Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Reddit. Show all posts
Reddit
Cyber Attacks Digital Infrastructure Hacker attack Hacking Tools North Korea Online Security Reddit

Hacker Who Took Down North Korea’s Internet Reveals Key Insight

 

Alejandro Caceres, known online as P4x, recently revealed himself as the hacker who managed to take down North Korea’s internet for over a week. This feat, conducted entirely from his home in Florida, has drawn significant attention, and Caceres recently took to Reddit to allow people to “ask him anything” about his experience hacking into one of the world’s most secretive and isolated nations. 

Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, was unmasked as the hacker behind this attack by Wired magazine. He explained that his actions were in retaliation after he was targeted by North Korean spies attempting to steal his hacking tools. In response, he decided to hit back by attacking North Korea’s internet infrastructure, a move that kept the country’s limited public websites offline for over a week. He told Wired, “It felt like the right thing to do here. If they don’t see we have teeth, it’s just going to keep coming.” In his Reddit thread, Caceres discussed the simplicity of his attack, saying, “Honestly, I’ve been asked this a lot. And I can’t really tell haha. I used to say nah it wasn’t that hard.” 

He later clarified, “People told me it wasn’t hard only because I’m trained in this.” Caceres took advantage of North Korea’s outdated and minimal internet infrastructure, which he described as “little sticks and glue.” He noted that North Korea has only two routers for internet ingress and egress, making it easier for a skilled hacker to disrupt the system. When asked about the possible consequences of his actions, Caceres admitted he had faced little to no backlash. “Everyone seems to sort of like it but cannot say that officially. Honestly, I expected a LOT more negativity just because that’s the natural order of things,” he remarked. 

The only attention he has received so far has been from intelligence agencies interested in learning how he managed the hack. He recounted how these meetings sometimes took place in basements, joking, “It was super X-Files type s**t but also like any normal meeting. Weird dissonance…” Reddit users also asked about the possible risks and repercussions of his actions. Caceres expressed surprise at not having faced any direct threats or legal actions. “I have not yet been murdered or arrested, so that’s pretty good,” he joked. 

As of now, Caceres has not faced any significant consequences beyond curiosity from intelligence agencies wanting to understand his methods. Caceres’s hack on North Korea serves as a reminder of how vulnerable even the most secretive and controlled nations can be to cyberattacks, especially when dealing with experienced hackers. While his actions have garnered admiration and a certain level of respect in online communities, they also raise questions about the potential consequences for international relations and cybersecurity norms. 

As the world increasingly relies on digital infrastructure, incidents like this highlight both the possibilities and the dangers of hacking in a hyperconnected world. Caceres, for his part, remains unrepentant and open about his motivations, positioning his actions as a form of digital self-defense and a warning against further provocations from hostile entities.
Read more »
Wireless
Cyber Scammers cyber threat Cyberattacks CyberCrime FBI FCC Financial Loss Reddit SIM SIM swap Swap Scam T-Mobile Technology Verizon Wireless

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.
Read more »
Reddit
AI Data Licensing IPO Privacy Reddit

User Privacy: Reddit Discloses FTC Probe into AI Data Licensing Ahead of IPO


In a surprising turn of events, Reddit, the popular social media platform, has revealed that it is under investigation by the Federal Trade Commission (FTC) regarding its practices related to AI data licensing. The disclosure comes just before Reddit's highly anticipated initial public offering (IPO), raising important questions about user privacy and the responsible use of data in the age of artificial intelligence.

The Investigation 

The FTC's inquiry focuses on Reddit's handling of user-generated content, particularly its sale, licensing, or sharing with third parties to train AI models. While the details of the investigation remain confidential, the fact that it is non-public suggests that the agency is taking the matter seriously. As Reddit prepares to go public, this scrutiny could have significant implications for the company's reputation and future growth.

User Privacy at Stake

At the heart of this issue lies the delicate balance between innovation and user privacy. Reddit, like many other platforms, collects vast amounts of data from its users—posts, comments, upvotes, and more. This data is a goldmine for AI developers seeking to improve algorithms, personalize recommendations, and enhance user experiences. However, the challenge lies in ensuring that this data is used ethically and transparently.

Transparency Matters

Reddit's disclosure sheds light on the need for greater transparency in data practices. Users entrust platforms with their personal information, assuming it will be used responsibly. When data is shared with third parties, especially for commercial purposes, users deserve to know. Transparency builds trust, and any opacity in data handling can erode that trust.

Informed Consent

Did Reddit users explicitly consent to their content being used for AI training? The answer is likely buried deep within the platform's terms of service, a document few users read thoroughly. Informed consent requires clear communication about data usage, including how it benefits users and what risks are involved. The FTC's investigation will likely scrutinize whether Reddit met these standards.

