Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
ransomware builder
BreachForums Cyber Security Cybersecurity Dark Web Ethical Hacking good hacker hacking back honeypot strategy Penetration Testing Ransomware ransomware builder

Security Researcher Outsmarts Hackers with Fake Ransomware Tool

 

The debate surrounding the ethics and practicality of "hacking back" remains a heated topic within the cybersecurity community. When organizations face cyberattacks, is retaliating against the attacker a viable option? While opinions differ, one fact remains clear: breaking the law is breaking the law, regardless of intent.

However, in a fascinating case of strategic ingenuity rather than retaliation, a security researcher and penetration tester successfully infiltrated a notorious dark web criminal marketplace. This was less an act of hacking back and more a bold example of preemptive defense.

Quoting American philosopher Robert Maynard Pirsig, Cristian Cornea, the researcher at the heart of this operation, opened his riveting Medium post with, “Boredom always precedes a period of great creativity.” Inspired by these words, Cornea devised a clever honeypot strategy to target potential ransomware hackers frequenting the BreachForums marketplace on the dark web.

His plan revolved around creating a fake ransomware tool called the "Jinn Ransomware Builder," designed to lure cybercriminals. This supposed tool offered features to help bad actors deploy ransomware attacks. In reality, it was a honeypot—an elaborate trap with some real functionalities but embedded with hardcoded and backdoored command-and-control callbacks.

“Jinn Ransomware Builder is actually a honeypot,” Cornea explained, “but some of the features presented above are real.” For instance, the tool could initiate a remote connection and open a process with a server-hosted “CmD.eXE” executable. Other features, such as multi-language support and AES encryption, were merely designed to make the tool appear more authentic and appealing to malicious actors.

Cornea emphasized that his actions were performed within a controlled and simulated environment, ensuring no laws were broken. “I strictly discourage anyone else from executing such actions themselves,” he warned. He stressed the importance of staying on the ethical side of hacking, noting that the line between good and bad hacking is dangerously thin.

This operation highlights the creativity and strategic thinking ethical hackers use to combat cybercrime, reinforcing that innovation and legality must go hand in hand.
Read more »
Routers
CVE CVEs Cyber Security Cyber Vulnerabilities D-Link EOL firmware NAS Router vulnerability Routers

D-Link Urges Replacement of End-of-Life VPN Routers Amid Critical Security Vulnerability

 

D-Link has issued a strong warning to its customers, advising them to replace certain end-of-life (EoL) VPN router models immediately. This follows the discovery of a critical unauthenticated remote code execution (RCE) vulnerability that will not be addressed with security patches for the affected devices. The vulnerability was reported to D-Link by security researcher “delsploit,” although technical details have been withheld to prevent widespread exploitation. The flaw impacts all hardware and firmware versions of the DSR-150, DSR-150N, DSR-250, and DSR-250N models, particularly firmware versions 3.13 to 3.17B901C. 

These routers, which have been popular among home offices and small businesses worldwide, officially reached their end-of-service (EoS) status on May 1, 2024. D-Link’s advisory makes it clear that no further security updates will be issued for these devices. Customers are strongly encouraged to replace the affected models to avoid potential risks. For users who continue using these devices despite the warnings, D-Link suggests downloading the latest available firmware from their legacy website. 

However, it is important to note that even the most up-to-date firmware will not protect the routers from the RCE vulnerability. The company also cautions against using third-party open-firmware solutions, as these are unsupported and will void any product warranties. D-Link’s policy not to provide security fixes for EoL devices reflects a broader strategy within the networking hardware industry. The company cites factors such as evolving technologies, market demands, and product lifecycle maturity as reasons for discontinuing support for older models. The issue with D-Link routers is not an isolated case. 

Earlier this month, researcher “Netsecfish” revealed CVE-2024-10914, a command injection flaw affecting thousands of EoL D-Link NAS devices. Similarly, three critical vulnerabilities were recently disclosed in the D-Link DSL6740C modem. In both instances, the company chose not to release updates despite evidence of active exploitation attempts. The growing trend of security risks in EoL networking hardware highlights the importance of timely device replacement. 

As D-Link warns, continued use of unsupported routers not only puts connected devices at risk but may also leave sensitive data vulnerable to exploitation. By replacing outdated equipment with modern, supported alternatives, users can ensure stronger protection against emerging cybersecurity threats.
Read more »
Youtube
Amazon Audible ClearFake Cyber Security CyberCrime Cyberhackers CyberThreat Google Youtube

Amazon and Audible Face Scrutiny Amid Questionable Content Surge

 


The Amazon online book and podcast services, Amazon Music, and Audible have been inundated by bogus listings that attempt to trick customers into clicking on dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software for sale. It is becoming increasingly common to abuse Spotify playlists and podcasts to promote pirated software, cheat codes for video games, spam links, and "warez" websites. 

To spam Spotify web player results into search engines such as Google, threat actors can inject targeted keywords and links in the description and title of playlists and podcasts to boost SEO for their dubious online properties. In these listings, there are playlist names, podcast description titles, and bogus "episodes," which encourage listeners to visit external links that link to places that might cause a security breach. 

A significant number of threat actors exploit Google's Looker Studio (formerly Google Data Studio) to boost the search engine ranking of their illicit websites that promote spam, torrents, and pirated content by manipulating search engine rankings. According to BleepingComputer, one of the methods used in the SEO poisoning attack is Google's datastudio.google.com subdomain, which appears to lend credibility to the malicious website. 

Aside from mass email spam campaigns, spammers are also using Audible podcasts as another means to spread the word about their illicit activities. Spam can be sent to any digital platform that is open to the public, and no digital platform is immune to that. In cases such as those involving Spotify or Amazon, there is an interesting aspect that is, one would instinctively assume that the overhead associated with podcasting and digital music distribution would deter spammers, who would otherwise have to turn to low-hanging fruit, like writing spammy posts to social media or uploading videos that have inaccurate descriptions on YouTube. 

The most recent instance of this was a Spotify playlist entitled "Sony Vegas Pro 13 Crack...", which seemed to drive traffic to several "free" software sites listed in the title and description of the playlist. Karol Paciorek, a cybersecurity enthusiast who spotted the playlist, said, "Cybercriminals exploit Spotify for malware distribution because Spotify has become a prominent tool for distributing malware. Why? Because Spotify's tracks and pages are easily indexed by search engines, making it a popular location for creating malicious links.". 

