Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Customers Face Credit Card Misuse after using OnePlus webstore

An immense number of OnePlus customers claim to have been a victim of credit card fraudulent after they purchased the handsets from the official website of OnePlus.

On the OnePlus forum, over the period of four months, more than 70 affected buyers have posted an instance when someone has tried to make transactions from their credit card.

Reacting on this, OnePlus has written in a blog post that they are investigating the matter, and trying to determine the cause of this apparent hack.

The company says, “If you suspect that your credit card info has been compromised, please check your card statement and contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss.”

A Cyber Security firm, Fidus, who has investigated,  says that the company is currently handling all the transactions itself, instead of using an iFrame.

"The payment page which requests the customer’s card details is hosted ON-SITE and is not an iFrame by a third-party payment processor. This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker. Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted,” says Fidus.

The research firm has highlighted two major issues that are there in the OnePlus payment system. First is regarding the third-party provider, “OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website." And Second is that they "did not mention that they do not handle card payments that are made on its website."

The investigation was done by Fidus nearly confirms that OnePlus customers have faced credit card misuse. However, it is interesting to see how OnePlus tackle this issue.

Read more »

Nordea bank forbids employees from owning cryptocurrency

A giant Northern European bank, Nordea Bank AB, now headquartered in Finland, has allegedly enacted a company policy which forbids its employees from owning or trading in bitcoin or other cryptocurrencies. Since publication, a bank employee, who wishes to remain anonymous, forwarded evidence the large institution is indeed going ahead with such plans.

Word spread 12 January 2018 on Twitter Nordea Bank “forbids all their employees (at least in Sweden) to stop owning and trading $btc and other cryptocurrencies. This applies to secretaries, IT personal [sic], cleaners and any bank staff employed by the company. Is it legal even?,” asked Twitter user @samisin. 

Nordea Bank AB has more than half a trillion dollars in assets and is one of the largest banks in Northern Europe.
The alleged move might not be a surprise to long-term watchers of the bank and its executive team, but the once Swedish bank’s current executive team have a long history of on-the-record scepticism toward bitcoin. Executives have long worried about cryptocurrency and its lack of regulation, and more recently Nordea’s President and CEO Casper von Koskull complained about the fact bitcoin was allowed to exist without jumping through all the hoops of the traditional banking system, referring to the phenomenon as “a joke.”

Von Koskull explained, “If you somehow allow that to live without controls, then, given the billions we spend on financial regulation as a financial system, I mean, I think it’s actually a joke that you then just let something like bitcoin live. I don’t get it – it’s absurd.”

Chairman Björn Wahlroos’ opinions on bitcoin go back to at least 2014, and he lamented the decentralized currency’s supposed anonymous properties and its lack of inflation — two aspects most enthusiasts cherish.

Bitcoin’s value, however, is exactly that: it could not have existed if brought through the regular cartel channel of state-backed banks such as Nordea. Its precise reason for being is to defy minders and bureaucratic middle persons, landing in the hands of ordinary, uncredentialed and unlicensed peoples.
Read more »

Games removed from Google Play store after infected by porn malware


Google has deleted nearly 60 games app from its Play store after security researchers have informed them that these apps were infected by a pornographic malware.

An Israel-based firm, Check Point Software Technologies has recently got a hold on a malware dubbed as “AdultSwine,” which displayed pornographic images as an advertisement, but it prompted users to download fake antivirus apps or sign up for premium SMS services.

The Google acted immediately on the complaints and removed all the infected apps out of Google Play Store.

“We have removed the apps from Play, disabled the developers’ accounts and will continue to show strong warnings to anyone that has installed them. We appreciate Check Point’s work to help keep users safe,” Google was quoted as saying.

The security firm has warned that AdultSwine can hit back, and everyone should remain extra cautious while downloading apps for children.  

“‘AdultSwine’ and other similar malware will likely be continually repeated and imitated by hackers,” Check Point told CNBC. “Users should be extra vigilant when installing apps, particularly those intended for use by children.”

