Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology
Dating App Privacy Breach Technology

Dating App Accused of Leaking Users’ Private Information from Their Profiles


Security Researcher discovered a leak within the dating app Plenty of Fish of the data that users had specially set as "private" on their profiles. The leaked information was not straight away obvious to the app users, and the information was scrambled to make it hard to peruse.

In any case, utilizing freely accessible tools intended to dissect network traffic, the researcher discovered that it was possible to uncover the data about the users as their profiles showed up on his phone.

As indicated by The App Analyst, a 'mobile expert' who expounds on his examinations of mainstream applications on his eponymous blog, POF was in every case quietly restoring the users' first names and postal ZIP codes which was the primary indication that something was truly amiss with the application.

In one case, the App Analyst even discovered enough data to identify where a specific user lived.

As of late, law enforcement also has on multiple occasions issued admonitions about the dangers a few people face on dating applications, similar to Plenty of Fish, which has approx. more than 150 million registered users, as indicated by its parent company IAC. Reports propose sex attacks involving these dating applications have ascended dramatically in the previous five years.

Furthermore, those in the LGBTQ+ community on these applications additionally face safety dangers from both people as well as the government, prompting applications like Tinder to proactively caution their LGBTQ+ users when they visit locales and states with prohibitive and harsh laws against same-sex accomplices.

Prior this year, the App Analyst found various outsider third-party tools that were permitting application developers to record the device’s screen while users engaged in with their applications resulting in a crackdown by Apple.

Even though spokespersons for 'Plenty of Fish' refused to comment regarding the matter immediately, a fix is said to have turned out recently for the data leakage bug.
Read more »
Technology
Amazon Lawsuits Security and Privacy Technology

Amazon, Rings Sued by a Man Claiming that the Camera was Hacked and used to Harass his Kids


A class-action lawsuit has been filed against Amazon-owned Rings by Alabama resident John Orange. The company has been accused mainly of negligence and invasion of privacy amid other side claims namely breach of an implied warranty, breach of implied contract and violation of California’s Unfair Competition Law against false advertising as it failed to provide enough protection against hacks.

Orange claimed that his internet-connected Ring camera which he bought in July 2019 was hacked and used to harass his three children aged seven, nine and ten, as per the lawsuit. Reportedly, the hacker spoke to the kids as they were playing basketball.

The argument for a class-action was supported by seven other similar incidents reported by media wherein these devices were hacked as the two-way talk function was used by hackers to talk to unsuspecting children.

A mother shared one such disturbing incident which made rounds on social media, it took place in Mississippi wherein the hacker attempted to engage with her eight-year-old daughter. While, another one which took place in Texas, witnessed a couple being threatened to pay a ransom of $350,000 in bitcoin.

According to the lawsuit, "An unknown person engaged with Mr. Orange’s children commenting on their basketball play and encouraging them to get closer to the camera."

“Although Ring is in the business of home security and was certainly aware that its Wi-Fi-enabled product, was vulnerable to attack, it took no steps to ‘require camera owners to use two-factor authentication, which could help prevent these types of attacks…,’” the lawsuit stated.

“Moreover, it knew, or should have known, in an era of pervasive data breaches, that logging in with user emails instead of unique account names, and not requiring at least 2FA [two-factor authentication], put its Wi-Fi-enabled product at an unreasonable risk of being compromised.”

“Unfortunately, Ring did not fulfill its core promise of providing privacy and security for its customers as its camera systems are fatally flawed,” the lawsuit further claimed.

On being asked by Gizmodo, a spokesman from Ring declined to comment as he told that the company "does not comment on legal matters."

If the matter qualifies for gaining the status of class action, Amazon and Ring would be asked to provide compensation for the affected parties and implement better security measures.
Read more »
Vulnerabilities and Exploits
Bug Twitter Vulnerabilities and Exploits

Expert finds a Bug in Twitter that can Expose your Account Information


As if it wasn't enough already, the famous social networking and microblogging website Twitter has suffered yet another data vulnerability recently. In a recent data breach incident, an expert claimed that he was able to exploit a Twitter bug and used it to match more than 17 Million mobile numbers to user profiles. The list of the accounts targeted includes prominent lawmakers and officials. This hack was achieved by exploiting a bug in Twitter's Android application.


