Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Priavcy. Show all posts
User Priavcy
Cyber Security Dark Web dark web threats data security Tor Browser US Goverment User Priavcy

Dark Web Revealed: The Hidden Internet’s Role in Cybercrime and Digital Privacy

 

The dark web, often shrouded in mystery and fear, is portrayed as a breeding ground for illicit activities and cybercrime. While this image is not entirely unfounded, the dark web’s origins and uses are more nuanced, with surprising ties to the United States government. The dark web represents a portion of the internet not indexed by traditional search engines, accessible only through specialized software such as the Tor Browser, short for The Onion Router. Unlike familiar domains ending in .com or .org, dark web addresses end in .onion, reflecting the layered encryption process that protects user anonymity. 

Tor, which was released to the public as an open-source project in October 2002, routes internet traffic through a series of volunteer-operated servers. This “onion” layering ensures that each relay only knows the previous and next step in the chain, but not the entire route, thus preserving the privacy of users. Interestingly, the dark web’s creation is linked to the U.S. Naval Research Laboratory in the mid-1990s. It was initially designed to secure online communications for U.S. intelligence agencies and military personnel, enabling them to transmit confidential information without revealing their identities or locations. 

Despite its government origins, the dark web has since evolved into a diverse ecosystem. While it is true that it harbors illegal marketplaces for drugs, stolen data, and other contraband, it also serves as a crucial tool for privacy advocates and journalists. Platforms like WikiLeaks and other whistleblowing sites use the dark web to share sensitive information without risking exposure. The U.S. government’s presence on the dark web remains strong, often employing the very technology it helped create to monitor criminal activities. Law enforcement agencies frequently set up “honeypots” – fake websites designed to catch criminals in the act. 

The closure of notorious drug markets like Silk Road and the arrest of its founder, Ross Ulbricht, in 2013, marked a significant victory for these operations. However, as one site is taken down, others often emerge to take its place, illustrating the persistent cat-and-mouse game between authorities and cybercriminals. However, the dark web’s reputation as a lawless zone is somewhat exaggerated. For many, it is a vital tool for escaping censorship and surveillance. In countries like Russia and China, where internet access is heavily restricted, the dark web offers a means to access banned information and communicate freely. 

Even mainstream entities like Facebook and The New York Times maintain dark web versions of their sites to ensure global accessibility. Despite its dark reputation, the dark web is not inherently illegal. In fact, it plays a crucial role in protecting online privacy and freedom. While criminals have exploited its anonymity, it also empowers individuals in repressive regimes to speak out against injustice, report on human rights abuses, and share critical information with the world. As cyber threats continue to evolve, so too does the dark web. 

It remains a double-edged sword – a refuge for both the world’s worst actors and its most vulnerable. Understanding its complexities and the balance between privacy and security is essential as the digital landscape continues to expand.
Read more »
User Priavcy
Advanced Technology Cellphone track Data Breach T-Mobile User Priavcy

User Privacy Threats Around T-Mobile's 'Profiling and Automated Decisions'

In today's digital age, it is no secret that our phones are constantly tracking our whereabouts. GPS satellites and cell towers work together to pinpoint our locations, while apps on our devices frequently ping the cell network for updates on where we are. While this might sound invasive (and sometimes it is), we often accept it as the norm for the sake of convenience—after all, it is how our maps give us accurate directions and how some apps offer personalized recommendations based on our location. 

T-Mobile, one of the big cellphone companies, recently started something new called "profiling and automated decisions." Basically, this means they are tracking your phone activity in a more detailed way. It was noticed by people on Reddit and reported by The Mobile Report. 

T-Mobile says they are not using this info right now, but they might in the future. They say it could affect important stuff related to you, like legal decisions. 

So, what does this mean for you? 

Your phone activity is being tracked more closely, even if you did not know it. And while T-Mobile is not doing anything with that info yet, it could impact you with your information in future. However, like other applications, T-Mobile also offers varied privacy options, so it is important to learn before using the application. 