Read more »

Chinese hackers target Taiwan cyber system!

A group of Chinese hackers, of late, has ganged up to spoil the cyber system in Taiwan if the US defense experts are to be believed. The cyber experts claim to have discovered the breakthrough recently as they hunkered down at a recent conclave with their counterparts in Taiwan.

Initially, the Chinese hackers deployed the network in question, in Virginia and Williamsburg as these places hosted the brainstorming conclave of the defense experts. They observed that the dangerous attempt initially took place on an email from China where the recipients were asked to open the particular message containing the malicious software. The moment one opens the message the hackers get the easy access to the entire network available on the personal computer.

A section of defense experts who attended the US-Taiwan Business Association conference said these hackers have been targeting their organization for the last couple of years forcing them to be more vigilant.

All suspicious messages have to be properly scanned to avoid the impending danger. Some experts in the conclave claimed to have received these disruptive emails before forwarding these to the cybersecurity experts.

According to an expert who has been firmly dealing with the hackers, the evidence is insufficient to directly talk of the Chinese hackers. But, the expert, claimed to have identified some factors to establish, beyond doubt, that the hackers hail from China since the malware in question bears Chinese features. None but the Chinese hackers are in the possession of that particular malware.

Of late, Taiwan’s democracy starts posing a huge challenge for China and that’s why Chinese cyber hackers can be deployed to counter the new threat from the end of Taiwan, said another defense expert who further heaped praise on the country for possessing huge network potentials.

These schemes of things indeed have forced Taiwan to formulate a slew of strategies to ensure a massive cybersecurity and vigil. The country is in a process to get a special cyber security cell to keep the Chinese cyber hackers at bay since these elements have been targeting Taiwan more than what they did to the US and Hong Kong.
Read more »
remote access
Cyber Crime Cyber Security Intel Security remote access

New Intel Security Flaw Detected

F-Secure, a Finnish cybersecurity firm revealed on Friday that it has discovered another security flaw in the Intel hardware. This flaw could enable hackers to access corporate laptops remotely.

Earlier it was revealed that the Intel chip had flaws that made almost every smartphone, laptop, or tablets vulnerable to hackers. This flaw is allegedly unrelated to Spectre and Meltdown but is rather an issue within Intel Active Management Technology (AMT).

According to F-Secure, AMT is commonly found in most corporate laptops and the flaw will allow an attacker to take complete control over a user's device in a matter of seconds.

“The issue potentially affects millions of laptops globally," the cybersecurity firm said.

The hacker would need physical access to the device at first but once they had re-configured the AMT, they would be able to effectively “backdoor” the machine and access the device using a remote server, just by connecting to the same network as the user.

There is also a possibility that the hacker would be able to programme the AMT to their own server, thus bypassing the need to connect to the user’s network.

The hacker will be able to access all information on the device after exploiting the flaw and will be able to make changes, download malware, etc. quite easily. No solutions or security measures have been found as yet, other than choosing a strong AMT password or disabling the AMT completely.
Read more »
System breach.
Bitcoin Ransomware Security Breach System breach.

Unknown Hackers demand Ransom in Bitcoin

Recently the news came out of a ransomware attack in Old Delhi after three of the hacked victims came forward to uncover more about the attack. The victims i.e. the traders were demanded ransom in Bitcoin from the unknown hackers.

Although it is believed that the hackers are supposedly from either Nigeria or Pakistan, they were responsible for encrypting files on the computers of the businessmen which comprised of key records. The hackers at that point, as indicated by the police coerced the victims, gave them the links to purchase bitcoins through which they needed to make payments for the release of critical documents.

 “Some traders paid in Bitcoins and got their data back. Some deposited the money from abroad. When my data was hacked, I spoke to fellow traders and learnt that there were other such cases. I wrote to the hackers and they agreed to decrypt the files for $1,750 (around Rs 1.11 lakh),” Mohan Goyal, one of the victims was quoted saying in the report.