According to the reports of TechCrunch, Safety expert, Ibrahim Balic discovered that it is attainable to post complete records of created contact information via the contact upload option in the Twitter app. "If you put your contact information .i.e the phone number, the app in return, retrieve user information," says Ibrahim. The users whose phone numbers were matched were from countries like Germany, France, Armenia, Iran, Greece, Turkey, and Israel. In one particular incident, the user whose number was matched was found to be a prominent Israeli politician, reports TechCrunch.

 About the Bug-
Ibrahim Balic started to alert the users of this issue 2 months earlier, through a WhatsApp group. When Twitter came to know this, the micro-blogging platform immediately obstructed his attempts. Ibrahim was able to create more than 2 Billion mobile numbers, steadily, after rearranging the numbers created, he uploaded them online via the Twitter Android application. However, the vulnerability didn't exist in the web-based Twitter app. It is yet to confirm whether Ibrahim's activity was associated with what Twitter issued in a statement earlier this week, saying it had suffered a data exploit. Twitted admitted that a malicious bug was implanted into its application by an anonymous cyber-criminal, which could've jeopardized numerous Twitterites information across the world, including Indian users. Twitter, however, did not reveal the person responsible for the exploit.

What can this Vulnerability do? 
This exploit in the Twitter android application can allow hackers to see personal information of the users, and also gives them the command of user accounts, by allowing hackers to tweet or send messages. The researcher Balic is known for exposing the security flaw in Apple's developer center in the year 2013. "We are working our best to ensure that the bug couldn't be exploited again," said the Twitter spokesperson. Twitter has faced various security issues in the past this year.
Read more »
United States
Cyber Command Cyber Security Russia United States

Kremlin commented on the plans of the US cyber command


Member of the State Duma Committee on International Affairs, Elena Panina, considers the tactics of countering possible "interference in elections", which the US cyber command is developing, as direct aggression against Russia.

Earlier, the Washington Post reported that the US cyber command is developing information warfare tactics against high-ranking Russian officials and businessmen in case Moscow tries to interfere in the 2020 elections. The goal of the cyber command may be representatives of the Russian elite.

"Attempts by the American side to present these plans as "defensive", as a possible response to the case of "interference in the American elections" look ridiculous. In fact, we are talking about the threat of direct aggression against Russia in the information space," said Panina.
According to her, the cynical nature of these actions is manifested in the fact that the United States decided to publicly blackmail Russian political and business elites, threatening to hack e-mail and invade personal space.

She believes that the purpose of public disclosure of such plans is an attempt to intimidate the Russian political class. "Such actions are more typical for a criminal group than for a legal State," stated Panina.

In addition, a member of the Federation Council Committee on Foreign Affairs, Sergei Tsekov, stated that there is nothing original in the published plans for conducting an information war.

"The United States is always waging an information war against Russia. This is the meaning of life for the American community. So there is nothing original in this statement. As for countering Russian" interference " in the elections, the Americans have already achieved a 100% effect. Russia has never interfered in the election process and is not going to," said he.

The Senator also expressed the opinion that the effect of any American tactics of conducting an information war against Russia "will be very weak".

"Russian society is consolidated and understands very well the nature and mentality of the American community. So we do not give in to any propaganda on their part," concluded Tsekov.

Recall that US intelligence agencies accused Russia of interfering in the election campaign before the 2016 presidential election. Later, a commission was formed to investigate these circumstances, led by special prosecutor Robert Muller, the former head of the FBI. 
Read more »
NULS
cryptocurrency Cyber Security Hacking NULS

Development Team Suffers Cryptocurrency Theft Worth $4,80,000


Hackers stole records relating to the extension unit of an unknown blockchain recently, taking cryptocurrency worth $480,000, which is known as an obscure token called NULS. The developing team working on NULS confirmed on Twitter that it suffered a hacking attack. Earlier in the morning, the company tweeted that around 2 million NULS ($4,80,000) were stolen from its account. From the amount that was stolen, the development team says that more than half the amount lost in the theft has been liquidated to other cryptocurrency forms, amounting roughly to $131,600.