The AI Black Box

AI models are often considered "black boxes." Users contribute data, but they rarely understand how it is transformed into insights or recommendations. When Reddit licenses data to third parties, users lose control over how their content is used. The investigation should prompt a broader conversation about making AI processes more transparent and accountable.

Balancing Innovation and Responsibility

Reddit's situation is not unique. Companies across industries grapple with similar challenges. AI advancements promise incredible benefits, from personalized content to medical breakthroughs, but they also raise ethical dilemmas. As we move forward, striking the right balance between innovation and responsibility becomes paramount.

Industry Standards

The FTC's investigation could set a precedent for industry standards. Companies must adopt clear guidelines for data usage, especially when AI is involved. These guidelines should prioritize user consent, data anonymization, and accountability.

User Empowerment

Empowering users is crucial. Platforms should provide accessible tools for users to manage their data, control permissions, and understand how their content contributes to AI development. Transparency dashboards and granular consent options can empower users to make informed choices.

Responsible AI Partnerships

When licensing data, companies should choose partners committed to ethical AI practices. Collaboration should align with user expectations and respect privacy rights. Responsible partnerships benefit both users and the AI ecosystem.
Read more »
Reddit
Artificial Intelligent Data Leak data security GDPR Mine No-Coding Operations PayPal Privacy Reddit

Unlocking Data Privacy: Mine's No-Code Approach Nets $30 Million in Funding

 


An Israeli data privacy company, Mine Inc., has announced that it has completed a $30 million Series B fundraising round led by Battery Ventures, PayPal Ventures, as well as the investment arm of US insurance giant Nationwide, with the participation of a third investor. In addition to Gradient Ventures, Saban Ventures, MassMutual Ventures, and Headline Ventures, which are all existing investors, Google's AI fund Gradient Ventures also joined the round of investment.

Using artificial intelligence and specifically natural language processing, Mine is capable of scanning your inbox to identify which companies have access to your personal information, as well as allowing you to delete any information that you had no reason to have access to. 

There were a lot of concerns that people had concerning GDPR, and the product sparked a lot of interest: initially free, the startup managed to rake in about 5 million users in just a few weeks. Next, the company was able to expand its user base to include business users and enterprise applications. 

Mine can figure out all of the locations where the end user is installing and using customer or business data from a scan of the user's inbox and log-on authenticity. In this instance, it struck a chord with the privacy officers who are responsible for keeping companies in compliance with privacy rules and that resonated with them as well.

150 clients are using Mine’s data privacy and disclosure solutions to protect their data. These companies include Reddit, HelloFresh SE, Fender, Guesty, Snappy, and Data.ai. By raising this capital, the Company will be able to fund its ongoing operations in the coming years as well as expand its global operations, including expanding the company's MineOS B2B platform into the US and expanding its offerings to the enterprise market. 

With 35 employees, the company is in the process of hiring dozens of developers, QA professionals, and machine learning professionals to be based in Israel. Founded in 2019, Mine is a company headquartered in Tel Aviv, with the company's founding members being CEO Gal Ringel, CTO Gal Golan, and CPO Kobi Nissan.

Since the company started, its vision has been to provide companies and individuals with ease of access to privacy regulations. It has been two years since the company's vision around its MineOS B2B platform has sharpened, and it aims to provide the company with a Single Source of Truth (SSOFT) of data within its organization, enabling them to identify which systems, assets, and data they have within their organization. 

In every organization, this process, known as Data Mapping, is one of the most important building blocks which serves as a basis for a variety of teams, including legal and privacy teams, data teams, engineering teams, information technologies, and security teams. It is the most important building block for many teams within a company. As Ringel said, "The funding was complete at the end of the second week of October, just one week after the war had begun." 

As a result of the difficult market conditions of the past year, we have managed the company very carefully and disciplined since March last year while reducing monthly expenses and boosting revenue significantly to a rate of millions of dollars in annualized return on equity (4x growth in 2023) which has allowed us to achieve extraordinary metrics that have attracted many investors to the company. 

There is no doubt that mineOS is one of the greatest open-source operating systems out there, and as such it has hundreds of enterprise customers, including Reddit, HelloFresh SE, FIFA and Data.ai, and Data.ai it announces $30 million in Series B funding to continue its development. There are two leads in this round, Battery Ventures (from the financial giant) and PayPal Ventures (from the payments giant) as well as all of the previous backers that were involved in this round, including Saban Ventures, Gradient Ventures (Google's AI fund), MassMutual Ventures, and Headline Ventures. 

Although Mine has not disclosed its valuation, the co-founder and CEO, Gal Ringel, told me during his recent interview that the company has increased in valuation three times since its last fundraising back in 2020. (The previous round was $9.5 million after the company had only 100,000 users and no revenue.) Mine has raised over $42.5 million in funding. 