Let's Understand T-Mobile's Privacy Options 


T-Mobile offers various privacy options through its Privacy Center, accessible via your T-Mobile account. Here is a breakdown of what you can find there: 

  • Data Sharing for Public and Scientific Research: Opting in allows T-Mobile to utilize your data for research endeavours, such as aiding pandemic responses. Your information is anonymized to protect your privacy, encompassing location, demographic, and usage data. 
  • Analytics and Reporting: T-Mobile gathers data from your device, including app usage and demographic details, to generate aggregated reports. These reports do not pinpoint individuals but serve business and marketing purposes. 
  • Advertising Preferences: This feature enables T-Mobile to tailor ads based on your app usage, location, and demographic information. While disabling this won't eliminate ads, it may decrease their relevance to you. 
  • Product Development: T-Mobile may utilize your personal data, such as precise location and app usage, to enhance advertising effectiveness. 
  • Profiling and Automated Decisions: A novel option, this permits T-Mobile to analyze your data to forecast aspects of your life, such as preferences and behaviour. Although not actively utilized currently, it is enabled by default. 
  • "Do Not Sell or Share My Personal Information": Choosing this prevents T-Mobile from selling or sharing your data with external companies. However, some data may still be shared with service providers. 

However, the introduction of the "profiling and automated decisions” tracking feature highlights the ongoing struggle between technological progress and the right to personal privacy. With smartphones becoming essential tools in our everyday routines, the gathering and use of personal information by telecom companies have come under intense examination. The debate over the "profiling and automated decisions" attribute serves as a clear indication of the necessity for strong data privacy laws and the obligation of companies to safeguard user data in our ever-increasingly interconnected society.
Read more »
User Priavcy
Australian Data Breach Digital Age FBI Malicious actor Online Library Sensitive data User Priavcy

Cybersecurity Breach Shakes Sydney's Woollahra Council Libraries

Sydney's Woollahra Council Libraries were the target of a cyberattack that sent shockwaves across the community, demonstrating how susceptible information is in the digital age. Concerns regarding protecting personal data and the possible repercussions of such breaches have been raised in response to the occurrence, which was covered by several news sources.

The attack, which targeted libraries in Double Bay, Paddington, and Watsons Bay, has left thousands affected, with the possibility of personal information being stolen. The breach has underscored the importance of robust cybersecurity measures, especially for institutions that store sensitive data.

Woollahra Council has not disclosed the nature of the information compromised, but the potential risks to affected individuals are substantial. Cybersecurity experts are emphasizing the need for swift and comprehensive responses to mitigate the fallout from such breaches. As investigations unfold, users are advised to remain vigilant and monitor their accounts for suspicious activity.

This incident is a stark reminder that cybersecurity is an ongoing challenge for organizations across the globe. As technology advances, so do the methods employed by malicious actors seeking to exploit vulnerabilities. In the words of cybersecurity expert Bruce Schneier, "The user's going to pick dancing pigs over security every time." This emphasizes the delicate balance between user experience and safeguarding sensitive information.

The attack on Woollahra Council Libraries adds to the growing list of cyber threats institutions worldwide face. It joins a series of high-profile incidents that have targeted government agencies, businesses, and educational institutions. The consequences of such breaches extend beyond the immediate loss of data; they erode public trust and raise questions about the effectiveness of existing cybersecurity protocols.

In response to the incident, the Woollahra Council has assured the public that it is working diligently to address the issue and enhance its cybersecurity infrastructure. This event serves as a call to action for organizations to prioritize cybersecurity measures, invest in cutting-edge technologies, and educate users on best practices for online security.

The Sydney incident serves as a timely warning for people and businesses to stay vigilant in the face of emerging cyber dangers, even as the investigation is ongoing. Former FBI director Robert Mueller once said, "There are only two types of companies: those that have been hacked and those that will be hacked." Proactive steps are essential to reduce the effects of these breaches and safeguard everyone's access to the digital world.
Read more »
User Priavcy
AI Chatbot AI Tool CIA CISA & FBI Cyber Security NSA Open Source Software Spies US-China USA officials User Priavcy

CIA's AI Chatbot: A New Tool for Intelligence Gathering

The Central Intelligence Agency (CIA) is building its own AI chatbot, similar to ChatGPT. The program, which is still under development, is designed to help US spies more easily sift through ever-growing troves of information.

The chatbot will be trained on publicly available data, including news articles, social media posts, and government documents. It will then be able to answer questions from analysts, providing them with summaries of information and sources to support its claims.