The company is planning to 'Hard Fork' the transaction network and blockchain, a measure that stops the cryptocurrency once and for all. Fortunately, the incident didn't have a hard effect on the price of NULS. The reason for the theft is said to be a vulnerability found in software version 2.2. The reason for having little effect on its value might be due to the value dropping down already at over 95%, following the all-time high before the incident was exposed. The users that use NULS are requested by the company to update their software to the latest version available, as to prevent themselves from any hacking issue.

Similar to the incident when Ethereum also 'Hard Forked' to retrieve its taken cryptocurrency:
The acknowledgment of the NULS team to this issue of theft is nostalgic for how core developers of Ethereum countered the problem of 'DAO' hacking incident in the year 2016. The DAO (Digital Decentralized Autonomous Organization) was supported by active agreements that worked likewise to an enterprise funds stock but was driven by the investor. Certainly, following the incident in which Ethereum worth $40 Million was stolen by the hackers from the DAO, Ethereum development divided the blockchain separately into 2 divisions.

In the 1st division, the users stirred by the theft could recover the Ethereum funds. Meanwhile in the 2nd division resumed upholding the initial variant of the block-chain record known as 'Ethereum Classic.' To this day, that specific Hard Fork incident is still a controversy amid the critics, practicing it as evidence of the unification concerning Ethereum‘s administration. Fortunately, NULS is not as popular as Ethereum, so the hard forking step won't cause much of a controversy for the company.
Read more »
Nepal
Bank fraud China Cyber Security Nepal

122 Chinese Men Detained in Nepal on Charges of Cyber-crime and Bank Fraud


 KATHMANDU: Nepal police on Tuesday detained 122 Chinese men and women in what seems like the biggest crime gig by foreigners. A police officer, Hobindra Bogati, said the Chinese embassy was aware of the raids and have fully supported the detentions. The chief of police of capital Kathmandu stated that the suspects were raided on Monday when the police got info that some Chinese visa holding foreigners were engaged in suspicious activity. The police chief, Uttam Subedi said, “This is the first time that so many foreigners have been detained for suspected criminal activities."


These people were suspected of various cyber crimes like hacking into bank cash machines and more. These 122 men and women are held in different police stations with their passports and laptops confiscated. Another police officer, Hobindra Bogati, told that the Chinese embassy in Nepal was aware of the raids and have fully supported the detentions. Chinese Foreign Ministry spokesman Geng Shuang, in Beijing, said Nepal and Chinese police have agreed to be cooperative in the investigations and China is willing to increase law-enforcement cooperation with its neighbor.

Chinese people in recent times are increasingly being detained in Asian countries on suspicions of fraud and other illegal activities. In the Philippines last week, 342 Chinese workers were arrested, caught in an unlicensed gambling operation. Some Chinese citizens were also arrested smuggling gold while in September, five were arrested for stealing money from bank cash machines. Even though the rate of criminal activities by the Chinese in Nepal is at a high rate, the state affairs between the two countries couldn't have been better.