A part of the new funding will be used for both sales development surrounding Mine's current offerings, as well as more funding for R&D. In line with this, Mine intends to launch two new products in Q1 that cater to the explosion in interest and use of artificial intelligence. One of these products is designed for data privacy officers who are prepared to comply with the plans of regulators to adopt artificial intelligence laws shortly. The data protection tools market is not limited to Mine, as it should be. 

The fact that the feature sits close to other data protection activities is why it is more likely to be challenged by other companies in the same arena – for instance, OneTrust, which offers GDPR and consent gate solutions for websites, and BigID, which is a provider of a comprehensive set of compliance tools for data usage and compliance. Ringel said Mine has a strong competitive advantage over these as it is designed with an emphasis on becoming user-friendly, so it can be adopted and used even by people who have no technical background.
Read more »
User Privacy
2FA Cyber Security Digital Platform Multi-Factor Authentication (MFA) Personal Data Reddit Starlink Unauthorized access User Privacy

Safeguarding Starlink Accounts: Urgent Need for Two-Factor Authentication

Users and the larger online community have recently expressed worry in the wake of stories of Starlink account hijacking. Because Starlink's account security framework does not use two-factor authentication (2FA), a vulnerability exists. Due to this flagrant mistake, customers are now vulnerable to cyberattacks, which has prompted urgent calls for the adoption of 2FA.

Cybercriminals have been able to take advantage of this flaw and get unauthorized access to user accounts because Starlink's security protocol does not include 2FA. A recent PCMag article that described numerous account hacks brought attention to this vulnerability. Users claimed that unauthorized access had occurred, raising worries about data privacy and possible account information misuse.

Online forums such as Reddit have also witnessed discussions surrounding these security lapses. Users have shared their experiences of falling victim to these hacks, with some highlighting the lack of response from Starlink support teams. This further emphasizes the critical need for enhanced security measures, particularly the implementation of 2FA.

As noted by cybersecurity experts at TS2.Space, the absence of 2FA leaves Starlink accounts vulnerable to a variety of hacking techniques. The article explains how cybercriminals exploit this gap in security and provides insights into potential methods they employ.

It's important to note that while 2FA is not infallible, it adds an additional layer of security that significantly reduces the risk of unauthorized access. This system requires users to verify their identity through a secondary means, typically a unique code sent to their mobile device. Even if a malicious actor gains access to login credentials, they would still be unable to access the account without the secondary authentication.

Addressing this issue should be a top priority for Starlink, given the sensitive nature of the information linked to user accounts. Implementing 2FA would greatly enhance the overall security of the platform, offering users peace of mind and safeguarding their personal data.

Recent Starlink account hacking events have brought to light a serious security breach that requires quick correction. Users are unnecessarily put in danger by the lack of 2FA, and this situation needs to be fixed very soon. Two-factor authentication will enable Starlink to considerably increase platform security and give all users a safer online experience.




Read more »
User Privacy
Click Bait Digital Platform Misinformation Phising Attacks Privacy Reddit Social Media Apps Social Media threats User Privacy

Reddit to Pay Users for Popular Posts

Reddit, the popular social media platform, has announced that it will begin paying users for their posts. The new system, which is still in its early stages, will see users rewarded with cash for posts that are awarded "gold" by other users.

Gold awards are a form of virtual currency that can be purchased by Reddit users for a fee. They can be given to other users to reward them for their contributions to the platform. Until now, gold awards have only served as a way to show appreciation for other users' posts. However, under the new system, users who receive gold awards will also receive a share of the revenue generated from those awards.

The amount of money that users receive will vary depending on the number of gold awards they receive and their karma score. Karma score is a measure of how much other users have upvoted a user's posts and comments. Users will need to have at least 10 gold awards to cash out, and they will receive either 90 cents or $1 for each gold award.

Reddit says that the new system is designed to "reward the best and brightest content creators" on the platform. The company hopes that this will encourage users to create more high-quality content and contribute more to the community.

However, there are also some concerns about the new system. Some users worry that it could lead to users creating clickbait or inflammatory content to get more gold awards and more money. Others worry that the system could be unfair to users who do not have a lot of karma.

One Reddit user expressed concern that the approach will lead users to produce content of poor quality. If they know they can make money from it, people are more likely to upload clickbait or provocative stuff.

Another Reddit member said that users with low karma may be treated unfairly by the system. According to the user, "Users with more karma will be able to profit more from the system than users with less karma." This will make users with lower karma less likely to produce high-quality content, which is unjust.

Some of the issues raised by the new method have been addressed by Reddit. According to the corporation, it will actively monitor the system to make sure users aren't producing low-quality content to increase their gold medal total. In addition, Reddit states that it will endeavor to create a system that is equitable to all users, regardless of karma.

According to a Reddit spokesman, "We understand that there are some concerns about the new system. We are dedicated to collaborating with the community to make sure that the system is just and that it inspires users to produce high-quality content."

