Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Cyber Security Data Brokers Data Sale Private Data User Privacy

Here's How to Safeguard Your Data From Data Brokers

 

Privacy concerns have grown as more of our private data is being gathered online. We share intimate details with just a few clicks. The majority of people, however, are ignorant of how extensively their data is shared. 

Behind the scenes, there is a whole data broker industry that makes money off of our digital traces. Businesses or individuals known as data brokers gather and resell personal data, such as phone numbers and online surfing behaviour. In this piece, we'll look at how data brokers work and some important steps we can take to safeguard our personal data. 

Data collection 

Data brokers collect data from a variety of public and commercial sources. They can simply gather data from websites and applications without your knowledge by paying app developers to embed SDKs (software development kits) in their apps. The data broker's SDKs can then record the various rights provided to apps, such as access to contacts and location. They can even pay app owners directly for the information rather than installing the software kits. 

Another source of data include public records, such as voter registration, birth certificates, marriage licenses, census data, and divorce records. The Internet is also a valuable source of information. The Internet is also a valuable source of information. Data brokers can acquire personal information from things like social media postings or interactions, online quizzes, virtual contests, or websites browsed. 

Data usage 

Customer data is utilised in a variety of ways, including targeting online adverts based on purchase history to make them more relevant. Data brokers may tell advertisers what brands a person has purchased and when they may require more, enabling timed adverts. Customer data is also used to detect fraud, such as cross-referencing loan applications with background information obtained from data brokers. 

This allows lenders to validate facts such as income and debts mentioned. Loan and insurance businesses purchase data to view a person's debts, loans, payments, income, employment history, and assets. People search sites also rely on data brokers to display names, addresses, ages, and other information when consumers search for someone. 

Privacy tips 

Numerous reputable firms can assist you in removing your information from data broker websites. They search the internet for your information on sites such as data brokers and search engines, and then make requests to have it removed. Make sure you select the correct service provider and read through user reviews. Reliable organisations, such as DeleteMe, are supported by real testimonials; you can read DeleteMe reviews here.

You should also limit what you post online. Share only the essential information, and avoid disclosing sensitive information such as your address and phone number. You can also use VPNs and encrypted browsers. A VPN conceals your IP address and encrypts your connection, avoiding internet tracking that brokers rely on. Secure browsers disable trackers and fingerprints, ensuring that your activity is not traced to you.

Additionally, consider deleting unused and online apps. Be aware of the privacy settings on your devices, apps, and social media profiles, and make sure they are set to maximum privacy. Avoid consenting to privacy policies or terms of service without thoroughly reading them, particularly the fine print.
Read more »
User Privacy
Amazon Web Services Christmas Scam Cyber Fraud Data Leak US Citizens User Privacy

Massive Data Breach Puts Millions at Risk During Christmas Season

 

As the Christmas season approaches, millions of U.S. citizens could face a potential holiday nightmare after a major data breach exposed 5 million unique credit and debit card details online. The leak threatens to compromise countless transactions during the festive shopping spree.

Security experts from Leakd.com revealed that 5 gigabytes of private screenshots were found in an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services. These screenshots depict unsuspecting consumers entering sensitive data into fraudulent promotional forms, lured by offers that seem "too good to be true," such as free iPhones or heavily discounted holiday products.

The scam operates by enticing consumers with exclusive holiday gifts or significant discounts, requiring them to make a small payment or subscription to claim the offer. These offers often include a countdown timer to create a sense of urgency, pressuring individuals to act quickly without scrutinizing the details.

However, the promised items never arrive. Instead, the fraudsters steal sensitive data and store it on an unsecured server, where it can be accessed by anyone. This poses a heightened risk during the holiday season when shoppers are more vulnerable due to increased spending, making it easier for malicious actors to carry out unauthorized transactions unnoticed.

What to Do If You’re Affected

If you recently filled out a form promising an unbelievable offer, there’s a strong chance your privacy may have been compromised. Here’s what you should do:

  • Contact Your Bank: Inform your bank immediately and request a card replacement to prevent unauthorized transactions.
  • Monitor Bank Statements: Keep a close eye on your statements for any suspicious transactions. Report anything you don’t recognize.
  • Dispute Fraudulent Charges: If you notice unauthorized charges, contact your bank to dispute them and explore options for reimbursement.

The Growing Threat of Christmas Scams

Unfortunately, credit card theft isn’t the only scam cybercriminals are leveraging this holiday season. Security researchers have reported an increase in text-based scams impersonating delivery services. These scams target online shoppers, exploiting the busy season to steal sensitive information or money.

Examples of such scams include fake delivery notifications requesting payment for a package and inks leading to phishing websites that steal personal or payment information.

How to Protect Yourself

To safeguard yourself during the holiday season:

  • Verify Offers: Avoid offers that seem too good to be true, especially those requiring personal or payment details.
  • Check Sender Legitimacy: Double-check emails or texts claiming to be from delivery companies. Visit the official website directly rather than clicking on links.
  • Enable Fraud Alerts: Activate alerts with your bank to be notified of any unusual transactions.
  • Educate Family Members: Warn loved ones about these scams, especially those who may be less tech-savvy.