China has increased FDI in Nepal in recent years, working on the development of roads, power plants, and hospitals. More than 134,000 Chinese tourists visited Nepal between January and October this year, up 9.2 percent from the same period in 2018, according to Nepal Tourism Board data. During a visit to Nepal by President Xi Jinping in October, Nepal and China signed a treaty to work together and provide mutual assistance on criminal matters.
Read more »
Russian Cyber Security
Cyber Attacks Network Security News Russia Russian Cyber Security

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.
Read more »
Privacy
Cyber Security Cyber Threats Privacy

7 Easy Habits to make you Digitally Secure!


So 2019, was quite a year for hackers and security breaches. Countless malware, trojans, ransomware and data breaches attacked the business and financial sector leaving our security and information more exposed and feeble. And these hackers have moved from targeting the rich and high profile to the common people and the consequences can be right down scary. And that's why it becomes imperative that we protect ourselves from these attacks. It may seem like impossible feet but a few simple habits can go a long way to keep us cyber safe and cyber secure. Let's take a look-


1. Antivirus software 
Leaving your computer exposed without any antivirus means you are gladly inviting virus and malware into your system. Installing an antivirus is the first line of defense and quite simple. Using anti-virus software is the foundation from which all your other online safety habits are built. 

2.Thinking free means safe 
Always be aware of freebies on the internet and cyberspace be it free software or free wifi. Especially using free or public wifi can cost you dearly. Since this type of network is open for use by anyone, there’s a high risk of exposing your system to malware and having the information you send or receive (including passwords) viewed and collected by criminals. So, avoid using public wifi and even if you have to consider VPN( Virtual Private Network)

 3.“Remind me later” 
FoxNews says, "Are you notorious for rescheduling software updates but never actually installing them? If you often hit the “Remind me later” button, you’re asking for trouble. "Don’t prevent your system from receiving the latest tools and security patches needed to fight off attackers and viruses."

4. Beware of attachments on Emails 
Clicking before you investigate, can be lethal for your security. Many ransomware seems like legit emails from governments and when you click the attachment, the word file activates the ransomware in your system. So, always be prudent about opening attachments and links given in mails.

5. Don't go with the lazy option - set a strong different password 
Using the same password for every platform makes it easier for the hacker to get in your machine. Also, if one platform is hacked it can lead to a chain hacking of your full online presence.

6.Forgetting about your online presence 
FoxNews advises that it’s common to have a ton of online accounts. Over time, you may forget about a few of the ones you rarely use or have stopped using entirely. That means if your account is compromised, you may not even notice. Jot down all the accounts you’ve created and routinely go through and delete those you no longer use.

7.Accepting terms you never read 
And the last and most common mistake that we are all guilty of- accept terms and conditions without reading them. Apps and software can easily access our data, pictures, SMS, and others legally and easily because of this.

Today, the world is getting smart, everything is connected from your phone to your TV with the integration of the Internet of Things (IoT) and thus it's important to adopt some healthy security habits.
Read more »
Hackers News
Cyber Crime Cyber Crime Report Hackers Hackers News

Russian hackers included in the US sanctions list may be associated with the criminal world


Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese").

On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel.

Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear.

According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik."
According to a source familiar with the details of the investigation, the hacker group was engaged in money laundering, including through real estate investments. He emphasized that Yakubets attracted a thief in law to Evil Corp.

Earlier it became known that one of the participants of the hacker group Evil Corp was Andrei Kovalsky, the son of Vladimir Strelchenko, the former mayor of the Moscow city of Khimki.

On December 5, the US government imposed sanctions against 17 Evil Corp hackers and companies associated with them. The US Treasury Department estimated the damage from their activities at $100 million.

The leader of the group Maxim Yakubets arrested in absentia. The US State department has announced a five-million-dollar reward for information leading to his arrest.
Read more »
Hacking
Communications Cyber Security Encryption Hacking

Latest "incorruptible" Privacy Method that makes your VPN Out-of-Date


 A unique chip that allows computers to send information using a 1-time 'indestructible' connection.

 "Experts have made a unique unhackable safety system that is bound to transform the information secrecy," says the University of St Andrews, King Abdullah University of Sciences and Technology (KAUST) and the Center for Unconventional Processes of Sciences (CUP Sciences). The global organization of experts has built a new optical chip that enables the message to be transmitted from the sender to another receiver using a 1-time untraceable transmission that can accomplish 'absolute privacy' as private information is secured as one of the safest means, thanks to the experts. The experts' designed method utilizes silicon chips that carry compact arrangements that are permanently modified to transfer data in a one-time-key that can't be formed again or hijacked by the hackers.



