Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Breach.. Show all posts

Nym's Decentralized VPN: A Game-Changer for Online Privacy


Nym, a privacy technology company, is getting ready to introduce a decentralized VPN (Virtual Private Network) that aims to completely change how we safeguard our online data and preserve our privacy in a quickly changing digital environment where online privacy is getting harder to define. An industry game-changer in the field of online security, this breakthrough is scheduled to launch in early 2024.

Nym's ambitious project has garnered significant attention from the tech and cryptocurrency community. With concerns about surveillance, data breaches, and cyberattacks on the rise, the need for robust online privacy solutions is more critical than ever. Traditional VPNs have long been a popular choice for protecting one's online identity and data. However, Nym's decentralized VPN takes privacy to the next level.

One of the key features of Nym's VPN is its decentralized nature. Unlike traditional VPNs that rely on centralized servers, Nym's VPN leverages a decentralized network, making it far more resistant to censorship and government intervention. This feature is particularly important in regions where internet freedom is limited.

Furthermore, Nym's VPN is powered by a privacy-centric cryptocurrency called NYM tokens. Users can stake these tokens to access the VPN service or earn rewards for supporting the network. This innovative approach not only incentivizes network participation but also ensures a high level of privacy and security.

The decentralized VPN is designed to protect users from surveillance and data harvesting by hiding their IP addresses and routing their internet traffic through a network of anonymous servers. This means that users can browse the web, communicate, and access online services without revealing their true identity or location.

In addition to its privacy features, Nym's VPN is being developed with a strong focus on speed and usability. This means that users can enjoy the benefits of online privacy without sacrificing their internet connection's speed and performance.

Since Nym is a big step toward a more secure and private internet, the IT industry is excited about its impending introduction. Users seeking to protect their online activity will have access to a cutting-edge, decentralized solution as 2024 draws near.

Nym's decentralized VPN stands out as a ray of light in a world where threats to internet privacy are omnipresent. Its distinctive approach to privacy, robust security features, and intuitive design have the power to revolutionize the way we safeguard our personal information and identities online. When Nym launches in early 2024, it will surely be a turning point in the continuous struggle to protect internet privacy in a connected society.

Over $30 Billion Stolen from Crypto Sector, Reveals SlowMist's

A recent report by cybersecurity firm SlowMist has uncovered a shocking revelation regarding the vulnerability of the crypto sector. According to the report, blockchain hacks have resulted in the theft of over $30 billion from the cryptocurrency industry since 2012. This alarming figure highlights the pressing need for enhanced security measures within the blockchain ecosystem.

The report from SlowMist, a renowned cybersecurity company specializing in blockchain technology, brings to light the magnitude of the problem facing the crypto sector. The findings emphasize the urgent requirement for robust security protocols to safeguard digital assets and protect investors.

The report reveals that hackers have been successful in exploiting vulnerabilities across various blockchain networks, resulting in significant financial losses. SlowMist's research indicates that these attacks have been carried out through a range of methods, including exchange hacks, smart contract vulnerabilities, and fraudulent schemes.

One of the primary areas of concern is the vulnerability of cryptocurrency exchanges. These platforms serve as a vital link between users and their digital assets, making them lucrative targets for hackers. SlowMist's report highlights the need for exchanges to prioritize security measures and implement robust systems to safeguard user funds.

The rise in smart contract-based attacks has also been a cause for concern. Smart contracts, which automate and facilitate transactions on blockchain platforms, have been exploited by hackers who identify vulnerabilities within the code. This highlights the need for thorough security audits and ongoing monitoring of smart contracts to prevent potential breaches.

Industry experts emphasize the significance of preemptive actions to thwart these threats in response to the report's conclusions. Renowned blockchain security expert Jack Smith emphasizes the value of ongoing surveillance and quick response mechanisms. According to him, "It is crucial for crypto companies to prioritize security and adopt a proactive approach to identify and mitigate vulnerabilities before hackers exploit them."

The report also highlights the demand for a greater user understanding of cryptocurrencies. If consumers don't employ prudence when transacting with and holding their digital assets, even the most comprehensive security measures won't be enough. By educating people about best practices, like as using hardware wallets and turning on two-factor authentication, the danger of being a victim of hacking efforts can be greatly decreased.

The cryptocurrency industry has grown rapidly in recent years, drawing both investors and bad actors looking to take advantage of its weaknesses. The SlowMist report is a wake-up call, highlighting the critical need for better security procedures to protect the billions of dollars invested in the sector.

The adoption of more robust security measures must continue to be a primary focus as the blockchain sector develops. The report's conclusions underscore that everyone is accountable for building a secure ecosystem that promotes trust and protects against possible dangers, including blockchain developers, cryptocurrency exchanges, and individual users.