The holiday season should be a time of joy, not stress caused by data breaches and scams. By staying vigilant and taking proactive measures, you can protect yourself and your finances from cybercriminals looking to exploit this festive time of year.

Read more »
User Privacy
AWS Credentials Data Breach Data Leak Data Sale User Privacy

Misconfigured AWS Cloud Instances Lead to Sensitive Data Breaches

 

Misconfigured cloud instances have once again enabled cybercriminals to steal sensitive data, including credentials, API keys, and proprietary source code. This time, numerous Amazon Web Services (AWS) users fell victim, highlighting a lack of understanding regarding the shared responsibility model in cloud infrastructure.

Discovery of Vulnerabilities

Independent security researchers Noam Rotem and Ran Loncar uncovered open flaws in public websites in August 2024. These flaws could be exploited to access sensitive customer data, infrastructure credentials, and proprietary source code.

Data Exploitation and Sale on Telegram

Further investigation revealed that French-speaking threat actors, potentially linked to hacker groups Nemesis and ShinyHunters, scanned "millions of websites" for vulnerabilities. By exploiting these flaws, they harvested an array of sensitive information, including:

  • AWS customer keys and secrets
  • Database credentials and data
  • Git repository data and source code
  • SMTP credentials for email sending
  • API keys for services like Twilio, Binance, and SendGrid
  • SSH credentials
  • Cryptocurrency-related keys and mnemonics
  • Other sensitive access data

The stolen data was sold via a private Telegram channel, reportedly earning "hundreds of euros per breach." Investigators noted that the perpetrators might need the funds for legal defense once apprehended.

Investigation and Response

Rotem and Loncar traced the incident to specific individuals and reported their findings to Israel's Cyber Directorate and AWS Security. The researchers stated: "Our investigation has identified the names and contact information of several individuals behind this incident. This could help in further actions against the perpetrators."

AWS promptly took action to mitigate risks and emphasized that the vulnerability stemmed from user-side misconfigurations rather than AWS systems: "The AWS Security team emphasized that this operation does not pose a security issue for AWS, but rather is on the customer side of the shared responsibility model – a statement we fully agree with," vpnMentor reported.

The Shared Responsibility Model

The shared responsibility model in cloud computing divides security responsibilities between the cloud service provider and the customer. AWS ensures the security of its infrastructure, while customers are responsible for securely configuring and managing their data and applications.

Irony in Misconfiguration

Ironically, the stolen data was discovered in an unprotected AWS S3 bucket—another misconfiguration. According to the researchers: "The data collected from the victims was stored in an S3 bucket, which was left open due to a misconfiguration by the owner. The S3 bucket was used as a 'shared disk' between the members of the attack group, based on the source code of the tools they used."

Lessons for Cloud Security

Cybersecurity experts emphasize that cloud misconfigurations remain a leading cause of data breaches. Organizations must take proactive steps to secure their cloud environments:

  • Implement strict access controls and regular audits of cloud configurations.
  • Use tools to detect misconfigurations and vulnerabilities in real-time.
  • Educate employees about the shared responsibility model and best practices for cloud security.

This incident underscores the critical need for customers to take their share of responsibility in safeguarding sensitive data and highlights the risks of negligence in cloud security practices.

Read more »
User Privacy
23andMe Data Breach Data Leak DNA Analysis Firm User Privacy

What’s Happening with 23andMe? Data Privacy and Uncertain Future

 

23andMe, a DNA analysis company, has been in turmoil lately. This September, the entire board of directors left due to differences with the CEO, and data was compromised in a 2023 hack.

Anne Wojcicki, the CEO, had previously stated that she was open to third-party acquisition ideas; however, she altered her stance this week. The company is not currently for sale, but nothing looks promising—and it's unclear what will happen to consumer data if the company fails.

Is 23andMe Data Being Sold?

So far, there has been no official indication on whether the company will be sold with or without its data. However, it is realistic to expect the company to be sold and the data to be inherited by the new owner. Something similar occurred when MyHeritage acquired Promethease, another DNA analysis company, in 2020.

Your data may already be shared with other parties. If you signed up for research projects through 23andMe, "de-identified" data about you (including genetic data) was most likely shared with research institutes and pharmaceutical firms. For example, 23andMe has a data licensing deal with GSK (formerly GlaxoSmithKline) to utilize the 23andMe database to "conduct drug target discovery and other research.”

This is not a hypothetical future scenario, but rather the existing state of the firm. These types of licensing agreements account for a significant portion of 23andMe's revenue—or plans to make money. Alternatively, they may have made money previously. They're not making much money these days.

How to Download Your Data and Delete Your Account

If you want to retain any of your data, start by logging into your account and going to your user settings page. There, you can also choose not to participate in studies. On the 23andMe Data card, click View.

To validate your identity, you’ll need to enter your date of birth. In theory, this is where you can download your data, but issues may arise. For instance, I have a 23andMe account, but I must have given the firm a false date of birth years ago. The page simply directs me to call Customer Care. This seems like a significant impediment, but here we are.

According to a Reddit user, Customer Care may request a copy of your ID for verification. This process could be problematic if you used a fake date of birth. Nonetheless, the company’s documentation indicates that if you can get past this step, you can download your data and cancel your subscription. Good luck!