The newest business intelligence tool from Google, Looker Studio (formerly, Google Data Studio) is a web-based tool that allows users to make use of data to create customizable reports and dashboards allowing them to visualize and analyze their data. A Data Studio application can, and has been used in the past, to track and visualize the download counts of open source packages over some time, such as four weeks, for a given period. There are many legitimate business cases for Looker Studio, but like any other web service, it may be misused by malicious actors looking to host questionable content on illegal domains or manipulate search engine results for illicit URLs. 

Recent SEO poisoning campaigns have been seen targeting keywords related to the U.S. midterm election, as well as pushing malicious Zoom, TeamViewer, and Visual Studio installers to targeted sites.  In advance of this article's publication, BleepingComputer has reached out to Google to better understand the strategy Google plans to implement in the future.

Firstory is a new service launched in 2019 that enables podcasters to distribute their shows across the globe, and even connect with audiences, thereby empowering them to enjoy their voice! Firstory is open to publishing podcasts on Spotify, but it acknowledges that spam is an ongoing issue that it is increasingly trying to address, as it focuses on curtailing it as much as possible. 

Spam accounts and misleading content remain persistent challenges for digital platforms, according to Stanley Yu, co-founder of Firstory, in a statement provided to BleepingComputer. Yu emphasized that addressing these issues is an ongoing priority for the company. To tackle the growing threat of unauthorized and spammy content, Firstory has implemented a multifaceted approach. This includes active collaboration with major streaming platforms to detect and remove infringing material swiftly. 

The company has also developed and employed advanced technologies to scan podcast titles and show notes for specific keywords associated with spam, ensuring early identification and mitigation of potential violations. Furthermore, Firstory proactively monitors and blocks suspicious email addresses commonly used by malicious actors to infiltrate and disrupt digital ecosystems. By integrating technology-driven solutions with strategic partnerships, Firstory aims to set a higher standard for content integrity across platforms. 

The company’s commitment reflects a broader industry imperative to protect users and maintain trust in an ever-expanding digital landscape. As digital platforms evolve, sustained vigilance and innovation will be essential to counter emerging threats and foster a safer, more reliable online environment.
Read more »
Employee Training
AI technology Business Security cyber resilience Cyber Security Cybersecurity awareness data security Employee Training

Creating a Strong Cybersecurity Culture: The Key to Business Resilience

 

In today’s fast-paced digital environment, businesses face an increasing risk of cyber threats. Establishing a strong cybersecurity culture is essential to protecting sensitive information, maintaining operations, and fostering trust with clients. Companies that prioritize cybersecurity awareness empower employees to play an active role in safeguarding data, creating a safer and more resilient business ecosystem. 

A cybersecurity-aware culture is about more than just protecting networks and systems; it’s about ensuring that every employee understands their role in preventing cyberattacks. The responsibility for data security has moved beyond IT departments to involve everyone in the organization. Even with robust technology, a single mistake—such as clicking a phishing link—can lead to severe consequences. Therefore, educating employees about potential threats and how to mitigate them is crucial. 

As technology becomes increasingly integrated into business operations, security measures must evolve to address emerging risks. The importance of cybersecurity awareness cannot be overstated. Just as you wouldn’t leave your home unsecured, companies must ensure their employees recognize the value of safeguarding corporate information. Awareness training helps employees understand that protecting company data also protects their personal digital presence. This dual benefit motivates individuals to remain vigilant, both professionally and personally. Regular cybersecurity training programs, designed to address threats like phishing, malware, and weak passwords, are critical. Studies show that such initiatives significantly reduce the likelihood of successful attacks. 

In addition to training, consistent reminders throughout the year help reinforce cybersecurity principles. Simulated phishing exercises, for instance, teach employees to identify suspicious emails by looking for odd sender addresses, unusual keywords, or errors in grammar. Encouraging the use of strong passwords and organizing workshops to discuss evolving threats also contribute to a secure environment. Organizations that adopt these practices often see measurable improvements in their overall cybersecurity posture. Artificial intelligence (AI) has emerged as a powerful tool for cybersecurity, offering faster and more accurate threat detection. 

However, integrating AI into a security strategy requires careful consideration. AI systems must be managed effectively to avoid introducing new vulnerabilities. Furthermore, while AI excels at monitoring and detection, foundational cybersecurity knowledge among employees remains essential. A well-trained workforce can address risks independently, ensuring that AI complements human efforts rather than replacing them. Beyond internal protections, cybersecurity also plays a vital role in maintaining customer trust. Clients want to know their data is secure, and any breach can severely harm a company’s reputation. 

For example, a recent incident involving CrowdStrike revealed how technical glitches can escalate into major phishing attacks, eroding client confidence. Establishing a clear response strategy and fostering a culture of accountability help organizations manage such crises effectively. 

A robust cybersecurity culture is essential for modern businesses. By equipping employees with the tools and knowledge to identify and respond to threats, organizations not only strengthen their defenses but also enhance trust with customers. This proactive approach is key to navigating today’s complex digital landscape with confidence and resilience.
Read more »
telecoms
Cyber Security Elon Musk Internet Service Providers National Security regulatory measures Satellite Starlink telecoms

Concerns Over Starlink in India: Potential Risks to National Security


As Starlink, Elon Musk’s satellite internet service, prepares to enter India’s broadband market, think tank Kutniti Foundation has raised significant concerns about its potential risks to India’s national security. A report cited by PTI claims Starlink’s close ties with U.S. intelligence and military agencies could make it a threat to India’s interests. The foundation described Starlink as “a wolf in sheep’s clothing,” alleging that its dual-use technology serves American governmental agendas. Unlike traditional telecom networks operating under Indian jurisdiction, Starlink’s global satellite system bypasses local control, granting operational authority to U.S.-based entities. 

Kutniti suggests this could allow for activities such as surveillance or other strategic operations without oversight from India. The report also highlights that Starlink’s key clients include U.S. intelligence and military organizations, positioning it within what the foundation calls the U.S. “intel-military-industrial complex.” India’s Communications Minister Jyotiraditya Scindia recently addressed these concerns, stating that Starlink must meet all regulatory and security requirements before its services can be approved. He confirmed that the government will only consider granting a license once the platform fully complies with the country’s safety standards for satellite broadband.  