Enterprise Targeted by Akira Ransomware's Extortion Techniques

A new ransomware operation called Akira has been found targeting enterprise organizations. According to reports, Akira ransomware is a relatively new strain that is used in targeted attacks and is designed to infiltrate enterprise networks.

The ransomware is primarily distributed through phishing emails that contain a malicious attachment or a link that, when clicked, will download the malware onto the victim’s computer. Once inside the network, the ransomware is capable of moving laterally and infecting other machines, encrypting all the files it can access.

The attackers behind Akira ransomware are known for using double extortion tactics. After encrypting the victim’s files, they threaten to publish the stolen data on the dark web if the ransom is not paid. This tactic adds another layer of pressure to the already stressed-out victims.

Akira ransomware has already caused significant damage, targeting various companies across the world, including a Taiwanese mobile phone manufacturer, a Canadian software development company, and an American e-commerce firm.

Experts warn that this ransomware is particularly dangerous for companies that have weak cybersecurity protocols and are not regularly updating their software. The attackers behind Akira ransomware are always looking for vulnerabilities to exploit, and companies with outdated software are easy targets.

To prevent becoming a victim of Akira ransomware, companies are advised to update their software regularly, use strong passwords, implement multi-factor authentication, and train employees on how to identify and avoid phishing emails.

The rise of Akira ransomware is yet another reminder of the importance of cybersecurity. With cyber threats becoming increasingly sophisticated, it is essential for organizations to take the necessary precautions to protect their valuable data and networks from cybercriminals.


Leaked Emails Shows ULA Conspire against Elon Musk and SpaceX

 

According to an apparent email leak, the United Launch Alliance, a major SpaceX competitor, was planning to promote conspiracy stories concerning SpaceX CEO Elon Musk. The emails originally appeared on Backchannel and highlighted a communication among ULA VP Robbie Sebethier and Hasan Soloman, a senior lobbyist with the International Association of Machinists and Aerospace Workers, who is the other party in the communication. 

They purport to disparage NASA's leadership as "incompetent and unpredictable," and they even theorize on a conspiracy theory involving Elon Musk and former US President Donald Trump. 

Elon Reeve Musk FRS is a businessman and entrepreneur and is one of the richest persons on the planet. He is the founder, CEO, and Chief Engineer of SpaceX, as well as an early-stage investor, CEO, and Product Architect of Tesla, Inc., the founder of The Boring Company, and the co-founder of Neuralink and OpenAI. 

Whereas, Space Exploration Technologies Corp. is a Hawthorne, California-based aerospace manufacturer, space transportation services provider, and communications corporation. SpaceX, in addition to working for NASA, also launches satellites for the military, private enterprises, and other countries. 

The email discussion addresses a conspiracy theory wherein Musk is said to be collaborating with Donald Trump to assist the Chinese Communist Party. Musk was also openly tolerant and obedient to Chinese officials at Tesla, according to the leaked email. 

“Large NASA taxpayer investments are being thrown away due to the cozy relationship established by Trump political hacks throughout NASA. The US Government’s deep space exploration program is at risk: This large program which is the baseline for deep space exploration is being threatened due to political favors being offered to Elon Musk,” Sabathier wrote on April 23. 

The timeframe suggests an irate ULA in the wake of NASA's decision to sole-source contract SpaceX for the Human Landing Systems. This is indeed a recurring pattern, as SpaceX continues to secure huge government contracts while ULA struggles to stay competitive. 

SpaceX has not commented on the leak, and on the other hand, a spokeswoman for United Airlines has likewise declined to comment. However, according to Ars Technica, the emails seem to be authentic.

Twitter Data Breach: Apology Sent to Potentially Affected Business Clients


The cyberspace has reportedly witnessed a fivefold increase in malicious attacks since the spread of the Coronavirus pandemic, it's primarily because people have been sidetracked due to systematic threat posed by the coronavirus that cybercriminals are not missing any chance of capitalizing on the adversity. Another reason guiding the crisis is based on the fact that IT has become the backbone of organizations as more and more employees turn to work remotely. In light of that, Twitter has become the latest victim of the crisis as the officials apologize for a business data breach.

Attackers have yet again gained access to personal details of Twitter users following a data breach that led the social media owners to seek an apology from its business clients and other users as well. The allegedly compromised data includes highly sensitive information related to the company's business clients' i.e., their phone numbers, email addresses, and last 4 digits of credit card numbers.

While confirming the data breach to TechCrunch, one of the Twitter's spokesperson told that when the billing information on ads.twitter.com or analytics.twitter.com was being viewed, some of the details were getting stored in the browser's cache.

Twitter warned the users of the serious data breach itself by sending emails to its business clients, acknowledging and appreciating the trust their users' place in them, meanwhile delivering a sincere apology for the security incident that might have led to a possible data breach.