Read more »
User Privacy
Google Mobile Security RCS Threat Landscape User Privacy

Here's Why You Need A New App After Google RCS Issue

 

Google Messages has suddenly gone haywire. After years of campaigning, the "seamless messaging" dream was finally realised, but it vanished as quickly as it arrived. Currently, the question is whether it has any prospect of ever returning. 

Like a slow-motion train crash, Google quickly appreciated Apple for its long-awaited adoption of RCS, but as soon as it went live, it was criticised for its awkward security flaw. Despite iMessage's constant praise of its end-to-end encryption, those green bubbles are still without it. 

Quick to react, Google and the GSMA said that end-to-end encryption for RCS is currently being developed. China comes along to ruin the fun, even though that might have won the day. Apple, Google, and other companies insist on end-to-end encryption since it appears that state-sponsored hackers have infiltrated US telco networks. 

Cross-platform RCS has suffered severely as a result of the FBI and CISA are now both cautioning the public to utilise encrypted platforms properly. There is no security when texting from an Android phone to an iPhone, as Samsung has warned customers. 

Google and the GSMA were quick to respond, promising that end-to-end encryption for RCS is in the works. But, although that might have won the day, China arrives to spoil the fun. It appears that state-sponsored hackers have broken into US telco networks, highlighting why Apple, Google, and others advocate for end-to-end encryption in the first place. With the FBI and CISA now warning citizens to use appropriately encrypted systems, cross-platform RCS has taken a significant knock. Even Samsung has advised consumers that texting from Android to iPhone is not secure. 

Apple has never denied that iMessage is only secure within its own walled garden. Google, not Apple, pushed for cross-platform RCS. When it finally arrived with iOS 18, Google sent out public messages about non-blurry images and other new capabilities, whereas Apple said little, if anything at all. 

So now it's up to Google Messages to pick up the pieces of this security catastrophe and figure out what to do next. How quickly can RCS be beefed up to meet the "responsible encryption" standard specified by the US government officials? Given the official warnings, how do Google and Apple encourage consumers to send basic RCS/SMS texts? How quickly will network confidence get better? 

However, with timing being everything, the ultimate impediment to that RCS train could be Apple's upcoming iPhone update—iOS 18.2. To everyone's surprise, the iMaker has chosen to provide all of its users—not just those in controlled Europe—the ability to choose their default apps. For the first time, choose an over-the-top service like WhatsApp or Signal as your primary call and message provider. 

The 2024 RCS dream has suffered a setback, though whether it has been buried beneath the waters remains to be seen. What is evident is that this benefits Meta, which owns the world's largest end-to-end encrypted messaging systems, WhatsApp and Facebook Messenger, even if they are not "responsibly" encrypted, as defined by the FBI, which requires authorised access to content when necessary. 

Google Messages customers who use that platform to text friends, family, and colleagues will now require a new app. If you don't already have WhatsApp, Messenger, or Signal, you should download them right now. WhatsApp is the clear winner, striking the ideal combination between security, functionality, and scalability. Many of the people you communicate with will already have the app installed.

In keeping with the security theme, you must take two steps to guarantee the integrity of end-to-end encryption. Start by correctly configuring WhatsApp (or a substitute). This includes passkeys when they are available and two-factor authentication. Second, make sure you avoid taking any chances when installing apps, downloading files, or clicking links. It's as if you haven't secured your stuff at all if an attacker uses malware to take over your phone or lures you into installing malicious software, regardless of the messenger you use. 

The irony for Google has continued with the announcement that Samsung is discontinuing RCS for millions of Galaxy users who are still using Samsung Messages and advising they migrate to Google Messages. The Galaxy maker told Verizon customers that "Samsung Messages will no longer support RCS after 1.6.2025." Switch to Google Messages to keep the more robust messaging you're accustomed to.”
Read more »
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
User Security
American Firm Data Breach Data Leak Hot Topic User Privacy User Security

Hot Topic Data Breach Exposes Private Data of 57 Million Users

 

Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music merchandise. 

The firm has approximately 640 stores in the United States and Canada, mostly in shopping malls, with a large customer base.

According to HIBP, the exposed information includes full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card data for Hot Topic, Box Lunch, and Torrid users. 

On October 21, 2024, a threat actor known as "Satanic" claimed responsibility for the security incident on BreachForum. The threat actor claims to have siphoned 350 million user records from Hot Topic and its subsidiaries, Box Lunch and Torrid. 

"Satanic" attempted to sell the database for $20,000 while also demanding a $100,000 ransom from Hot Topic to remove the ad from the forums. According to a HudsonRock report published on October 23, the intrusion could be the result of an information stealer malware infection that acquired credentials for Hot Topic's data unification service. 

While Hot Topic has stayed silent, and no notifications have been issued to potentially impacted users, data analytics firm Atlas Privacy revealed last week that the 730GB database impacts 54 million users. Atlas further highlighted that the collection contains 25 million credit card numbers encrypted with a poor cypher that can be easily broken by current computers. 

Although Atlas is not positive that the database belongs to Hot Topic, it did note that approximately half of all email addresses had not been seen in previous breaches, adding to the authenticity of the threat actor's claims. According to Altas, the hack appears to have occurred on October 19, with data ranging from 2011 until that date. 