According to Randy Nixon, the director of the CIA's Open Source Enterprise division, the chatbot will be a 'powerful tool' for intelligence gathering. "It will allow us to quickly and easily identify patterns and trends in the data that we collect," he said. "This will help us to better understand the world around us and to identify potential threats."

The CIA's AI chatbot is part of a broader trend of intelligence agencies using AI to improve their operations. Other agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), are also developing AI tools to help them with tasks such as data analysis and threat detection.

The use of AI by intelligence agencies raises several concerns, including the potential for bias and abuse. However, proponents of AI argue that it can help agencies to be more efficient and effective in their work.

"AI is a powerful tool that can be used for good or for bad," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "It's important for intelligence agencies to use AI responsibly and to be transparent about how they are using it."

Here are some specific ways that the CIA's AI chatbot could be used:

  • To identify and verify information: The chatbot could be used to scan through large amounts of data to identify potential threats or intelligence leads. It could also be used to verify the accuracy of information that is already known.
  • To generate insights from data: The chatbot could be used to identify patterns and trends in data that may not be apparent to human analysts. This could help analysts to better understand the world around them and to identify potential threats.
  • To automate tasks: The chatbot could be used to automate tasks such as data collection, analysis, and reporting. This could free up analysts to focus on more complex and strategic work.

The CIA's AI chatbot is still in its early stages of development, but it has the potential to revolutionize the way that intelligence agencies operate. If successful, the chatbot could help agencies to be more efficient, effective, and responsive to emerging threats.

However, it is important to note that the use of AI by intelligence agencies also raises several concerns. For example, there is a risk that AI systems could be biased or inaccurate. Additionally, there is a concern that AI could be used to violate people's privacy or to develop autonomous weapons systems.

It is important for intelligence agencies to be transparent about how they are using AI and to take steps to mitigate the risks associated with its use. The CIA has said that its AI chatbot will follow US privacy laws and that it will not be used to develop autonomous weapons systems.

The CIA's AI chatbot is a remarkable advancement that might have a substantial effect on how intelligence services conduct their business. To make sure that intelligence services are using AI properly and ethically, it is crucial to closely monitor its use.

Read more »
User Priavcy
API Data Leak Financial Data Mobile Security Payment Faud User Priavcy

Countering Financial Data Leak in the Era of Digital Payments

 

Over the past five years, there has been a huge surge in the usage of financial services technologies and with that, the risk of a financial data breach has also increased. Multiple financial services technologies use screen scraping to access the private banking data of consumers.

 Screen scraping is a technology by which a customer provides its banking app login credentials to a third-party provider (TTP). The TTP then sends a software robot to the bank’s app or website to log in on behalf of the user and access data.

“The way consumers traditionally connect to their bank accounts is facilitated through screen scraping, where providers require internet banking login information,” explained Joe Pettersson, Chief Technology Officer at Banked. 

One safer alternative to screen scraping is APIs, which let two systems work together. Here are the three benefits of using API: 

Easier for developers 

APIs come with inbuilt documentation, which helps developers code between two systems with a common language. So, they don’t have to learn the details of a full fraud prevention engine’s code, they only need to look at the documentation to understand exactly how quickly they can access certain functions. Once again, this saves time and effort for the whole IT team and helps in making the fraud system more cost-effective. 

Good for Scaling

 Regardless of how efficient a person is, there’s simply no way to review all the user data manually. This is where APIs play an important role by offering fast queries and responses for hundreds of thousands of user logins, transactions, or signups. 

Automates everything 

Because APIs are linked to web apps, there’s no need to regularly tweak them or wait for IT updates. All the fixes and improvements are made from the server side, so individuals can focus on their business instead. It’s not only cheaper in terms of IT resources, but also much more efficient and faster.