Kutniti’s report also examines the broader implications of Starlink’s operations, emphasizing how its ownership and infrastructure could support U.S. strategic objectives. The foundation referenced U.S. laws that prioritize national interests in partnerships with private enterprises, suggesting this could undermine the sovereignty of nations relying on Starlink’s technology. The think tank further criticized the role of Musk’s ventures in geopolitical scenarios, pointing to Starlink’s refusal to assist a Ukrainian military operation against Russia as an example of its influence. 

Additionally, Kutniti noted Musk’s association with Palantir Technologies, a firm known for intelligence collaborations, as evidence of the platform’s involvement in sensitive political matters. Highlighting incidents in countries like Brazil, Ukraine, and Iran, Kutniti argued that Starlink’s operations have, at times, bypassed local governance and democratic norms. The report warns that the satellite network could serve as a tool for U.S. geopolitical leverage, further cementing American dominance in space and global communications. 

India’s careful consideration of Starlink reflects a broader need to balance the benefits of cutting-edge technology with national security concerns. Kutniti’s findings underscore the risks of integrating foreign-controlled networks, especially those with potential geopolitical implications, in an increasingly complex global landscape.
Read more »
TLS inspection
Cato Networks CVE exploits Cyber Security Cyber Threats Cybersecurity Data Privacy Penetration Testing Ransomware ransomware-as-a-service Shadow AI TLS inspection

Ransomware Gangs Actively Recruiting Pen Testers: Insights from Cato Networks' Q3 2024 Report

 

Cybercriminals are increasingly targeting penetration testers to join ransomware affiliate programs such as Apos, Lynx, and Rabbit Hole, according to Cato Network's Q3 2024 SASE Threat Report, published by its Cyber Threats Research Lab (CTRL).

The report highlights numerous Russian-language job advertisements uncovered through surveillance of discussions on the Russian Anonymous Marketplace (RAMP). Speaking at an event in Stuttgart, Germany, on November 12, Etay Maor, Chief Security Strategist at Cato Networks, explained:"Penetration testing is a term from the security side of things when we try to reach our own systems to see if there are any holes. Now, ransomware gangs are hiring people with the same level of expertise - not to secure systems, but to target systems."

He further noted, "There's a whole economy in the criminal underground just behind this area of ransomware."

The report details how ransomware operators aim to ensure the effectiveness of their attacks by recruiting skilled developers and testers. Maor emphasized the evolution of ransomware-as-a-service (RaaS), stating, "[Ransomware-as-a-service] is constantly evolving. I think they're going into much more details than before, especially in some of their recruitment."

Cato Networks' team discovered instances of ransomware tools being sold, such as locker source code priced at $45,000. Maor remarked:"The bar keeps going down in terms of how much it takes to be a criminal. In the past, cybercriminals may have needed to know how to program. Then in the early 2000s, you could buy viruses. Now you don't need to even buy them because [other cybercriminals] will do this for you."

AI's role in facilitating cybercrime was also noted as a factor lowering barriers to entry. The report flagged examples like a user under the name ‘eloncrypto’ offering a MAKOP ransomware builder, an offshoot of PHOBOS ransomware.

The report warns of the growing threat posed by Shadow AI—where organizations or employees use AI tools without proper governance. Of the AI applications monitored, Bodygram, Craiyon, Otter.ai, Writesonic, and Character.AI were among those flagged for security risks, primarily data privacy concerns.

Cato CTRL also identified critical gaps in Transport Layer Security (TLS) inspection. Only 45% of surveyed organizations utilized TLS inspection, and just 3% inspected all relevant sessions. This lapse allows attackers to leverage encrypted TLS traffic to evade detection.

In Q3 2024, Cato CTRL noted that 60% of CVE exploit attempts were blocked within TLS traffic. Prominent vulnerabilities targeted included Log4j, SolarWinds, and ConnectWise.

The report is based on the analysis of 1.46 trillion network flows across over 2,500 global customers between July and September 2024. It underscores the evolving tactics of ransomware gangs and the growing challenges organizations face in safeguarding their systems.
Read more »
VPN security risk
Brute-Force Attacks Cyber Security cybersecurity risk FortiClient vulnerability Fortinet VPN flaw Pentera research undetected logins VPN security risk

Fortinet VPN Logging Flaw Exposes Vulnerability to Undetected Credential Verification

 

A flaw in the logging mechanism of Fortinet VPN servers could allow attackers to hide successful credential verifications during brute-force attacks, potentially leaving defenders unaware of compromised logins.

While brute-force activity remains visible, a new technique limits logs to failed attempts, creating a false sense of security for system administrators.

FortiClient VPN logs login attempts through two steps: authentication and authorization. Researchers from Pentera, a cybersecurity company specializing in automated security validation, found that successful logins are recorded only if both steps are completed. Otherwise, the VPN logs the event as a failed authentication.

“[…] the failed ones are logged in the authentication phase but the successful ones are logged in the authorization phase, so yes, a full login with either a script or a VPN client would create a log,” explained Pentera researcher Peter Viernik to BleepingComputer.

The researchers devised a method to halt the process after the authentication phase, validating credentials without generating a log of the successful attempt. Using the Burp application security tool, they observed that the server response indicates valid credentials through specific values (“ret=1” for valid and “ret=0” for failed), while subsequent steps establish VPN sessions.

Stopping the process before authorization prevents successful logins from being recorded. Pentera notes this gap creates a security risk:

"The inability to log successful authentication attempts at the authentication phase presents a significant security risk. Attackers could potentially exploit this vulnerability to conduct brute-force attacks without detection of their successful attempts."

While admins might detect ongoing brute-force attempts, they would not know if any credentials were successfully verified. This could lead to attackers selling valid credentials or using them for future breaches when vigilance has waned.

Despite this issue, attackers must still bypass authorization, which includes API calls verifying device security compliance and user access levels. Though this complicates exploitation, Pentera warns that well-resourced adversaries could still succeed.

Pentera disclosed their findings to Fortinet, which reportedly did not consider the issue a vulnerability. It remains unclear if Fortinet plans to address the problem, though Pentera suggests the fix would not be complex.