According to reports, the hacked traders found the message that said there was a 'security issue' in the system displayed on their computers. The traders were then given case numbers and email addresses for correspondence. They were then at first offered decryption of five of their documents and files for free by the hackers, who later demanded the payment of ransom for the rest of the records.

While one of the IP address utilized by hackers was purportedly traced back to a system in Germany, but the fingers remain pointed towards hackers from Nigeria and Pakistan.

Experts say that for making it difficult to trace the money, getting the money in bitcoin works for the hackers. The Delhi crime branch which registered the FIR has already sent the hard disks of the complainants for further forensic tests. As of not long ago, three complaints already have been registered by the police and it is believed that the number of victims could be much higher.
Read more »

WhatApp group chat bug can allow anyone to join

Facebook-owned WhatsApp added end—to—end encryption to every conversation two years ago and made all conversations on the group private, meaning no third-party can read them, be it government, criminals or even WhatsApp itself. But according to a team of German security researchers, WhatsApp group chats might not be so secure and can easily be infiltrated without permission of the group admin. 

According to a report in Wired.com, the cryptographers from Ruhr University Bochum in Germany discovered flaws in security protocol of group of three popular instant messaging apps with WhatsApp standing out considering it has 1 billion-plus user base. The researchers looked at WhatsApp, Signal and Threema and announced their findings at the "Real World Crypto Security Conference” in Zurich, Switzerland, on Wednesday (January 10).

According to the report, while Signal and Threema’s flaws were not so serious, with WhatsApp they released that once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group.
"Anyone who controls the app's servers could insert new people into private group chats without needing admin permission," the report said, citing cryptographers. "The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," Paul Rosler, one of the Ruhr University researchers, was quoted as saying.

The WhatsApp attack on group chats takes advantage of a bug. WhatsApp incidentally relies on the Signal protocol for its end-to-end encryption.

"Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof," the report said. So the server can simply add a new member to a group with no interaction on the part of the administrator.

WhatsApp says it has looked at this issue carefully.
Read more »

New Wi-Fi version to counter hackers

A new Wi Fi version is set to hit the market to replace WAP2 to more firmly deal with the devastating hackers the Wi-Fi-enabled devices.

Cyber security experts have observed that WPA2 is not the sole mechanism to counter the KRACK which they call the method of attack that damages personal computers, smartphones along with other devices.

According to the experts at the Wi-Fi Alliance who have announced WAP3, the Wi-Fi protected Access protocol now on the wait to fight the hackers would be the best possible mechanism that could authenticate the personal devices on a specific form of network.

The upcoming version is believe to ensure safety and security of the Wi-Fi networks and it would be more effective or useful if network passwords are not required for Wi-Fi access. Further, security and privacy would remain upgraded if the flow of traffic from the access point to a device of user-end is encrypted, said the experts working with Wi-Fi Alliance.

The conglomerate of companies responsible for setting standards for consumer Wi-Fi has announced a slew of measures to ease the mechanism to set up a safe and secured password in some screen-free devices since these are the first casualty of the attacks.

But Wi-Fi Alliance has yet to announce anything about the backward compatibility where the old one devices could be used in the new format, perhaps to keep the hackers at bay. The change over is expected this year only.



Read more »

Russian hackers hacked and published 2018 Winter Olympics emails

In lieu of revenge from IOC after they have banned Russia from the 2018 Winter Olympics over doping allegations, Supposedly Russian hackers have released set of emails regarding Olympic games scheduled in February in South Korea.

The sources are declaring this act as a retaliation for the decision taken by International Olympic Committee(IOC) to bar Russia from participating in the Winter Olympic games to be held in Pyeongchang, according to the Buzzfeed news portal.

The hackers are assumed to be associated with the Russian government and they prefer calling themselves as "Fancy Bears", a funny reference to the Game's mascots.

They have published various emails dated from late 2016 to spring 2017 which appear to be among IOC employees and other countries regarding Russian doping conspiracy.

