Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Private Data. Show all posts
Private Data
Android Apps Android Spyware Data Breach data security Data Theft Lookout Malicious Apps Private Data

Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users

 

SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed. Late last year, a security researcher provided TechCrunch with three Android apps, alleging they were government spyware used in Italy. 

Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals. Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders. 

In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications. Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information. 

Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that none of the infected apps were available on the Play Store, asserting that Android security measures have protected users from this malware since 2022. 

However, a 2024 Kaspersky report suggested that earlier versions of Spyrtacus were distributed via Google Play in 2018 before shifting to fake websites mimicking major Italian internet providers. Italy has a long history of government spyware development, with companies such as Hacking Team, Cy4Gate, and RCS Lab selling surveillance tools to international law enforcement agencies. Spyrtacus is the latest example of this trend, with Lookout identifying command-and-control servers registered to ASIGINT, an SIO subsidiary specializing in wiretapping software. 

The SIO, Italian government and the Ministry of Justice have reportedly declined to comment. Lookout has also discovered references to Naples in the malware’s source code, suggesting a possible connection to developers from the region. 
Read more »
Private Data
Data Breach Data Leak Elasticsearch Georgia Private Data

Private Data of Millions of Georgians Exposed in Massive Data Leak

 

A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.

Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.

The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people. 

The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’. 

The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.

The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger. 

Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences. 

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.

He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.
Read more »
Telefónica
Data Breach Infostealer Private Data Telecom Firm Telefónica

Hackers Breach Telefónica's internal Ticketing System, Stealing 2.3GB of Sensitive Data

 

The hackers employed information stealer malware to steal the credentials of several Telefonica employees and gain access to the company's internal ticketing system.

The data breach was revealed last week when members of the Hellcat ransomware group (which had previously claimed responsibility for the Schneider Electric attack) boasted on the BreachForums cybercrime website about stealing customer data, ticket data, and hundreds of files from the Spain-based telecom provider.

According to cybersecurity firm Hudson Rock, the attack was "facilitated by a combination of infostealer malware and sophisticated social engineering techniques". 

The attackers told Hudson Rock that they utilised custom infostealer malware to breach the credentials of over 15 Telefonica employees and get access to the firm's Jira platform. After getting access to the platform, the attackers apparently targeted two employees with administrator credentials, "tricking them into revealing the correct server for brute-forcing SSH access".

The perpetrators stole a list of 24,000 Telefonica staff emails and identities, 500,000 summaries of internal Jira issues, and 5,000 internal documents, which included internal email chats and other contents. The stolen data could expose Telefonica personnel to phishing and other forms of social engineering attacks, as well as operational details, security flaws in the company's infrastructure, strategic goals, and other sensitive internal information. 

Hudson Rock claims that last year, 531 employee PCs connected to Telefonica's network were infected with infostealers, possibly exposing company credentials on each machine. Additionally, it seems that the company did not implement corporate infrastructure password policies that were robust. 

“For the URL linked to the initial access, the passwords were even weaker, indicating that it wouldn’t have taken an infostealer infection for hackers to brute force their way in,” the cybersecurity firm noted.

In other cases of infostealer infections, Telefonica employees' credentials to third-party services such as Fortinet, Office 365, and Salesforce were stolen.

“These infections provide hackers with the necessary credentials to infiltrate systems and, as demonstrated in this case, can be leveraged to expand access further through sophisticated social engineering tactics. Infostealers serve as a stepping stone for more advanced attacks, making them a significant concern for organizations worldwide,” Hudson Rock added.

In response to a local media outlet's request, Telefonica confirmed the incident but declined to provide any other details on the potentially compromised data.

“We have become aware of an unauthorized access to an internal ticketing system which we use at Telefónica. We continue to investigate the extent of the incident but can confirm that Telefónica´s residential customers have not been affected. From the very beginning, we have taken the necessary steps to block any unauthorized access to the system,” Telefonica stated. 

Telefonica, a multinational telecommunications firm headquartered in Madrid, Spain, operates in a dozen countries worldwide under various brands such as Movistar, O2, Telefonica, Telxius, and Vivo.
Read more »
User Privacy
Cyber Security Data Brokers Data Sale Private Data User Privacy

Here's How to Safeguard Your Data From Data Brokers

 

Privacy concerns have grown as more of our private data is being gathered online. We share intimate details with just a few clicks. The majority of people, however, are ignorant of how extensively their data is shared. 