As part of their disclosure, Pentera released a script demonstrating the flaw’s exploitation. BleepingComputer reached out to Fortinet for comment but did not receive a response by the time of publication.
Read more »
SMTP servers
Authentication Cyber Security Cyber Threats Cybersecurity Dark Web Data Privacy email encryption email security Malware Distribution Phishing Attacks SMTP servers

New SMTP Cracking Tool for 2024 Sold on Dark Web Sparks Email Security Alarm

 

A new method targeting SMTP (Simple Mail Transfer Protocol) servers, specifically updated for 2024, has surfaced for sale on the dark web, sparking significant concerns about email security and data privacy.

This cracking technique is engineered to bypass protective measures, enabling unauthorized access to email servers. Such breaches risk compromising personal, business, and government communications.

The availability of this tool showcases the growing sophistication of cybercriminals and their ability to exploit weaknesses in email defenses. Unauthorized access to SMTP servers not only exposes private correspondence but also facilitates phishing, spam campaigns, and cyber-espionage.

Experts caution that widespread use of this method could result in increased phishing attacks, credential theft, and malware distribution. "Organizations and individuals must prioritize strengthening email security protocols, implementing strong authentication, and closely monitoring for unusual server activity," they advise.

Mitigating these risks requires consistent updates to security patches, enforcing multi-factor authentication, and using email encryption. The emergence of this dark web listing highlights the ongoing threats cybercriminals pose to critical communication systems.

As attackers continue to innovate, the cybersecurity community emphasizes vigilance and proactive defense strategies to safeguard sensitive information. This development underscores the urgent need for robust email security measures in the face of evolving cyber threats.
Read more »
Threat Intelligence
Cyber Security FBI Security flaw Tech Firms Threat Intelligence

Hackers Are Sending Fake Police Data Requests To Tech Giants To Steal People's Private Data

 

The FBI has issued a warning that hackers are collecting sensitive user information, such as emails and contact details, from US-based tech firms by hacking government and police email addresses in order to file "emergency" data requests. 

The FBI's public notice filed last week is an unusual admission by the federal government regarding the threat posed by phoney emergency data requests, a legal process designed to assist police and federal authorities in obtaining information from firms in order to respond to immediate threats to people's safety or properties.

The misuse of emergency data requests is not new, and it has drawn significant attention in recent years. The FBI now warns that it noticed an "uptick" in criminal posts online advertising access to or carrying out false emergency data requests around August and is going public to raise awareness.

“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” reads the FBI’s advisory. 

Police and law enforcement in the United States often require some form of legal basis to seek and acquire access to private data stored on company laptops. Typically, police must provide sufficient proof of a potential crime before a U.S. court will grant a search warrant authorising them to collect that information from a private corporation. 

Police can issue subpoenas, which do not require a court appearance, requesting that businesses access restricted amounts of information about a user, such as their username, account logins, email addresses, phone numbers, and, in some cases, approximate location. 

There are also emergency requests, which allow police enforcement to gather a person's information from a firm in the event of an immediate threat and there is insufficient time to secure a court order. Federal authorities claim that some cybercriminals abuse these emergency requests.

The FBI stated in its advisory that it had spotted many public posts from known hackers in 2023 and 2024 claiming access to email accounts used by US law enforcement and several foreign governments. According to the FBI, this access was later used to issue fake subpoenas and other legal demands to corporations in the United States in search of private user data kept on their systems. 

The cybercriminals were able to pass for law enforcement by sending emails to businesses asking for user data using hacked police accounts. False threats, such as allegations of human trafficking and, in one instance, the warning that a person would "suffer greatly or die" until the company in issue returned the requested information, were mentioned in some of the requests.

The FBI claimed that because the hackers had gained access to law enforcement accounts, they were able to create subpoenas that appeared authentic and forced companies to divulge user data, including phone numbers, emails, and usernames. However, the FBI noted that not all fraudulent attempts to submit emergency data demands were successful.
Read more »
social media platforms
Critical Infrastructure Cyber Security Data server Decentralised Platform Decentralization Digital Ocean Personal Data social media platforms

Bluesky’s Growth Spurs Scaling Challenges Amid Decentralization Goals

 

The new social media platform, Bluesky, received a huge number of new users over the past few weeks. This mass influx represents an alternative social networking experience, which is in demand. However, it also introduced notable technical challenges to the growth of the platforms, testing the current infrastructure and the vision for decentralization. Bluesky recently hit the servers hard, making most parts of the platform slow or unavailable. Users were affected by slow notifications, delayed updates in the timeline, and "Invalid Handle" errors. The platform was put into read-only mode as its stabilization was left to the technical team to take care of. This was worse when connectivity went down because of a severed fiber cable from one of the main bandwidth providers. 

Although it restored connectivity after an hour, the platform continued to experience increased traffic and record-breaking signups. Over 1.2 million new users had registered within the first day-an indication that the program held a great deal of promise and needed better infrastructure. Issues at Bluesky are reflected from the early times of Twitter, when server overloads were categorized by the "fabled Fail Whale." In a playful nod to history, users on Bluesky revived the Fail Whale images, taking the humor out of frustration. These instances of levity, again, prove the resilience of the community but indicate and highlight the urgency needed for adequate technical solutions. D ecentralized design is at the heart of Bluesky's identity, cutting reliance on a single server. In theory, users should be hosting their data on Personal Data Servers (PDS), thereby distributing the load across networks of independent, self-sufficient servers. That in its way is in line with creating a resilient and user-owned type of space. 

As things stand today, though, most of the users remain connected to the primary infrastructure, causing bottlenecks as the user base expands. The fully decentralized approach would be rather difficult to implement. Yes, building a PDS is relatively simple using current tools from providers like DigitalOcean; however, replicating the whole Bluesky infrastructure will be much more complex. The relay component alone needs nearly 5TB of storage, in addition to good computing power and bandwidth. Such demands make decentralization inaccessible to smaller organizations and individuals. To address these challenges, Bluesky may require resources from hyperscale cloud providers like AWS or Google Cloud. Such companies might host PDS instances along with support infrastructure. This will make it easy to scale Bluesky. It will also eliminate the current single points of failures in place and make sure that the growth of the platform is ensured. 

The path that Bluesky takes appears to represent two challenges: meeting short-term demand and building a decentralized future. With the right investment and infrastructure, the platform may well redefine the social media scenario it so plans, with a scalable and resilient network faithful to its vision of user ownership.
Read more »
Technology
Atlas Biomed customer complaints Cyber Security data security disappearing reports DNA testing GDPR protection Genetic Data Russia links Sensitive Information Technology

DNA Testing Firm Atlas Biomed Vanishes, Leaving Customers in the Dark About Sensitive Data

A prominent DNA-testing company, Atlas Biomed, appears to have ceased operations without informing customers about the fate of their sensitive genetic data. The London-based firm previously offered insights into genetic profiles and predispositions to illnesses, but users can no longer access their online reports. Efforts by the BBC to contact the company have gone unanswered.