On the website, Fancy Bear posted, "These emails and documents point to the fact that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world."

However, IOC has not denied nor approved of the allegations made by the "Fancy Bear".One of the officials said, "we do not comment on leaked documents."

"Fancy Bear" is alleged to be associated with Russian military intelligence.

In December 2017, IOC banned Russia from participating in Winter Olympics stating that Russian government had created a state-sponsored doping environment

Read more »
Virtual ID
Aadhaar Data Breach Biometrics Privacy Issues. UIDAI Virtual ID

UIDAI Addresses Security And Privacy Concerns

The issue of protection of citizen data has once again picked up steam in the most recent week after The Tribune revealed that an unknown WhatsApp number was pitching access to the whole Aadhaar database for as low as Rs 500. So in an attempt to address security and privacy concerns around the leakage of Aadhaar numbers and information data, the Unique Identification Authority of India on Wednesday introduced two new measures - virtual ID and limited KYC.

The Aadhaar-card holder can utilize the idea or most likely the 'concept' of the virtual id through its website which can take into consideration different purposes, including SIM verifications, and save them the trouble of sharing the actual12-digit biometric ID.

The Virtual ID would be an arbitrary 16-digit number, complete with biometrics of the user and would give any authorised agency like a mobile company, restricted or limited details like name, address and photograph, which are more than sufficient for any confirmation and verification.
Then again the idea of 'limited KYC' will just give need based or finite details of a user to an authorised agency that is providing a specific administration or service.

From 1 June, 2018 it will be obligatory for all organizations and agencies that attempt verification to acknowledge the Virtual ID from their clients. Agencies that don't relocate to the new framework to offer this additional alternative to their clients by the stipulated due date will confront financial disincentives.

"Aadhaar number holder can use Virtual ID in lieu of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using the Virtual ID in a manner similar to using Aadhaar number," a UIDAI circular said.

Clients (users) can go to the UIDAI website to create their virtual ID which will be valid for a definite time frame, or till the user decides to transform it. Since the system generated Virtual ID will be mapped to a person's Aadhaar number itself at the back end, it will get rid of the requirement for the user to share Aadhaar number for validation and decrease the collection of Aadhaar numbers by various organizations.

According to the UIDAI, organizations that attempt validation would not be permitted to generate the Virtual ID on behalf of the Aadhaar holder.The UIDAI is also instructing all agencies utilizing its authentication and eKYC services to ensure Aadhaar holders can give the 16-digit Virtual ID rather than Aadhaar number within their application. 


Needless to say the move mainly focuses to reinforce the protection and security of Aadhaar data and comes in the midst of uplifted concerns around the collection and storage of personal and statistical (demographic) information of individuals.
Read more »
kodakcoin
Blockchain cryptocurrency kodakcoin

Kodak Launches Own Cryptocurrency KODAKCoin — Stocks Surge

In a tie-up with WENN Digital, a blockchain development firm, Kodak photo-centric cryptocurrency, KODAKCoin, causing a 60 percent stock rise after the surprise announcement.

This is a part of a larger initiative called KODAKOne which will reportedly give photographers a new revenue stream and a secure work platform. The blockchain-powered image management system will supposedly create a digital ledger of rights ownership that photographers can use to register and license new and old work.

Kodak CEO Jeff Clarke said in a statement, “For photographers who’ve long struggled to assert control over their work and how it’s used, these buzzwords [“blockchain” and “cryptocurrency”] are the keys to solving what felt like an unsolvable problem.”

Kodak’s choice to move towards blockchain rather than introduce a new social media platform to serve the same purpose has sparked some discussions that the company is trying to capitalise on the current cryptocurrency fad.

KODAKCoin’s initial coin offering opens on January 31st, under SEC guidelines as a security token, and it’s open to US, UK, Canadian, and other investors.

Further information can be obtained on their website.
Read more »
Subscribe to: Comments (Atom)