Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Privacy News. Show all posts

A Large Number of Ventures Suffering From Cloud Security Attacks

The advent of technology led malicious actors, to invade the privacy of users' systems in a few steps. Cloud security is one such technology that has increasingly worked to fortify users' data from threat actors. 

However, as per the statistics, even the latest cyber security is at risk; a report publicized by Synk shows, that 80% of the enterprises suffered from these actors’ invasion in just the past 12 months. The wide adoption of cloud security has been considered a major reason for a rapidly increasing number of cases. 

There have been several bigger cases that show the breach of cloud security. Accenture is one of them which came under the claws of cloud security attacks. Once in 2017 when the company's AWS S3 storage was unsecured and was made available for public reach. The attackers found confidential API data, digital certificates, meta info, etc. and they used it to blackmail and squeeze money from the. The second was when in 202, the firm got struck by LockBit ransomware. 
 
As per Synk’s report, 58% of the people were predicting that they again will face another cloud security attack in the future, and 25% were afraid that they must have endured a breach in their cloud storage but were not aware of it. These thoughts were creating a negative impact on cloud security. Whereas, there are many other similar cases like Accenture, where organisations left their cloud storage open to be accessed publically, and did not have even basic security. 

The CEO and Co-founder of Orca, Avi Shua stated that other than the cloud platforms providing safe spaces for data storage in cloud infrastructure, the state of the business’s workloads, identities, etc. stored in the cloud are also equally responsible for the security of the public cloud data.

For making 100% from cloud storage and evading the problems in cloud securities, it is important to include experts in cloud-native security. and to avoid such incidents as Accenture cases it becomes a necessity to add additional training and education. As an institute can’t deal with such a situation without planning, they should work with proper strategies and focus on how to avoid the risk of 

To make the best of cloud storage and avoid falling prey to problems related to cloud security, it becomes pertinent to include experts in cloud-native security. To avoid such incidents from occurring in Accenture and other such companies, it's important that additional training and education about cloud security handling is provided by the relevant institutes and organisations. It's implausible to deal with such a situation without planning, the companies should work with proper strategies and focus on how to avoid the risk of data theft.  

Russian expert told how to figure out surveillance via a webcam

 It is becoming more and more difficult to find out whether you are being followed through a webcam. According to Arseny Shcheltsin, General Director of Digital Platforms, earlier it was used by a special indicator, which showed whether the camera is recording, but now it’s easy to bypass this device.

"The most characteristic signs of tracking are the “freezing” of the computer or phone only when there is an Internet connection, or immediately after switching on,” explained the specialist.

As Shcheltsin noted, the appearance of unknown programs on the device that significantly "slow down" its work should also be alerted. One of the most obvious confirmations that a person is being spied on through a webcam is its spontaneous activation, but today, as the expert clarified, the burning icon near the device's camera may not light up, while it will record what is happening around.

The expert noted that it is worth paying attention to where the potential use of the camera can harm its owner. For example, it is better not to use the phone where the person is not fully dressed — in the locker room, bathroom, etc.

It is also important to keep your computer's antivirus software up-to-date. They should be updated as a new version is released.

Previously, Mr. Shcheltsin reported that intelligence services of various countries are using backdoors to spy on people around the world through Smart TVs.

The largest Russian Telecom company Tele2 monitors subscribers using a script


The company is totally out of line and distributes its malicious scripts through CDN, which allows it to receive information about any customer actions.

In the 21st century, it is becoming increasingly difficult to keep your personal data safe. Now providers began to get into the personal territory of Internet users. Earlier, another Russian Telecom company Beeline was noticed in violation of confidentiality, which distributed spam ads directly on websites using the virus.

Recently it was found out that Tele2 is monitoring subscribers using a dangerous script. The company gets access to the data due to the mass implementation of scripts via CDN.

Clients of the operator did not even suspect that they were being watched The script, which Tele2 worked hard to distribute. It was designed to display additional advertising on the site, and also with its help, it is possible to calculate keywords for the formation of targeted advertising. The provider managed to do this using HTTP links, instead of HTTPS.

So, this mechanism can allow third parties not only to monitor the activity of subscribers but also to fully monitor all activities.

Experts believe that such actions of telecommunications companies are not a way to profit from advertising, everything is much more serious.

At the moment Tele2 is one of the largest companies in Russia, which is engaged in the establishment of 5G network. This means that it has access to many channels and servers. Soon all devices of Russians will become infected after successful integration of 5G network. It is possible that this data is transmitted to the authorities of the country, since at the moment the Network is the only area where the government does not have the authority for total control, so they are forced to obtain it in such a fraudulent way.

Recall that EhackingNews previously published information that providers of Kazakhstan persuade customers to install a "state trusted certificate" on all devices, which will allow intercepting all encrypted traffic of the country in order to protect citizens from cyber threats and illegal content. Telecom operators warn that if the certificate is absent, then customers may encounter problems accessing certain Internet resources.

In Kazakhstan, everyone who wants to use Internet must allow government to read their Secure Traffic (HTTPS)



Providers of Kazakhstan persuade customers to install a "state trusted certificate" on all devices, which will allow intercepting all encrypted traffic of the country in order to protect citizens from cyber threats and illegal content.

Kazakhstan Telecom operators have begun to notify customers about the need to install a special security certificate Qaznet on all subscriber devices with Internet access - mobile phones and tablets based on iOS/Android, personal computers and laptops based on Windows/MacOS.

The message on the website of the Kcell provider states that the certificate recommended for installation "was developed in Kazakhstan and provided by the authorized state body" and "will allow protecting Kazakhstani Internet users from hacker attacks and viewing illegal content". However, it can be assumed that such opportunities can be used by the authorities of Kazakhstan to gain access to information that citizens exchange via the Internet.

Users are invited to download the certificate from the website qca.kz. This domain name is registered to an individual Askar Dyussekeyev. The address of the owner is the same as the address of the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan.

Telecom operators warn that if the certificate is absent, then customers may encounter problems accessing certain Internet resources.

Indeed, according to some users from the capital of Kazakhstan, it is impossible to access sites that force the use of the secure HTTPS protocol using the HSTS mechanism without installing a certificate. Such sites are now the majority.

According to Shavkat Sabirov, the President of the Internet Association of Kazakhstan, there is a global problem in the world related to the safe use of the Internet.

"All the experiments that were associated with the installation of root certificates failed. All over the world, it is already recognized that this is an unsuccessful and even a terrible attempt to work in a safe mode. If this certificate is stolen or hacked, the attackers will get absolutely all the information about users data that use this certificate," said the president of the Internet Association of Kazakhstan.

The President of the Internet Association of Kazakhstan noted that companies that provide services on the Internet with the security certificate should take responsibility for its use.