Customers describe the situation as "very alarming," with one stating they are worried about the handling of their "most personal information." The Information Commissioner’s Office (ICO) confirmed it is investigating a complaint about the company. “People have the right to expect that organisations will handle their personal information securely and responsibly,” the ICO said.

Several customers shared troubling experiences. Lisa Topping, from Essex, paid £100 for her genetic report, which she accessed periodically online—until the site vanished. “I don’t know how comfortable I feel that they have just disappeared,” she said.

Another customer, Kate Lake from Kent, paid £139 in 2023 for a report that was never delivered. Despite being promised a refund, the company went silent. “What happens now to that information they have got? I would like to hear some answers,” she said.

Attempts to reach Atlas Biomed have been fruitless. Phone lines are inactive, its London office is vacant, and social media accounts have been dormant since mid-2023.

The firm is still registered as active with Companies House but has not filed accounts since December 2022. Four officers have resigned, and two current officers share a Moscow address with a Russian billionaire who is a former director. Cybersecurity expert Prof. Alan Woodward called the Russian links “odd,” stating, “If people knew the provenance of this company and how it operates, they might not trust them with their DNA.”

Experts highlight the risks associated with DNA testing. Prof. Carissa Veliz, author of Privacy is Power, warned, “DNA is uniquely yours; you can’t change it. When you give your data to a company, you are completely at their mercy.”

Although no evidence of misuse has been found, concerns remain over what has become of the company’s DNA database. Prof. Veliz emphasized, “We shouldn’t have to wait until something happens.”
Read more »
Ransomwares
Akira Ransomware Cyber Security Cyber Threats LockBit Malware Attack malware prevention Malwares RansomHub Ransomwares

2024’s Most Dangerous Malware: A Wake-Up Call for Cybersecurity

 

OpenText, a leader in cybersecurity insights, has released its eagerly awaited “Nastiest Malware of 2024” list, highlighting some of the most destructive and adaptive cyber threats of the year. The list illustrates how ransomware and other malicious software continue to evolve, particularly regarding their impact on critical infrastructure. As cybercriminals refine their tactics, the need to strengthen cybersecurity measures has become increasingly urgent. Organizations around the globe are projected to boost their cybersecurity spending by 14.3% in 2024, raising total investments to over $215 billion, which reflects the magnitude of the challenges posed by these threats. 

LockBit claimed the title of the most dangerous malware of the year. This ransomware-as-a-service (RaaS) entity has demonstrated its ability to evade law enforcement efforts, including those from the FBI. Its ongoing attacks on critical infrastructure showcase its resilience and technical prowess. According to the FBI, LockBit was responsible for 175 reported attacks on essential systems in 2023 alone. The group’s bold ambition to target one million businesses emphasizes its threat level and solidifies its position in the ransomware landscape. 

Akira, a relatively new player, has rapidly gained infamy for its aggressive tactics. This ransomware has been particularly active in industries such as healthcare, manufacturing, and finance, using advanced encryption methods to cause significant disruption. Its retro-inspired branding contrasts sharply with its destructive potential, making it a popular choice among cybercriminal affiliates. 

Meanwhile, RansomHub, which may have connections to the infamous Black Cat (ALPHV) group, has made headlines with its high-profile attacks, including a daring strike on Planned Parenthood that compromised sensitive patient data. 

Other significant threats include Dark Angels, recognized for its precision-targeted attacks on Fortune 50 companies, and Play Ransomware, which takes advantage of vulnerabilities in FortiOS systems and RDP servers. Redline Stealer, while not technically ransomware, this type of threat significantly endangers organizations by focusing on stealing credentials and sensitive information. Each of these threats illustrates how cybercriminals are continually pushing the limits, employing advanced tactics to stay ahead of defenses. 

Muhi Majzoub, OpenText’s EVP and Chief Product Officer, notes that the increase in ransomware targeting critical infrastructure highlights the growing risks to national security and public safety. At the same time, the heightened emphasis on cybersecurity investments is a positive indication that organizations are recognizing these threats. However, the ability of ransomware groups to adapt remains a significant worry, as these criminals continue to leverage new technologies, including artificial intelligence, to create more sophisticated attacks. 

The findings from this year reveal a harsh truth: while progress in cybersecurity is being made, the rapid pace of innovation in malware development poses an ongoing challenge. As companies enhance their vigilance and dedicate more resources to protect vital systems, the battle against cyber threats is far from finished. The changing nature of these attacks requires ongoing adaptation, collaboration, and investment to protect the essential services that support modern society.
Read more »
CyberThreat
Black Friday Consumer Protection Cyber Security CyberCrime Cyberhackers CyberThreat

Consumer Protection in Focus Amid Black Friday in South Africa

 


November 29 is the date when Black Friday offers will be available, marking the beginning of the Christmas shopping season for many consumers. There is a lot of speculation that scammers will increase their game in the coming days, which gives it even more reason to be aware of the signs of threatening phoney texts. As the critical Black Friday and festive season periods approach, the retail industry in South Africa is showing signs of resilience, according to the latest State of the Retail Nation report produced by NIQ South Africa. 

The report examines the industry's expectations over the upcoming period. A recent warning from Standard Bank alerted South Africans to the fact that scams are on the rise as Black Friday approaches, with criminals increasingly using persuasive tactics to attract people's attention.  Even though there have been no studies on how Black Friday will affect the local economy, it appears to have the potential to generate R88 billion of economic activity in South Africa in 2024.  

Based on Capital Connect's findings, South Africa's wholesale, retail, and fuel sectors will contribute a total of R88 billion in additional economic value to the economy in November 2024. The Bureau of Market Research has conducted a study that shows that the Black Friday sales in South Africa will spur R22 billion in increased direct sales this year, with a further R28 billion in indirect economic impact on the country. 

There is expected to be an additional economic value of over R88 billion for the South African economy due to the growing interest of customers in Black Friday sales taking place in November 2024 in this country's wholesale, retail, and fuel sectors. Based on the results of a research report published by the Bureau of Market Research on behalf of fintech Capital Connect. 