A technology of the future- 
While the present conventional encryption methods permit messages to be transferred instantly, the information can, however, be hacked by quantum algorithms and computers of the future. But, as per the experts' claim, the latest developed technique for encoding information is solid and utilizes present transmission systems. The newly devised method also occupies limited storage on the present computer systems compared to conventional encoded interactions.

“Due to the arrival of more robust and quantum machines and future computers, all present encodings would be deciphered without taking much time, revealing the confidentiality of our existing and past transmission networks that hold much importance. For example, a hacker can save a piece of encoded information that is available now and he can expect the appropriate systems and technologies that can be availed shortly to decrypt the information. Executing large and cost-effective means of world-class safety is a universal enigma," says Dr. Andrea Fratalocchi, Associate Professor, Electrical Engineering at KAUST and Director of the Research.

He further says: Our research, however, has the caliber to resolve the problems of privacy for every individual across the globe. If by any chance this new technique could be executed across the world universally, the hackers would have a hard time trying to break into someone's personal information and would be seeking jobs elsewhere. For the moment, the groups of experts are currently planning to develop business apps for their trademarked technique and are planning to do a demo very soon.
Read more »
Remote Access Tool
malware RAT Remote Access Tool

Company Behind Orcus Malware Fined by Canadian Broadcasting Agency


Orcus Technologies, an organization that sold a remote access trojan (RAT) Orcus has been fined with 115,000 Canadian dollars (Approximately 87,000 US dollars). The fine was imposed by one of Canada's broadcasting agency, Canadian Radio-Television and Telecommunications Commission (CRTC).

Orcus Technologies was established in March 2016 by founders John Paul Revesz (also known by the names, Ciriis McGraw, Armada Angelis, among other aliases) and a Germany-based man, Vincent Leo Griebel (also known as Sorzus). Griebel was responsible for developing the malware while Revesz looked after the marketing, sales and support section for the software. The idea behind the operations was to deliver a remote management tool just like widely used TeamViewer and various other remote management applications, as per the investigation carried out by the CRTC in association with the cybercrime division of the Royal Canadian Mounted Police (RCMP).

"Proof got for the duration of the investigation allowed the Leader Compliance and Enforcement Officer (CEO) to conclude that the Orcus RAT was once now not the everyday management instrument Griebel and Revesz claimed, however, was once, if truth be told, a Far-flung Get right of entry to Trojan (RAT), an identified form of malware," as per the CRTC's findings.

The findings further claimed that the duo not only sold and promoted the malware but also assisted malicious actors in getting Orcus RAT installed on users' computers without their consent or knowledge.

In a similar context, last month, Revesz faced criminal charges against him, filed by the RCMP. Earlier in March, this year, the RCMP came up with an arrest warrant at Revesz apartment, meanwhile, there were separate arrest warrants aimed at Orcus RAT customers by Australian Police.

It was around 2016's summer, Orcus RAT starting making headlines in the cybersecurity ecosystem, the RCMP revealed that it started investigating the company behind the malware since July 2016 and have kept a continuous track of the activities revolving around Orcus Technologies since then. Before finally distributing the malware via malspam campaigns, the team behind Orcus announced the malware in a piracy forum in 2016 itself. Then same year also witnessed the publication of an article on the subject reporting the malicious intent of the authors in the month of July. In the wake of the publication which presented enough evidence against the malware, Revesz took to Twitter to defend the Orcus RAT, wherein he claimed that his tool amounts to nothing more than a remote administration application.

As an aftermath of Revenz's weak arguments and the disputes that followed on Twitter, various cybersecurity professionals and organizations filed complaints against the authors of Orcus RAT with corresponding Canadian authorities.

Although the duo is responsible for the creation of the malware and initiating its distribution, the buyers who extended the malicious operations by infecting the victims are equally responsible as the two.
Read more »
Subscribe to: Comments (Atom)