"We're very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day." The email read.

"We are writing to let you know of a data security incident that may have involved your personal information on ads.twiiter and analytics. Twitter," Twitter said in a message to its potentially affected customers.

"We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser's cache."

The issue was taken care of as soon as it came to the notice of the company, while Twitter also ensured that clients' who were
likely to be impacted by the security breach are made fully aware and provided with all the necessary information on how to keep themselves secure.

Chinese Hackers Attacked Eight Major Technology Service Providers




Eight largest technology service providers were attacked by the hackers of China’s Ministry of State Security; they attempted to access sensitive commercial information and secrets from their clients across the world.

In December, last year, a vicious operation was outlined in formal charges filed in the U.S.; it was designed to illegally access the Western intellectual property with motives of furthering China’s economic interests.

According to the findings made by Reuters, the list of the compromised technology service providers include Tata Consultancy Services, Dimension Data, Hewlett Packard Enterprise, Computer Sciences Corporation, HPE’s spun-off services arm, IBM, DXC Technology, Fujitsu and NTT Data.

Furthermore, various clients of the service providers such as Ericsson also fall prey to the attack.
However, IBM previously stated that it lacks evidence on any secret commercial information being compromised by any of these attacks.

Referencing from the statements given by HPE, they worked diligently for their “customers to mitigate this attack and protect their information.” Meanwhile, DXC told that it had, “robust security measures in place” in order to keep their clients secure.

Commenting on the matter and denying the accusations and any sort of involvement in the attacks, the Chinese government said, “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,”

“While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesperson of Ericsson told as the company said, it doesn’t comment on specific cybersecurity matters.



Massive HIV Data Leak; No Closure Yet!






Singapore: Finally the authorities have come up with some background details as to the circumstances that led to 14,200 people’s personal details along with their HIV status leakage.

The lingering questions, ever since the data was compromised have been intriguing. Such as, the reason behind not making it public in May 2016 when it was known that the information was in wrong hands?

According to a recent media briefing the Permanent Secretary of Health, cited that the ministry of health did wasn’t sure as to the whether the news’ being public was in the interest of the citizens.

They did mention though that they will take conservative measures and better approaches now that they know the persons in registry have concerns regarding a public announcement.


It’s disturbing that years after the incident took place no one knows why the data still remained with the unauthorized people.



According to sources, the Ministry of Health had lodged a police report in May 2016 after finding out that Mikhy Farrerra Brochez was in custody of the leaked information from the HIV registry.

After, the properties owned by Brochez and his partner Ler Teck Siang were searched by the police officials and all pertinent material found was seized.

Even after that Brochez managed to keep some information back and in turn leaked it later on. The Permanent Secretary of Health voiced that the police should have had a better search.

It was later in May 2018 when the people whose information as in the “unauthorized” hands were informed a\bout the entire leakage scenario.

In May 2018 the police found out that Brochez had managed to hold some records back which was a month after Brochez completed serving his jail sentence for other offenses and was deported from Singapore.

There is no way of knowing though, that how many people were informed that their persona details were in wrong hands.

MOH lodged a police report and had contacted the concerned individuals. The number of people was very small according to PSH Mr. Chan.


Where Brochez was deported to is still under wraps and the immigration department couldn’t share the details due to confidentiality concerns.

He is known to have arrived in the Kentucky state of the US. There’s no knowing if he’s being monitored, the sources said.

He had called at his mother’s house despite being warned to stay away and that’s when she informed the police about it.

After he refused to leave he was taken into custody and was charged. He has been asked to return to the district to face criminal trespass.

The Singapore police force is reportedly taking help of their foreign counterpart but didn’t mention which organizations or countries.

Brochez’s partner was charged with the Official Secrets Act for “failing to retain the possession of a thumb drive” containing data from the leak but was stood down and there is no answer as to why that happened.



According to Article 35(8) the AG gets a wide discretion as public prosecutor in the conduct of criminal proceedings. The prosecution “is not required to give reasons for why they decide to proceed with certain charges and not others”.

Another question that has yet to be addressed is how was the access to the confidential information disabled? We do know that the MOH had worked with “relevant parties” to disable the access.


Stolen information of such sorts is uploaded on various hack forums and file sharing sites such as “Pastebin” and “Mega” and is commonly hosted on web servers overseas.

If taking down a web domain. It could be done on a registrar level. Domain registrars are company people who create websites. But taking down a website can’t totally solve the problem.


Because once, data is on the dark web it’s almost irretrievable. As it could be copied or distributed across quite easily.


Absolutely different from the internet the commoners use, the Dark Web is “unregulated and decentralized and has no point of authority or disabling access to anything.