During the holiday shopping season this year, retailers in South Africa will likely produce R22 billion in additional direct revenue as a result of Black Friday, and R28 billion in indirect economic impacts as a result of it. Further, the wholesale industry is expected to gain additional sales of R32.1 billion, while fuel sales are expected to increase by R6.2 billion as well.  

As a result of the study, consumers seem to be more interested in Black Friday in 2024 than in the previous three years (2021-2023). The result of this is expected to push retail sales in November 2024 to a value of approximately R136 billion, up 17.3% when calculated in nominal terms from the R116.1 billion of retail sales recorded in November 2023. 

After a long period of economic stagnation and retail stagnation, the positive outlook for Black Friday 2024 suggests that the tide is turning for South African retailers after a long period of economic stagnation and retail stagnation," said Steven Heilbron, CEO of Capital Connect, which is part of Lesaka Technologies, a Nasdaq- and JSE-listed company.  Several factors have contributed to a better economic outlook, including a marked reduction in load-shedding, the introduction of the Two-Pot Retirement System, a reduction in interest rates, and a decrease in inflation. 

There is a rising trend in consumer confidence that will give an advantage to innovative retailers with the right product mix and promotions."  In this year's challenging retail climate, Black Friday sales will provide a welcome boost to retailers who have struggled to operate. The formal retail sector, on the other hand, is predicted to show real growth of only 1.4% in 2024 with an increase of just 0.6%. In a study conducted by Standard Bank, it was revealed that scams are widespread in Gauteng, where 38% of cases were reported. KwaZulu-Natal had 18%, while the Western Cape had 15%.  

In his statement, Rathogwa noted that the bank has begun noticing some concerning trends around Black Friday, including an increase in the amount of social media fraud, which has been particularly persuasive.  It is still a significant threat that deceptive emails are sent by fraudsters purporting to be emails from legitimate companies, such as retailers, streaming services, and banks, to mislead users.  Several emails contain links to fake websites that are designed to collect sensitive information, such as login details and passwords.  

The scammers also make use of luring strategies to entice the recipient into clicking on links that they believe are malicious, as well as offering rewards to the first few buyers. As well as this particular tactic, more and more fraudsters are also using social media accounts to promote offers that are heavily discounted, and sometimes even free. This type of scam is increasingly common.  A scam artist creates a page on Facebook, builds a fan base, and posts false reviews trying to entice the public to buy.

Upon engaging an interested buyer, the conversation switches to WhatsApp to discuss details about the buyer's bank account, courier service, and so on.  Upon making the payment and providing proof to the police, the victim's social media pages and phone numbers will have disappeared from the Internet. Whenever a deal seems too good to be true, it most likely is. Be careful if someone puts a lot of pressure on users to make a quick payment to secure a deal. Rathogwa also warned customers to watch out for fake websites that often look exactly like legitimate retailers" he added.  

To protect against Black Friday scams, experts advise consumers to take several precautions while shopping online or in-store. Shoppers should confirm the authenticity of a purchase before proceeding by buying only from trusted and verified sources. Carefully reviewing transaction details and ensuring that any One-Time Pin (OTP) generated corresponds to the specific transaction is critical. Verifying beneficiary account details before making electronic transfers is also recommended, with tools such as Standard Bank’s Account Verification Service offering an added layer of security. 

It is equally important for individuals to manage the security of their devices. Any unused, sold, lost, or stolen devices should be delinked from online banking profiles immediately, and banks should be notified without delay if a device is misplaced. Furthermore, shoppers are encouraged to report any suspicious activity to their financial institutions. 

Rathogwa emphasizes the importance of scrutinizing web addresses for typos or subtle alterations, as scammers frequently create fraudulent websites that mimic legitimate retailers. Such vigilance can help safeguard personal and financial information during the shopping season.
Read more »
sensitive information privacy
Atlas Biomed controversy Cyber Security DNA testing services genetic reports missing personal data security sensitive information privacy

DNA Testing Firm Atlas Biomed Vanishes: Concerns Over Sensitive Data

 

DNA-testing company Atlas Biomed appears to have halted operations without notifying customers about the fate of their sensitive genetic data. Based in London, the firm provided insights into users' genetic profiles and potential health risks. Customers report being unable to access their reports online, and the company has not responded to inquiries from the BBC.

Disgruntled clients describe the situation as "very alarming," expressing fears about the handling of their "most personal information." The Information Commissioner’s Office (ICO) confirmed receiving a complaint about the company. A spokesperson stated: "People have the right to expect that organisations will handle their personal information securely and responsibly." Experts warn that users of DNA-testing services are often "completely at the mercy" of companies when it comes to safeguarding sensitive data.

Lisa Topping from Essex, who paid £100 for a genetic report, described her frustration after the company’s website vanished. "I don’t know what someone else could do with [the data], but it’s the most personal information… I don’t know how comfortable I feel that they have just disappeared," she said.

Another customer, Kate Lake from Kent, paid £139 in 2023 but never received her report. Despite promises of a refund, the company went silent. "It’s like no-one was at home," she explained, demanding answers about the fate of her data.

Attempts by the BBC to contact the firm have been unsuccessful. Phone numbers are inactive, the London office appears abandoned, and social media accounts have been dormant since mid-2023. Online comments reveal widespread customer complaints.

Atlas Biomed remains registered with Companies House but has not filed accounts since December 2022. Notably, two active officers are listed at a Moscow address linked to a Russian billionaire, who has since resigned from the company.

Cybersecurity expert Prof. Alan Woodward remarked on the "odd" connections: "If people knew the provenance of this company and how it operates, they might not be quite so ready to trust them with their DNA."

While no misuse of customer data has been confirmed, the lack of transparency raises concerns. Prof. Carissa Veliz, author of Privacy is Power, emphasized the unique sensitivity of DNA: "It is uniquely yours, you can’t change it, and it reveals your – and your family’s – biological strengths and weaknesses."

She added, "When you give your data to a company, you are completely at their mercy. We shouldn’t have to wait until something happens."

Atlas Biomed’s silence leaves its customers uncertain and alarmed about the safety of their most personal information.