Conclusion 

To mitigate fraud risk, propagating knowledge and awareness of new payment technologies, channels, and products, and the risks involved — to both customers and employees — is a crucial part of a fraud prevention strategy. Embedding the fraud management process into overall customer engagement and experience should be the first step forward.
Read more »
User Priavcy
Cyber Security MFA Microsoft Azure Multi-factor authentication Outlook User Priavcy

Microsoft Now Permits IT Administrators to Evaluate and Deactivate Inactive Azure AD users

 

Azure Active Directory has received a handful of security updates from Microsoft. In preview, the business has unveiled a new access reviews tool that allows enterprises to delete inactive user accounts which may pose a security concern. Users who created the new Azure AD tenant after October 2019 received security defaults, however, customers who built Azure AD tenants before October 2019 did not receive security defaults. 

According to Microsoft, the Azure AD security defaults are utilized by around 30 million companies today, and the defaults will be rolled out to many more organizations, resulting in the settings protecting 60 million more accounts. IT admins could now terminate Azure AD accounts that haven't signed in for a certain number of days. 

The Azure Active Directory Identity Governance service now includes the new access review feature. It's useful for companies who don't want contractors or former employees to have access to sensitive data. Azure Active Directory (Azure AD) is a Microsoft cloud service that manages identification and authentication for on-premise and cloud applications. In Windows 2000, it was the advancement of Active Directory Domain Services. 

"The term "sign-in activity" refers to both interactive and non-interactive sign-in activities. Stale accounts may be automatically removed during the screening process. As a result, your company's security posture increases," Microsoft explained. 

According to Alex Weinert, Microsoft's director of identity security, the defaults were implemented for new tenants to ensure that they had "minimum security hygiene," including multi-factor authentication (MFA) and contemporary authentication, independent of the license. He points out that the 30 million firms which have security defaults in place are significantly less vulnerable to intrusions.

This month, Microsoft will send an email to all global admins of qualified Azure AD tenants informing them of security settings. These administrators will receive an Outlook notification from Microsoft in late June, instructing them to "activate security defaults" and warning of "security defaults will be enforced automatically for respective businesses in 14 days." All users in a tenant will be required to register for MFA using the Microsoft Authenticator app after it has been activated. A phone number is also required of global administrators.
Read more »
User Security
Android Trojans Mobile Security User Credentials User Priavcy User Security

Android Trojan Spotted in Multiple Applications on Google Play Harvesting User Credentials

 

Cybersecurity researchers at Dr. Web monitoring the mobile app ecosystem have spotted a major tip in trojan infiltration on the Google Play Store, with one of the applications having over 500,000 installations and available to download. 

The majority of these applications belong to a family of trojan malware used in a variety of scams, resulting in money losses as well as the theft of sensitive private details. Additionally, a new Android trojan called ‘Android.Spy.4498’ designed as a WhatsApp mod has been discovered in the wild. The trojan is spreading via malicious websites promoted by social media posts, forums, and SEO poisoning.

According to Dr. Web's report published in January 2022, the ‘Android.Spy.4498’ was identified in some of the unofficial WhatsApp applications (mods) named GBWhatsApp, OBWhatsApp, or WhatsApp Plus. These mods provide Arabic language support, home screen widgets, separate bottom bar, hide status options, call blocking, and the ability to auto-save received media. These mods are popular in the online communities because they offer additional features not available in the vanilla WhatsApp.

The Trojan is also capable of downloading apps and offering users to install them in order to display dialog boxes with the content it receives from malicious actors. During the attack, Android.Spy.4498 requests access to manage notifications and read their content. 

Additionally, the threats identified on the Play Store include cryptocurrency management applications, social benefit aid tools, Gasprom investment clones, photo editors, and a launcher themed after iOS 15. The majority of fake investment apps trick the victims to design a new account and deposit money supposedly for trading, which is simply transferred to the fraudster’s bank account. Other apps attempt to trick the user into signing up for expensive subscriptions. 

The user reviews under the app describe tactics that resemble subscription scams, charging $2 per week for verification or ad removals, yet offering nothing in return. As the report details, apps discovered by security analysts will load affiliate service sites and enable paid subscriptions through the Wap Click technology after tricking the user into entering their phone number.  

To mitigate the risks, researchers advised installing the apps from trustworthy sources, checking user reviews, scrutinizing permission requests upon installation, and monitoring battery and internet data consumption afterward. Also, to monitor the status of Google Play Protect regularly and add a second layer of protection by using a mobile security tool from a reputable vendor.
Read more »
Subscribe to: Posts (Atom)