The company has set up a website where Hot Topic consumers can see if their email address or phone number was compromised in the data breach. Meanwhile, the threat actor continues to offer the database, albeit for a lower cost of $4,000. Potentially impacted Hot Topic consumers should be wary of phishing attacks, keep track of their financial accounts for strange activity, and change their passwords on all platforms where they use the same credentials.
Read more »
User Privacy
Chrome Extension Manifest V3 Mobile Security Security flaw SquareX User Privacy

Chrome Extensions Continue to Pose a Threat, Even With Google's Manifest V3

 

Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies. 

Despite efforts to boost security, several of these extensions have found ways to exploit vulnerabilities in Google's latest extension framework, Manifest V3 (MV3). SquareX's recent research explained how these rogue extensions can continue to evade crucial security protections, exposing millions of users to risks such as data theft, malware, and unauthorised access to sensitive information. 

Google has always had troubles with Chrome addons. In June 2023, the company had to manually remove 32 vulnerable extensions that had been installed 72 million times before being removed. 

Google's previous extension framework, Manifest Version 2 (MV2), was notoriously unstable. It frequently granted excessive rights to extensions and allowed scripts to be introduced without user knowledge, making it less complicated for cybercriminals to steal data, access sensitive information, and install malware.

In response, Google launched Manifest V3, which intended to improve security by limiting permissions and requiring extensions to declare their scripts in advance. While MV3 was supposed to address the vulnerabilities found in MV2, SquareX's study indicates that it falls short in important areas. 

Malicious extensions built on MV3 can still circumvent security measures and grab live video streams from collaboration services such as Google Meet and Zoom Web without requiring specific permission. They can even add unauthorised contributors to private GitHub repositories and send users to phishing pages masquerading as password managers. 

Furthermore, these malicious extensions, like their MV2 counterparts, can access browser history, cookies, bookmarks, and download history by displaying a fake software update pop-up that dupes users into downloading the malware. 

Once the malicious extension is installed, individuals and businesses are unable to notice its activity, leaving them vulnerable. Endpoint protection, Secure Access Service Edge (SASE), and Secure Web Gateways (SWG) are examples of security solutions that cannot dynamically assess potential risks in browser extensions. 

SquareX has created a number of solutions targeted at enhancing browser extension security in order to address these issues. Their strategy includes customised rules that let administrators choose which extensions to accept or ban depending on user ratings, reviews, update history, and extension permissions.

This system can prevent network requests from extensions in real time using policies, machine learning insights, and heuristic analysis. Additionally, SquareX is experimenting with dynamic analysis of Chrome extensions using a customised Chromium browser on its cloud server, which will provide greater insights into the behaviour of potentially malicious extensions.
Read more »
User Privacy
Data Laws Data Privacy Digital Rights Privacy User Data User Privacy

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Data Privacy and State Access

Russia's Ministry of Digital Development, Communications, and Mass Media has introduced a draft decree specifying the conditions under which authorities can access staff and customer data from businesses operating in Russia, according to Forbes.

The decree would authorize authorities to demand anonymized personal data of customers and employees from businesses in order to protect the population during emergencies, prevent terrorism, and control the spread of infectious diseases, as well as for economic and social research purposes.

The Proposed Decree

Expected to take effect in September 2025, this draft decree follows amendments to the law On Personal Data, adopted on August 8. This law established a State Information System, requiring businesses and state agencies to upload the personal data of their staff and customers upon request.

The Big Data Association, a nonprofit that includes major Russian companies like Yandex, VK, and Gazprombank, has expressed concerns that the draft decree would permit authorities to request personal data from businesses "for virtually any reason." They warned that this could create legal uncertainties and impose excessive regulatory burdens on companies processing personal data, affecting nearly all businesses and organizations.

Global Context: A Tightrope Walk

Russia is not alone in its quest for greater access to personal data. Countries around the world are grappling with similar issues. For instance, the United States has its own set of laws and regulations under the Patriot Act and subsequent legislation that allows the government to access personal data under certain conditions. Similarly, the European Union’s General Data Protection Regulation (GDPR) provides a framework for data access while aiming to protect individual privacy.

Each country’s approach reflects its unique political, social, and cultural context. However, the core issue remains: finding the right balance between state access and individual privacy.

Ethical and Social Implications

The debate over state access to personal data is not purely legal or political; it is deeply ethical and social. Enhanced state access can lead to improved public safety and national security. For example, during a health crisis like the COVID-19 pandemic, having access to personal data can help in effective contact tracing and monitoring the spread of the virus.
Read more »
User Security
Cyber Attacks Infostealer Malvertising Campaign User Privacy User Security

Malvertising Campaign Hijacks Facebook Accounts to Propagate SYS01stealer

 

A new malvertising effort is using Meta's advertising network to disseminate the SYS01 infostealer, a cybersecurity issue known to Meta and specifically Facebook users for collecting personal information. 

What distinguishes this attack is that it targets millions of people worldwide, primarily men aged 45 and up. It successfully disguises itself as advertisements for popular software, games, and online services. This campaign, discovered in September 2024, stands out for its imitation tactics and the popular brands it exploits. 