Read more »
Risk Management
AI Attacks AI Policy AI Risks Company Security Cyber Safety Cyber Security Cybersecurity Crisis Risk Management

Addressing AI Risks: Best Practices for Proactive Crisis Management

 

An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers tremendous benefits, it also carries significant risks, especially in cybersecurity, which many organizations are not yet prepared to address. The survey conducted by Riskonnect shows that nearly 80% of companies lack specific plans to mitigate AI risks, despite a high awareness of threats like fraud and data misuse. 

Out of 218 surveyed compliance professionals, 24% identified AI-driven cybersecurity threats—like ransomware, phishing, and deepfakes — as significant risks. An alarming 72% of respondents noted that cybersecurity threats now severely impact their companies, up from 47% the previous year. Despite this, 65% of organizations have no guidelines on AI use for third-party partners, often an entry point for hackers, which increases vulnerability to data breaches. Riskonnect’s report highlights growing concerns about AI ethics, privacy, and security. Hackers are exploiting AI’s rapid evolution, posing ever-greater challenges to companies that are unprepared. 

Although awareness has improved, many companies still lag in adapting their risk management strategies, leaving critical gaps that could lead to unmitigated crises. Internal risks can also impact companies, especially when they use generative AI for content creation. Anthony Miyazaki, a marketing professor, emphasizes that while AI-generated content can be useful, it needs oversight to prevent unintended consequences. For example, companies relying on AI alone for SEO-based content could risk penalties if search engines detect attempts to manipulate rankings. 

Recognizing these risks, some companies are implementing strict internal standards. Dell Technologies, for instance, has established AI governance principles prioritizing transparency and accountability. Dell’s governance model includes appointing a chief AI officer and creating an AI review board that evaluates projects for compliance with its principles. This approach is intended to minimize risk while maximizing the benefits of AI. Empathy First Media, a digital marketing agency, has also taken precautions. It prohibits the use of sensitive client data in generative AI tools and requires all AI-generated content to be reviewed by human editors. Such measures help ensure accuracy and alignment with client expectations, building trust and credibility. 

As AI’s influence grows, companies can no longer afford to overlook the risks associated with its adoption. Riskonnect’s report underscores an urgent need for corporate policies that address AI security, privacy, and ethical considerations. In today’s rapidly changing technological landscape, robust preparations are necessary for protecting companies and stakeholders. Developing proactive, comprehensive AI safeguards is not just a best practice but a critical step in avoiding crises that could damage reputations and financial stability.
Read more »
SafePay ransomware
advanced ransomware techniques Cyber Security Cyber Threats Data Encryption LockBit source code ransomware strain ransomware tactics SafePay ransomware

SafePay Ransomware: A New Threat with Advanced Techniques

 

In October 2024, cybersecurity experts at Huntress identified a previously undocumented ransomware strain named SafePay. This malware was deployed in two separate incidents and stands out for its distinctive features, including the use of .safepay as an encrypted file extension and a ransom note titled readme_safepay.txt. Despite its limited exposure, SafePay’s techniques signal a skilled operator leveraging advanced ransomware methods.

SafePay is linked to older ransomware families like LockBit, with Huntress analysts stating: “During our analysis of the ransomware binary, we began to notice a large number of similarities to the extensively analyzed LockBit samples from the end of 2022.” These parallels suggest that SafePay’s developers may have utilized leaked LockBit source code to create their malware, showcasing a blend of stealth and sophistication.

SafePay follows a systematic two-phase attack process:

  • Data Collection and Exfiltration: In one observed incident, attackers used WinRAR to archive data across multiple systems and exfiltrated it via FileZilla. Analysts remarked, “This activity looks like potential data exfiltration from the network—collected and archived with WinRAR and then possibly exfiltrated out using FTP.” Tools were uninstalled post-use to erase traces.
  • Encryption Deployment: Using Remote Desktop Protocol (RDP) access, attackers deployed ransomware scripts via PowerShell, targeting network shares. Commands such as disabling shadow copies and modifying boot configurations were executed to impede recovery. The ransom note ominously begins with: “Greetings! Your corporate network was attacked by SafePay team,” and outlines negotiation steps for data recovery.
The SafePay group operates on both the Tor network and the decentralized The Open Network (TON). Their leak site showcases victim organizations and stolen data directories. Huntress analysts discovered vulnerabilities in the site’s backend, exposing an Apache server status endpoint, offering insights into the group’s operations.

Although relatively new, SafePay’s connection to LockBit and its sophisticated techniques present significant risks across industries. As Huntress analysts concluded: “The threat actor was able to use valid credentials to access customer endpoints and was not observed enabling RDP, creating new user accounts, or establishing persistence.”

Read more »
TSA
China CISA Cyber Security transport TSA

New TSA Rules to Boost Cybersecurity in Transport






The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements for certain segments last year after a ransomware attack hit Colonial Pipeline, causing fuel shortages along the U.S. East Coast.


Locked In Securely

Since the Colonial Pipeline incident, the Transportation Security Administration has issued a number of temporary rules regarding cybersecurity risks in critical infrastructure. The new proposed rule would bring these temporary rules into permanence and codify a consistent approach throughout transportation on cybersecurity matters. As Administrator Pekoske pointed out, "TSA has been working extremely closely with industry partners to assist in enhancing the cybersecurity resilience of our nation's critical infrastructure."


Key Components of the Proposed Rule

This new law applies to a large scope of pipeline and railroad operators and places restrictions only on some bus companies. Its main emphasis is put on the implementation of cyber risk management plans that shall encompass:

  • Annual Cybersecurity Reviews: These reviews will require assessments and improvements in cyber defences.
  • Vulnerability Assessments: Conduct vulnerability assessments of security weaknesses that have not been remediated. Such assessments shall be conducted either by the covered entity's own personnel or a third party, but such personnel shall have no conflict of interest with respect to the covered entity.
  • Operational Cybersecurity Plans: They would describe the functions of personnel in a cybersecurity company, what is in place to protect critical systems, and procedures in identifying a threat to and responding to it.

Under these proposed regulations, operators would have to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) to receive faster response to and support of a threat.


Impact and Cost

The TSA estimated that the rulemaking would affect about 300 transportation operators-from pipelines, freight railroads, to public transportation agencies. These include 73 freight railroads, 34 public transportation systems, 71 over-the-road bus companies, and 115 pipeline facilities. Compliance and TSA oversight are estimated to cost the industry $2.1 billion over the next ten years.