Behind the scenes, there is a whole data broker industry that makes money off of our digital traces. Businesses or individuals known as data brokers gather and resell personal data, such as phone numbers and online surfing behaviour. In this piece, we'll look at how data brokers work and some important steps we can take to safeguard our personal data. 

Data collection 

Data brokers collect data from a variety of public and commercial sources. They can simply gather data from websites and applications without your knowledge by paying app developers to embed SDKs (software development kits) in their apps. The data broker's SDKs can then record the various rights provided to apps, such as access to contacts and location. They can even pay app owners directly for the information rather than installing the software kits. 

Another source of data include public records, such as voter registration, birth certificates, marriage licenses, census data, and divorce records. The Internet is also a valuable source of information. The Internet is also a valuable source of information. Data brokers can acquire personal information from things like social media postings or interactions, online quizzes, virtual contests, or websites browsed. 

Data usage 

Customer data is utilised in a variety of ways, including targeting online adverts based on purchase history to make them more relevant. Data brokers may tell advertisers what brands a person has purchased and when they may require more, enabling timed adverts. Customer data is also used to detect fraud, such as cross-referencing loan applications with background information obtained from data brokers. 

This allows lenders to validate facts such as income and debts mentioned. Loan and insurance businesses purchase data to view a person's debts, loans, payments, income, employment history, and assets. People search sites also rely on data brokers to display names, addresses, ages, and other information when consumers search for someone. 

Privacy tips 

Numerous reputable firms can assist you in removing your information from data broker websites. They search the internet for your information on sites such as data brokers and search engines, and then make requests to have it removed. Make sure you select the correct service provider and read through user reviews. Reliable organisations, such as DeleteMe, are supported by real testimonials; you can read DeleteMe reviews here.

You should also limit what you post online. Share only the essential information, and avoid disclosing sensitive information such as your address and phone number. You can also use VPNs and encrypted browsers. A VPN conceals your IP address and encrypts your connection, avoiding internet tracking that brokers rely on. Secure browsers disable trackers and fingerprints, ensuring that your activity is not traced to you.

Additionally, consider deleting unused and online apps. Be aware of the privacy settings on your devices, apps, and social media profiles, and make sure they are set to maximum privacy. Avoid consenting to privacy policies or terms of service without thoroughly reading them, particularly the fine print.
Read more »
User Security
Cyber Attacks Data Leak Private Data Rhode Island User Security

Rhode Island Residents Warned of Cyberattack Targeting State Government

 

Rhode Island officials have issued an urgent advisory for residents to take immediate precautions following a significant cyberattack on the state government. Authorities are warning that private data, including Social Security and bank account details, may soon be exposed due to the breach.

Governor Dan McKee and other state officials held a press conference earlier this week to address the situation and provide guidance. “We know this situation is alarming, and it’s stressful,” McKee stated. He encouraged residents to bookmark the official website where updates on the incident will be posted.

Details of the Cyberattack

The breach occurred on December 5, when officials discovered that an international cybercriminal gang might have hacked into RIBridges, the state system previously known as UHIP. This platform supports various health and benefits programs. Concerns escalated after hackers shared a screenshot of file folders from RIBridges, suggesting that malware had been installed on the system.

Preliminary investigations indicate that the hackers may have accessed sensitive information from hundreds of thousands of residents who have used state programs over the past eight years. Impacted individuals will receive a notification letter from the state.

Affected State Programs

The affected programs include:

  • Medicaid
  • Supplemental Nutrition Assistance Program (SNAP)
  • Temporary Assistance for Needy Families (TANF)
  • Child Care Assistance Program (CCAP)
  • HealthSource RI health insurance
  • Rhode Island Works
  • Long-Term Services and Supports (LTSS)
  • General Public Assistance (GPA)
  • AT HOME cost-sharing

As a precaution, these programs will transition to paper applications starting next week, as the HealthyRhode online portal remains offline during the investigation.

Matt Weldon, director of the Rhode Island Department of Labor and Training, assured residents that the state’s separate system for unemployment insurance and other out-of-work benefits has not been affected by the cyberattack.