Instead of zeroing in on a single lure, the perpetrators impersonate a wide range of well-known brands, including productivity tools like Office 365, creative software like Canva and Adobe Photoshop, VPN services like ExpressVPN, streaming platforms like Netflix, messaging apps like Telegram, and even popular video games like Super Mario Bros Wonder. 

Modus operandi 

According to Bitdefender's blog article, malicious adverts frequently lead to MediaFire links that offer direct downloads of seemingly legitimate software. These zip-archived downloads contain a malicious Electron program. 

When executed, this application drops and runs the SYS01 infostealer, frequently while presenting a fake app that replicates the advertised software. This deceitful strategy makes it harder for victims to recognise that they have been compromised. 

An Electron application is a desktop software that uses web technologies such as HTML, CSS, and JavaScript. Electron is an open-source framework built by GitHub that enables developers to build cross-platform programs that run on Windows, macOS, and Linux using a single codebase. 

However, in this attack, the Electron app employs obfuscated Javascript code and a standalone 7zip application to extract a password-protected archive containing the core malware components. This bundle contains PHP scripts used to install the infostealer and establish persistence on the victim's PC. The malware also includes anti-sandbox tests to circumvent detection by security experts. 

The primary goal of the SYS01 infostealer is to acquire Facebook credentials, particularly those associated with business accounts. These compromised accounts are then used in subsequent assaults or frauds. 

What's worse, the assault takes advantage of the hijacked accounts' advertising capabilities, allowing attackers to produce new malicious ads that appear more authentic and easily evade security filters. This sets up a self-sustaining loop in which stolen accounts are used to propagate the malware even further. The stolen credentials are likely to be sold on underground marketplaces, enriching the crooks even more.
Read more »
Webflow
Crypto Wallet Cyber Fraud Phishing Site User Privacy Webflow

Webflow Sites Employed to Trick Users Into Sharing Login Details

 

Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare. 

The malicious campaign targets login credentials for multiple corporate webmail services, Microsoft 365 login credentials, and sensitive data from cryptocurrency wallets like Coinbase, MetaMask, Phantom, Trezor, and Bitbuy.

According to the researchers, between April and September 2024, the number of visitors to Webflow-created phishing pages jumped tenfold, and the attacks targeted over 120 organisations worldwide. The majority of the people targeted work in the banking, technology, and financial services industries in North America and Asia.

Attackers have utilised Webflow to create standalone phishing pages as well as to redirect unsuspecting users to additional phishing pages under their control. Because there are no phishing lines of code to write and identify, the former provides attackers with convenience and stealth, but the latter allows them to carry out more complex activities as required. 

Webflow is far more appealing than Cloudflare R2 or Microsoft Sway since it allows clients to create custom subdomains for free, as opposed to auto-generated random alphanumeric subdomains, which are likely to raise suspicion.

To increase the chances of success, phishing sites are designed to resemble the login pages of their legitimate counterparts. This method is used to deceive users into disclosing their credentials, which are subsequently at times exfiltrated to another server. 

Security experts have also discovered Webflow cryptocurrency phoney websites that use screenshots of genuine wallet homepages as their landing pages. When a visitor clicks anywhere on the fake website, they are taken to the real scam site. The final goal of a crypto-phishing campaign is to gain the victim's seed phrases, allowing the attackers to take over cryptocurrency wallets and pilfer funds. 

When users enter the recovery phrase in one of the assaults identified by the cybersecurity firm, they are presented with an error message saying that their account has been suspended due to "unauthorised activity and identification failure." Additionally, the message directs the user to start an online chat session on Tawk.to to contact their support personnel. 

It is worth noting that Avast's CryptoCore fraud operation exploited chat services such as LiveChat, Tawk.to, and Smartsupp. Instead of using search engines or clicking on other links, users should always enter the URL into their web browser to access important pages like their webmail or banking portal.
Read more »
User Privacy
BlackCat Change Healthcare Data Breach Medical Data User Privacy

UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

 

UnitedHealth has acknowledged for the first time that over 100 million people's personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. 

During a congressional hearing in May, UnitedHealth CEO Andrew Witty warned that the attack had exposed "maybe a third" of all Americans' medical data.

A month later, Change Healthcare issued a data breach notification, stating that the February ransomware assault had exposed a "substantial quantity of data" for a "substantial proportion of people in America.” 

Last week, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal increased the overall number of affected people to 100 million, marking the first time UnitedHealth, Change Healthcare's parent company, published an official number for the breach. 

Change Healthcare has sent out data breach alerts since June stating that a huge amount of sensitive information was stolen during the February ransomware assault, including: 

  • Health insurance information (including primary, secondary, or other health plans/policies, insurance firms, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); 
  • Health information (such as medical record numbers, providers, diagnoses, medications, test results, images, care, and therapy); 
  • Personal information may include billing, claims, and payment information, as well as Social Security numbers, driver's licenses, state ID numbers, and passport numbers.

The information may differ for each person, and not everyone's medical history was disclosed. 

Change healthcare breach 

This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages across the US healthcare system. 

The disruption to the company's IT systems prevented doctors and pharmacists from filing claims, as well as pharmacies from accepting discount prescription cards, forcing patients to pay full price for their drugs.

The attack was carried out by the BlackCat ransomware group, also known as ALPHV. They used stolen credentials to get access to the company's Citrix remote access service, which did not have multi-factor authentication activated. 

