Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security and Privacy. Show all posts

Europol Captured 'Target' 12 Suspects in Ransomware Cases

 

Europol announced this week that it has caught twelve suspects in various criminal groups who were causing havoc throughout the world by conducting ransomware assaults on key infrastructure, following a two-year investigation. 

According to Europol, the individuals are suspected of carrying out assaults on almost 1,800 people in 71 countries. The organisation is notorious for attacking huge corporations and is suspected of being behind an attack on Norsk Hydro, a worldwide aluminium producer located in Norway, in 2019, which prompted the company to halt operations across two continents. Europol seized more than $52,000 in cash and five luxury vehicles from the accused. 

The agency is presently conducting a forensic examination of the group's electronic devices in order to secure evidence and uncover fresh investigation leads. Europol and Eurojust, the European Union's body for criminal justice cooperation, organised the international sting, which comprised officials from eight different nations, including the United States and the United Kingdom. It happened on October 26 in Ukraine and Switzerland, as per Europol. It is unclear if the individuals have been arrested or charged, with Europol just stating that they were "targeted." 

The agency stated. “Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.” 

Each of the cybercriminals played a unique function inside the criminal organisations. Some were responsible for breaking into the victims' IT networks, which they accomplished through a variety of methods such as brute force attacks, SQL injections, stolen passwords, and phishing emails with harmful attachments. 

Following that, they would use malware such as Trickbot and other tools to remain undetected and obtain more access, according to Europol. 

“The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying ransomware. The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.” 

The attackers encrypted the victims' files before sending a ransom letter demanding bitcoin payment in return for the decryption keys. If the ransom was paid, it was reported that certain suspects were in charge of laundering the money through mixing services and cashing out. 

Europol did not elaborate on the identities of the victims or why they may have been targeted. Back in the United Kingdom, ransomware attacks have been on the rise, with cybercriminals targeting big IT businesses and destroying infrastructure.

Amazon, Rings Sued by a Man Claiming that the Camera was Hacked and used to Harass his Kids


A class-action lawsuit has been filed against Amazon-owned Rings by Alabama resident John Orange. The company has been accused mainly of negligence and invasion of privacy amid other side claims namely breach of an implied warranty, breach of implied contract and violation of California’s Unfair Competition Law against false advertising as it failed to provide enough protection against hacks.

Orange claimed that his internet-connected Ring camera which he bought in July 2019 was hacked and used to harass his three children aged seven, nine and ten, as per the lawsuit. Reportedly, the hacker spoke to the kids as they were playing basketball.

The argument for a class-action was supported by seven other similar incidents reported by media wherein these devices were hacked as the two-way talk function was used by hackers to talk to unsuspecting children.

A mother shared one such disturbing incident which made rounds on social media, it took place in Mississippi wherein the hacker attempted to engage with her eight-year-old daughter. While, another one which took place in Texas, witnessed a couple being threatened to pay a ransom of $350,000 in bitcoin.

According to the lawsuit, "An unknown person engaged with Mr. Orange’s children commenting on their basketball play and encouraging them to get closer to the camera."

“Although Ring is in the business of home security and was certainly aware that its Wi-Fi-enabled product, was vulnerable to attack, it took no steps to ‘require camera owners to use two-factor authentication, which could help prevent these types of attacks…,’” the lawsuit stated.

“Moreover, it knew, or should have known, in an era of pervasive data breaches, that logging in with user emails instead of unique account names, and not requiring at least 2FA [two-factor authentication], put its Wi-Fi-enabled product at an unreasonable risk of being compromised.”

“Unfortunately, Ring did not fulfill its core promise of providing privacy and security for its customers as its camera systems are fatally flawed,” the lawsuit further claimed.

On being asked by Gizmodo, a spokesman from Ring declined to comment as he told that the company "does not comment on legal matters."

If the matter qualifies for gaining the status of class action, Amazon and Ring would be asked to provide compensation for the affected parties and implement better security measures.

Google Using Gmail to Track User Purchases




The privacy of Gmail took a severe hit after a Reddit user's take on the matter related to privacy, he shared how he found that his Google Account's Purchases page carried a record of all his purchases made from other online platforms like Amazon; notably, it included the purchases made without using Google Pay.

Prior to appearing into your Google account, your Gmail messages undergo scanning by Google for purchases which happen at the expense of the privacy that the platform was supposedly providing.

While briefing his experience, the Reddit user told that when he checked his Google Account Purchases page, he discovered that the Purchases page also consists a record of the purchases he made from Adidas, Dominos, Amazon, Steam and some other online stores. To put the things into perspective, he further told that he does not use Google Pay.

On being enquired on the matter, Google stated that the source of information was Gmail messages. They also confirmed that the company is not making use of purchases or any other data stored in user emails and that this was configured to aid users in finding and tracking their valuable data.

Referencing from the company's statements, “To help you easily view and keep track of your purchases, bookings, and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at, any, time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We're always working to help people understand and manage their data.”


BitTorrent releases Bleep for iOS, introduces new feature 'Whisper'

In the era of communication, instant messaging apps are what making news every day. A new entrant in this world of apps is “Bleep”. It is a fun and easy to use mobile messaging app for iOS released by BitTorrent, in order to keep the user information private.

BitTorrent, that bought an alpha version of Bleep last September, enables the first non-alpha release to sign up without an account and allowing all the messages to be encrypted with local keys, so that no one has access to the other’s data.

With Bleep, one can chat via text, make free voice calls, or use the newly admitted feature, Whisper. 

A message or photo can be sent to any of your contacts as a Whisper, and it will disappear 25 seconds after it's viewed. 

Whisper messages also have additional screenshot protection that blurs out the important stuff.

To register, all that is required is a nickname. The email addresses and mobile numbers with Bleep can be verified optionally, which means more anonymity on the app.

Bleep offers a peer-to-peer connection in which one’s data isn't stored in the cloud where it could be hacked into remotely. Data sent via Bleep is stored on the device until it is delivered, through an encrypted connection, to the recipient’s device.

Adding friends is easy via the device’s address book, their email, mobile number or Bleep key. Voice calls can be connected directly (no cloud) to your contacts with end-to-end encryption.

In addition to its availability on iOS, it has significant updates on Android and is also available for Mac and Windows desktop. 

Completely Anonymous Social Network : Get Your Social Number

social number

Fear to share your thoughts in Social Networks?! Here is completely Anonymous Social Network for you.

Social Number(SN) is a new social networking site that enable users to anonymously discuss freely topics such as politics , religion , and more

In SN, you will identify yourself by a number rather than a username. This number keeps your anonymous so that you can speak more freely without fear of over-sharing.

"It's about freedom of speech." CEO and co-founder M.K said in a press release. " Today, there is very little privacy on any social network, resulting in employees being fired and government interrogations for free thinking. On Social Number, your number is your only identity, showcasing the true value of anonymity."

Once you log in with a number between six and 10 digits, you can join groups and send messages, etc. Throughout it all, no one knows who you are.

Sign up now:
http://www.socialnumber.com/