The TSA attributed the regulations to the emerging threats of cyber attacks posed by nation-state actors and cybercriminals, who often target U.S. infrastructure in efforts to disrupt it and further inflict economic damage. Countries, according to the TSA, "such as Russia and China" were cited as frequent sources of cyberattacks on American critical infrastructure.

The agency's proposal underlines the need for uniform cybersecurity measures to be taken as soon as possible as cyber threats are becoming more advanced: they are now set to use artificial intelligence to deliver faster, undetectable attacks.


Industry Reaction and Flexibility

The proposal takes place on the grounds that the earlier directions were considered too elaborative by the transporters who had imparted them. The TSA will be more agile and results-driven now, allowing the companies to engage themselves in security solutions pertaining to the specific needs of each one.

The proposed rule will be open to comments from the industry until February 5 while reviewing all the responses the TSA will have before finalising the rule. The agency looks forward to providing enhanced cybersecurity and resilience within U.S. surface transportation systems by defeating the increasing cyber threats.


Read more »
Password Security
Acunetix vulnerability administrative privileges Cyber Security device takeover risk IoT device vulnerability Network Security Password Security

Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access

 

A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network device settings for products like printers and scanners.

Web Config, a tool for configuring SEIKO EPSON devices via web browsers, lacks an administrative password on affected models when first connected to a network without prior configuration. This absence of a password allows any network user to establish a new password, gaining full access to the device.

The vulnerability report notes, “If the administrator password on the affected device is left blank, anyone accessing it through Web Config can set a new password.” An attacker with administrative rights could manipulate device settings, interrupt operations, or use the device to infiltrate broader network systems.

Currently, there is no available patch to fix this vulnerability. SEIKO EPSON urges users to set an administrative password immediately upon installation and network connection. The company’s Security Guidebook stresses this step in section 3, advising users to configure Web Config settings and secure the device with a strong password to block unauthorized access and mitigate the risk of this exploit.

SEIKO EPSON also advises caution with all networked devices. Unsecured IoT devices are frequently targeted by cybercriminals, and the CVE-2024-47295 vulnerability has received a CVSS score of 8.1, highlighting its high-risk level. Best practices to reduce risk include:

  • Using Strong, Unique Passwords: Set complex passwords during initial setup and avoid defaults.
  • Restricting Network Access: Limit access to trusted users and networks only.
  • Monitoring Device and Network Activity: Regularly review configurations and monitor network traffic for unusual activity.
With these steps, users can enhance device security and safeguard against potential threats.
Read more »
Supreme Court
Cyber Security Data Disclosure Attack data security Facebook Legal Action Against Meta Meta Meta Platforms Supreme Court

Supreme Court Weighs Shareholder Lawsuit Against Meta Over Data Disclosure

 

The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank, centers around the Cambridge Analytica scandal, where a British firm accessed data on millions of users to influence U.S. elections. While Meta had warned of potential misuse of data in its annual filings, it did not disclose that a significant breach had already occurred, potentially impacting investors’ trust. During oral arguments, liberal justices voiced concerns over the omission. 

Justice Elena Kagan likened the situation to a company that warns about fire risks but withholds that a recent fire already caused severe damage. Such a lack of disclosure, she argued, could be misleading to “reasonable investors.” The plaintiffs’ attorney, Kevin Russell, echoed this sentiment, asserting that Facebook’s omission misrepresented the severity of risks investors faced. On the other hand, conservative justices expressed concerns about expanding disclosure requirements. Chief Justice John Roberts questioned whether mandating disclosures of all past events might lead to over-disclosure, which could overwhelm investors with excessive details. Justice Brett Kavanaugh suggested the SEC, rather than the courts, might be better positioned to clarify standards for corporate disclosures. 

The Biden administration supports the plaintiffs, with Assistant Solicitor General Kevin Barber describing the case as an example of a misleading “half-truth.” Meta’s attorney, Kannon Shanmugam, argued that such broad requirements could dissuade companies from sharing forward-looking risk factors, fearing potential lawsuits for any past incident. Previously, the Ninth Circuit found Meta’s general warnings about potential risks misleading, given the company’s awareness of the Cambridge Analytica breach. The Court held that such omissions could harm investors by implying that no significant misuse had occurred. 

If the Supreme Court sides with the plaintiffs, companies could face new expectations to disclose known incidents, particularly those affecting data security or reputational risk. Such a ruling could reshape corporate disclosure practices, particularly for tech firms managing sensitive data. Alternatively, a ruling in favor of Meta may uphold the existing regulatory framework, granting companies more discretion in defining disclosure content. This decision will likely set a significant precedent for how companies balance transparency with investors and risk management.
Read more »
protection protect personal data
advice online privacy Cyber Security cybersecurity best practices cybersecurity tips phishing prevention NSA protection protect personal data

NSA’s Common-Sense Phishing and Cybersecurity Tips to Protect Your Personal Data Online

 

Websites frequently conceal the extent to which they share our personal data, employing tactics to obscure their practices and prevent consumers from making fully informed decisions about their privacy. This lack of transparency has prompted governmental responses, such as the European Union's GDPR and California's CCPA, which require websites to seek permission before tracking user activity.

Despite these regulations, many users remain unaware of how their data is shared and manipulated. A recent study delves into the strategies employed by websites to hide the extent of data sharing and the reasons behind such obfuscation.

The research, focusing on online privacy regulations in Canada, reveals that websites often employ deception to mislead users and increase the difficulty of monitoring their activities. Notably, websites dealing with sensitive information, like medical or banking sites, tend to be more transparent about data sharing due to market constraints and heightened privacy sensitivity.

During the COVID-19 pandemic, as online activity surged, instances of privacy abuses also increased. The study shows that popular websites are more likely to obscure their data-sharing practices, potentially to maximize profits by exploiting uninformed consumers.

Third-party data collection by websites is pervasive, with numerous tracking mechanisms used for advertising and other purposes. This extensive surveillance raises concerns about privacy infringement and the commodification of personal data. Dark patterns and lack of transparency further exacerbate the issue, making it difficult for users to understand and control how their information is shared.

Efforts to protect consumer privacy, such as GDPR and CCPA, have limitations, as websites continue to manipulate and profit from user data despite opt-in and opt-out regulations. Consumer responses, including the use of VPNs and behavioral obfuscation, offer some protection, but the underlying information asymmetry remains a significant challenge.
Read more »
Subscribe to: Posts (Atom)