During the attack, threat actors took 6 TB of data and ultimately encrypted network devices, forcing the organisation to shut down IT infrastructure in order to prevent the attack from propagating further.

UnitedHealth Group acknowledged paying a ransom to get a decryptor and have the threat actors delete the stolen data. The alleged ransom payment was $22 million, according to the BlackCat ransomware subsidiary that carried out the attack.

This ransom payment was meant to be shared between the affiliate and the ransomware operation, but the BlackCat abruptly stopped down, taking the entire payment and committing an exit scam. 

However, this was not the end of Change Healthcare's issues, since the affiliate claimed to still have the company's data and did not delete it as agreed. The affiliate collaborated with a new ransomware operation known as RansomHub and began releasing some of the stolen data, demanding an additional payment for the data not to be leaked.

The Change Healthcare entry on RansomHub's data breach site inexplicably removed a few days later, suggesting that UnitedHealth paid a second ransom demand. 

UnitedHealth said in April that the Change Healthcare ransomware assault resulted in $872 million in losses, which were included in Q3 2024 earnings and are estimated to total $2.45 billion for the nine months ending September 30, 2024.
Read more »
User Privacy
Data Breach Data Leak UN Documents United Nations User Privacy

Over Thousand UN Documents Linked to Gender Equality Exposed Online

 

A database believed to belong to the United Nations Trust Fund to End Violence Against Women was uncovered unsecured online, containing financial records, bank accounts, staff details, victim testimonies, and other information. 

Jeremiah Fowler, a cybersecurity researcher, uncovered the database, which contained 228 GB of information, and reported it to vpnMentor. It lacked password protection, leaving the 115,141 files displayed unencrypted and accessible to anyone with an internet connection. 

While not confirmed, the database contained data that linked it to UN Women and the UN Trust Fund to End Violence Against Women, such as letters and documents addressed to the UN and stamped with UN insignia, with a specific reference to UN Women. 

Fowler discovered scanned passport documents and ID cards in the database, as well as specific details on staff roles such as names, job titles, salary information, and tax data. 

“There were also documents labelled as “victim success stories” or testimonies,” Fowler wrote in his report. “Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014.” 

It is unclear how long the database has been exposed, whether it is managed by the UN Women organisation or a third party, and whether anyone outside of the organisation has accessed it. 

Fowler outlines a number of hypothetical possibilities in which the data might be exploited, including convincing spear phishing attempts that employ customised documents to target vulnerable email accounts. The records might theoretically also be used by a threat actor to obtain a high-level grasp of the organisational and the financial framework of the company. 

The UN Women organisation has an undated scam notice on its website, although the page dates back at least to July 2022, with an update in July 2024 that includes an instruction to use the Quantum procurement verification portal. 

Fowler notified the UN Information Security team about the unprotected database, and received a response that stated, "The identified vulnerability does not belong to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN Women.”
Read more »
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
User Security
Data Breach Data Leak Data Sale IntelBroker User Privacy User Security

Cisco Investigates Data Breach After Hacker Claims Sale of Data

 

Cisco has acknowledged that it is investigating reports of a data breach after a hacker began offering allegedly stolen firm data for sale on a hacking platform. As per a report in a local media outlet, the investigation was launched following claims made by a well-known hacker identified as “IntelBroker.”

“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson stated. “We have launched an investigation to assess this claim, and our investigation is ongoing.” 

The allegations surfaced after IntelBroker claimed, along with two others designated as "EnergyWeaponUser" and "zjj," that they infiltrated Cisco's servers on June 10, 2024, and obtained a large amount of developer-related data.

IntelBroker's post on a hacking forum showed that the data would include "GitHub projects, GitLab projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco technology SRCs, Docker builds, Azure storage buckets, private and public keys, SSL certificates, Cisco premium products, and more." The hacker uploaded samples of a database, client information, multiple files, and screenshots of customer management interfaces. 

According to a recent update from IntelBroker, the breach also involves the theft of sensitive data from other major global companies such as Verizon, AT&T, and Microsoft. The stolen data is now allegedly being offered for sale on the cybercrime platform Breach Forums, with IntelBroker specifying that the transaction would take place in exchange for Monero (XMR), a cryptocurrency known for its anonymity properties. 

The hacker expressed a willingness to use an intermediary to facilitate the sale, assuring anonymity for both the buyer and seller. This technique is often used by hackers to evade detection by authorities. 

IntelBroker, which is known for high-profile data thefts, has already claimed responsibility for compromising other prominent firms. In June 2024, IntelBroker reported that they had infiltrated Apple, taking source code for internal tools, as well as Advanced Micro Devices (AMD), stealing employee and product information. In May 2024, IntelBroker claimed to have hacked Europol, which the organisation later confirmed.

IntelBroker did not provide any specific details on the techniques employed to acquire the data. The stolen data originated from a third-party managed services provider that specialises in software development and DevOps, according to sources knowledgeable with the breaches who spoke with BleepingComputer. It's still unclear if the earlier June incidents and the recent Cisco hack are linked.
Read more »
User Privacy
ACR Online Security Smart TV Technology User Privacy

Here's How to Stop Smart TV From Harvesting Your Personal Data

 

Watching television seems to be a benign pastime, but as all TVs become "smart" and link to the internet via your network, they will be able to track you as well. When you turn on a smart TV from LG, Samsung, or Sony, data is collected from the TV itself, as well as the operating system and apps. Then there are the gadgets you connect to your television, like Google's Chromecast, Apple TV, and Amazon's Fire Stick. 