Steps for Residents to Protect Themselves

Michael Tetreault, a cybersecurity advisor with the U.S. Department of Homeland Security, provided the following recommendations for Rhode Islanders who believe they may be impacted:

  • Strengthen your passwords and avoid using the same password across multiple accounts.
  • Enable multi-factor authentication (MFA) on all online accounts.
  • Contact the three major credit-monitoring bureaus to freeze your credit as a precaution.

While the investigation continues, officials are urging residents to remain vigilant and take necessary measures to safeguard their personal information. Regular updates will be provided on the state’s official website, ensuring transparency and assistance for affected individuals.

Read more »
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
Transport Firm
Data Breach Data Leak Private Data Ransomware attack Transport Firm

Rider Data Compromised in Ransomware Attack on TheBus, Handi-Van

 

Private data of TheBus and Handi-Van customers appears to have been hacked in an alleged ransomware attack on the company that operates the transportation services. The websites for TheBus and Handi-Van have been down for four days as the alleged attack continues. 

This is the second hack of Oahu Transit Services in three years, and the FBI and Hawaii Police Department are investigating. Meanwhile, the city's Department of Transportation Services said that the breach began around 1 a.m. Saturday. 

“Our phones went down, our OTS system went down and it became pretty obvious that it was an outside intrusion into the system,” stated Roger Morton, director of the city Department of Transportation Services. “What OTS did was immediately severed all the connections to other systems that they have.” 

The bus and the handi-van continue to run their routes. However, the city claims that websites, GPS, and the Holo card were purposely shut down to safeguard people's data. It might be too late, though. 

Falcon Feeds, an India-based cybersecurity company that monitors "threat actors," shared a screenshot on its X social media account claiming that "Oahu Transit Services Falls Victim to DragonForce Ransomware.” DragonForce claims to have 800,000 pieces of data and has given OTS 10 days from Tuesday to pay the ransom.

“That’s from the DragonForces dark platform, where they shame most of these victims,” noted Nandakishore Harikumar, Falcon Feeds CEO and founder. “Every data breach, even if it’s leaking one line of data, we believe it’s serious.” 

DragonForces is based in Malaysia, but Harikumar is unsure whether the firm that posted the ransom is legitimate or an imposter. Falcon Feeds published screenshots of the data, which included names, addresses, and bus or Handi-Van card ID types. Hawaii News Now masked the private data. 

“We have not paid any ransom,” stated Morton, who added it’s against policy to pay ransoms. “They’re methodically putting the system back. Part of that is disinfecting hundreds of work stations on the chance that they might hold some kind of virus on them.” 

DTS won't confirm a ransomware incident and claims it is being investigated. Meanwhile, Oahu Transit Services has responded to media requests through a Gmail account. According to Morton, OTS expects all online systems to be operational again Wednesday.
Read more »
User Privacy
Canada Cyber Attacks Private Data Ransomware User Privacy

Ransomware Attackers Target Canada’s Largest School Board

 

The Toronto District School Board (TDSB) has issued a warning following a ransomware attack on its software testing environment and is currently investigating whether any personal data was compromised. 

TDSB is Canada's largest school board and the fourth largest in North America, overseeing and managing 473 elementary, 110 secondary, and five adult education institutions. The group has an annual budget of around $2.5 billion. 

An announcement posted on the board's website earlier this week informs parents, guardians, and carers about a ransomware attack that may have exposed personal information.

"TDSB recently became aware that an unauthorized third party gained access to TDSB's technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems," reads the announcement. 

"We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident," adds TDSB further down in the announcement. 

TDSB claims that all of its systems are operational, with no disruptions, indicating that the attack was contained in the testing environment. The organisation has contacted the Toronto Police Service and the Information and Privacy Commissioner of Ontario, and it is working with third-party cybersecurity specialists to evaluate the extent of the incident. 

TDSB serves roughly 247,000 students and employs 40,000 employees, therefore this incident could impact a large number of people. The Toronto District School Board agreed to notify affected persons if the ongoing investigation reveals that a data breach happened, but for the time being, it has chosen not to provide too much information

Individuals who may have been impacted and are looking for answers may contact the organisation at 'cyberincident@tdsb.on.ca.’ At the time of writing, none of the major ransomware gangs claimed responsibility for the attack on TDSB.
Read more »
Subscribe to: Posts (Atom)