However, there is no proof which could testify the claims made by Bossert. 

Read more »

Another attack awaits cyber world

The cyber world runs the risk of yet another huge attack forcing the experts to sound alert to get rid of an impending operational disruption these days. The experts have got wind of a complicated logjam in the infrastructure of a plant because of a recent attack which the cybersecurity experts have named Triton that paralyzes the security system suggesting a huge attack around the corner.

According to the experts who have been devising a set of a new mechanism to deal with these uneasy developments, a well-equipped framework is required to overcome the attack on the critical sector of any industrial plant.

But the details and whereabouts of the plant in question have yet to be disclosed for some security reasons. Even the nature of the plant has not been disclosed along with the mode of operation. But the plant that faced the attack is believed to have been existed in the Middle East since the entire attack is understood to have targeted Saudi Arabia.

Triconex has issued a slew of measures to caution its users. It often talks of a safety program to be widely used in the energy sector which includes oil refineries and nuclear plants.

Cybersecurity firm talks of Triton, a programme targeting a system to ensure the safety of instruments. The plant under attack might be shut down.

As Triton tried to reprogram the system the shutdown was safe to stop the operations where the operators were alerted.

The hackers were believed to have forced the shutdown suddenly as they were experimenting the security system. A recent report of cybersecurity firm talks of many attacks to mar the infrastructure by disrupting the operations in Russia and US. The firm maintains that the hackers keep attempting time and again to rein in the system. Otherwise, they can straightly shut down the system.

Read more »
Subscribe to: Comments (Atom)