A TV is now more than just a screen for entertainment; it's a two-way mirror that lets a network of data brokers and advertisers watch you in real time, stated Rowenna Fielding, director of data protection consultancy Miss IG Geek. “The purpose of this is to gather as much information as possible about your behaviour, interests, preferences and demographics so it can be monetised, mainly through targeted advertising.”

Your smart TV's data collection relies on the manufacturer, brand, and version. In theory, most smart TVs can gather audio, video, and TV usage data, according to Toby Lewis, global head of threat analysis at cybersecurity firm Darktrace. 

Voice activation is a function that has the ability to collect significant volumes of data. Microphones and software listen for instructions and can record conversations and other noises within range. These recordings can be sent to third parties for analysis. 

What does your TV do with the data?

There is no clear answer. According to Lewis, what is done with the data is complex and "highly opaque". When looking at what a smart TV does on the network, it is often unclear why certain data is being harvested and where it is being sent.

There isn't much distinction between television brands. Manufacturers claim to utilise your information for "personalisation" and content quality, although it is usual to sell anonymous or semi-anonymized data to third parties, advertising companies, or streaming services. 

“After the data has been sold, it is out of the manufacturer’s control,” Lewis explains. "It is often unclear what data exactly is being sent back, depending on the T&Cs and privacy settings, and it can be very difficult to change default settings once you have agreed to them.”

What is Automatic Content Recognition (ACR)? 

Automated content recognition (ACR) is one alarming feature to keep an eye out for. This feature, which is frequently enabled by default, uses analytical techniques to detect video and audio on the TV and compares it to a large database to determine what is playing. It's fairly disturbing stuff; ACR works on anything played on television, including DVDs, Blu-rays, CDs, and games.

Jake Moore, global cybersecurity adviser at security company ESET, explains that viewing data and habits are shared with manufacturers and eventually sold to advertisers in order to target you with adverts. When your TV is connected to your home router, data will include your IP address and position.

Lewis adds that ACR may theoretically be utilised for even more ominous profiling. "Data from facial recognition, sentiment analysis, speech-to-text, and content analysis could be gathered to build an in-depth picture of an individual user with the analytical technologies available." 

Lewis suggests that rather than comparing material to a catalogue of well-known films, ACR may theoretically be examined for factors like political stance, ethnicity, social status, and other characteristics that could be misused. 

Safety tips 

Smart TVs will gather data as long as they are connected to the internet, and it is impossible to prevent this from happening. In many cases, doing so is not in your best interests because it will interfere with your viewing experience; for example, Netflix's useful suggestions tool. 

However, there are several simple steps you may take to protect yourself from smart TV snooping. Turn off ACR in the settings, disable customisation, opt out of all advertising features, and hide or disable cameras and microphones. 

It's also vital to secure your router by changing the password and creating a guest network. You may increase security by opting out of online tracking when it's provided and installing software updates as soon as possible.
Read more »
User Privacy
iPhone Security flaw Security Update Technology User Privacy

Apple's Latest iPhone Update: Bad News for Millions of Google Users

 

If the latest reports are correct, Apple consumers have just over a fortnight to wait until the launch of iOS 18.1 and the belated arrival of Apple Intelligence, the flagship feature in the latest iOS release. Until then the most significant update is still RCS, the even more belated upgrade of stock SMS on iPhones. 

As security experts commented before, Apple’s RCS upgrade has a lot of security flaws—no end-to-end encryption is the key one, with its lack being a major step back, but there’s also patchy carrier adoption, no full iMessage integration, and no end in sight for those dreaded green bubbles.

But Google campaigned hard for years, cajoling Apple into making this move as its own Android Messages app lost ever more ground to WhatsApp and other over-the-tops, while Apple seemingly brushed away any concerns, with its critical US user base continuing to iMessage between themselves. 

And, while Google has teased Apple over their flawed RCS implementation, it has also made it clear how welcome this is. But there was always the chance that Google and its consumers would not see the equal playing field they desired, and that risk appears to be coming true. 

Android Authority recently claimed that "iPhone users are not as into RCS as their Android buddies would have liked." There are some clear barriers to better adoption, particularly carrier support. But the underlying issue is much simpler: WhatsApp. This long-awaited partial integration of iMessage and Google Messages has been so delayed that WhatsApp has effectively locked down every significant market outside of the United States (and China). 

With Apple's iMessage security being one of its main selling points, security and privacy have grown so central to the iPhone and its user base that an update that abandons all of that appears counter-intuitive in every sense. The fact that even Google is unable to view user content due to its extensive usage of end-to-end encryption throughout its own platform—which is akin to Apple's—makes this situation worse. However, all of that disappears when using cross-platform RCS texting.,
Read more »
Windows Defender
Data Leak Infostealer malware User Privacy User Security Windows Defender

New Yunit Infostealer Bypasses Windows Defender and Steals Sensitive Data

 

A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints.