The platform has undergone a dramatic change as a result of Reddit's new strategy of compensating users for popular postings. The system's actual functionality and whether it will improve the platform's content quality have still to be determined. Reddit is devoted to advancing and inventing, as evidenced by the declaration of the new system.
Read more »
Video Game Developer
AI Bot AI technology AI Trends Cyber Security Gaming Misinformation Reddit Video Game Developer

Warcraft Fans Trick AI with Glorbo Hoax

Ambitious Warcraft fans have persuaded an AI article bot into writing about the mythical character Glorbo in an amusing and ingenious turn of events. The incident, which happened on Reddit, demonstrates the creativity of the game industry as well as the limitations of artificial intelligence in terms of fact-checking and information verification.

The hoax gained popularity after a group of Reddit users decided to fabricate a thorough backstory for a fictional character in the World of Warcraft realm to test the capabilities of an AI-powered article generator. A complex background was given to the made-up gnome warlock Glorbo, along with a made-up storyline and special magic skills.

The Glorbo enthusiasts were eager to see if the AI article bot would fall for the scam and create an article based on the complex story they had created. To give the story a sense of realism, they meticulously edited the narrative to reflect the tone and terminology commonly used in gaming media.

To their delight, the experiment was effective, as the piece produced by the AI not only chronicled Glorbo's alleged in-game exploits but also included references to the Reddit post, portraying the character as though it were a real member of the Warcraft universe. The whimsical invention may be presented as news because the AI couldn't tell the difference between factual and fictional content.

The information about this practical joke swiftly traveled throughout the gaming and social media platforms, amusing and intriguing people about the potential applications of AI-generated material in the field of journalism. While there is no doubt that AI technology has transformed the way material is produced and distributed, it also raises questions about the necessity for human oversight to ensure the accuracy of information.

As a result of the experiment, it becomes evident that AI article bots, while efficient in producing large volumes of content, lack the discernment and critical thinking capabilities that humans possess. Dr. Emily Simmons, an AI ethics researcher, commented on the incident, saying, "This is a fascinating example of how AI can be fooled when faced with deceptive inputs. It underscores the importance of incorporating human fact-checking and oversight in AI-generated content to maintain journalistic integrity."

The amusing incident serves as a reminder that artificial intelligence technology is still in its infancy and that, as it develops, tackling problems with misinformation and deception must be a top focus. While AI may surely help with content creation, it cannot take the place of human context, understanding, and judgment.

Glorbo's developers are thrilled with the result and hope that this humorous occurrence will encourage discussions on responsible AI use and the dangers of relying solely on automated systems for journalism and content creation.




Read more »
Reddit
Black Cat Data Breach Email Phishing Encryption Identity Theft Law Enforcement Password Hashing Reddit

Reddit Braces for Data Leak as Hackers Threaten to Expose Stolen Information

 

A new wave of cybersecurity threats looms over Reddit as hackers, known as BlackCat, have recently surfaced with a dire warning. The group claims to have obtained confidential data during a breach that occurred back in February. Reddit, the popular social media platform and discussion forum, is now facing the potential release of sensitive user information, causing alarm among its millions of users.

According to reports from Bleeping Computer, the hackers have threatened to leak a massive 80GB trove of stolen data. This news has sent shockwaves throughout the online community, sparking concerns about privacy and cybersecurity. The stolen information is said to include email addresses, encrypted passwords, and private messages exchanged between users.

The breach has caused unrest among Reddit users who are worried about the potential exposure of their personal information. The platform has a vast user base, with countless individuals actively engaging in discussions, sharing personal stories, and participating in various communities. The leak of such data could have significant consequences, including identity theft, phishing attacks, and harassment.

Reddit has been grappling with cybersecurity issues in recent years. The breach in February, initially thought to be minor, now appears to be much more severe than anticipated. The company has been working diligently to enhance its security measures and address the breach promptly. However, the latest threats from BlackCat highlight the ongoing challenges faced by online platforms in safeguarding user data.

In response to the threats, Reddit has taken immediate action to protect its users. The company has informed law enforcement agencies and is cooperating fully with their investigations. Reddit is also urging its users to update their passwords and enable two-factor authentication as an additional security measure.

While the motivations of the BlackCat hackers remain unclear, their actions emphasize the pressing need for individuals and organizations to prioritize cybersecurity. It is essential for users to regularly update their passwords, use strong and unique passwords for each platform, and enable multi-factor authentication whenever possible. Online platforms, too, must invest in robust security systems to safeguard user data and actively monitor for potential breaches.

The Reddit breach serves as a stark reminder that no organization is immune to cyber threats. It underscores the importance of implementing comprehensive security protocols, conducting regular vulnerability assessments, and maintaining a proactive stance against potential attacks.

Read more »
Subscribe to: Posts (Atom)