CYFIRMA cybersecurity researchers have published a detailed investigation of the infostealer known as Yunit Stealer. Yunit Stealer employs JavaScript to include system utility and cryptography modules, enabling it to do activities such as system information retrieval, command execution, and HTTP queries. It persists on the target device by altering the registry, adding jobs via batch and VBScript, and, finally, by setting exclusions in Windows Defender.

When it comes to infostealing, Yunit is just as effective as any other malware. It can steal system information, browser data (passwords, cookies, autofill information, etc.), and bitcoin wallet information. In addition to passwords, it can keep credit card information that is kept in the browser. 

Once the malware has gathered all of the data it deems useful, it will attempt to exfiltrate it via Discord webhooks or into a Telegram channel. It will also upload it to a remote site and provide a download link for future use. The URL will also include screenshots, allowing the threat actor to access the information while remaining anonymous and evading discovery. Accessing data using encrypted communication channels is also beneficial.

The fact that the Telegram channel was only established on August 31, 2024, and that it only has 12 subscribers, according to CYFIRMA, serves as further evidence that Yunit is a fledgling infostealer that has not yet proven its mettle. As an alternative, the Discord account isn't operational right now. 

Prevention tips 

Keep your systems updated: Regularly updating your operating system and software can help defend against known vulnerabilities that Yunit Stealer could exploit. 

Use trustworthy antivirus software: While Yunit Stealer can disable some antivirus products, choosing a reputable and often updated security solution provides an extra degree of protection. 

Avoid dubious links and downloads. Phishing attacks are frequently the starting point for malware infections. Use caution while opening email attachments or clicking on unexpected URLs. 

Monitor your accounts: Check your online accounts on a regular basis for strange behaviour, particularly those that store sensitive data such as passwords and credit card information.
Read more »
Web
Browser Internet Mozilla Technology User Privacy User Tracking Web

Mozilla Privacy: Tracking Users Without Consent


The organization behind the privacy-centric Firefox browser, has come under fire for allegedly tracking users without their consent. This controversy centers around a feature called Privacy Preserving Attribution (PPA), which has sparked a heated debate about privacy, consent, and the future of online tracking.

The User Tracking Allegations

The European digital rights group NOYB (None Of Your Business) has filed a privacy complaint against Mozilla, claiming that the PPA feature in Firefox tracks users’ online behavior without their explicit consent. According to NOYB, this practice violates the EU’s General Data Protection Regulation (GDPR), which mandates that users must be informed and give consent before any tracking can occur.

What is Privacy Preserving Attribution?

Privacy Preserving Attribution is a method designed to measure the effectiveness of online advertisements without relying on invasive third-party cookies. Instead of allowing individual websites to track users, PPA shifts this responsibility to the browser itself. The idea is to provide advertisers with the data they need while protecting users’ privacy.

However, the implementation of PPA has raised significant concerns. Critics argue that by enabling this feature by default, Mozilla has effectively bypassed the need for user consent. This move has been seen as contradictory to Mozilla’s long-standing reputation as a champion of online privacy.

The GDPR Implications

The GDPR is one of the most stringent privacy regulations in the world, and it requires that any form of data processing must be transparent and consensual. NOYB’s complaint suggests that Mozilla’s PPA feature does not meet these criteria. If the complaint is upheld, Mozilla could face substantial fines and be forced to alter its approach to user tracking.

Mozilla’s Response

In response to the allegations, Mozilla has defended the PPA feature, stating that it is designed to balance the needs of advertisers with the privacy rights of users. Mozilla argues that PPA is a more privacy-friendly alternative to traditional tracking methods and that it does not collect any personally identifiable information.

Despite these assurances, the controversy has highlighted a broader issue within the tech industry: the tension between innovation and privacy. As companies strive to develop new technologies, they must also navigate the complex landscape of privacy regulations and user expectations.

Read more »
User Privacy
Auto Canada Cyber Attacks Data Leak data security User Privacy

Car Dealership Auto Canada Confirms Cyberattack, Alleged Data Leak

Car Dealership Auto Canada Confirms Cyberattack, Alleged Data Leak

Car dealership company Auto Canada warned that employee data might have been leaked in a ransomware attack claimed by the Hunters International ransomware group. In August 2024, the company suffered a company was hit by a cyber-attack. While Auto Canada hasn't reported any fraud campaigns directly impacting individuals, it has notified employees about the potential risks.

Earlier in August, the company was forced to shut down a few internal IT systems offline to limit a ransomware attack, which led to operational disruptions. Although the 66 dealerships continued business as usual, some customer service operations were disrupted causing delays.

Data Leaked?

Auto Canada didn't disclose any further information or updates, but the ransomware gang Hunters International claimed responsibility for the attack, posting the data on their portal.

The group leaked terabytes of data allegedly stolen from the car dealership- network storage images, confidential financial and HR documents, and databases. The released data includes employee records and executive details, sparking debates about the scale of the cyber-attack.

Auto Canada's Reply

Responding to the concerns, Auto Canada has published an FAQ page discussing about the cyber attack and details uncovered during the investigation. “Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response.” says the FAQ page. “We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada.”

The allegedly leaked data includes name, date of birth, address, social insurance number, payroll details, bank account info, and scans of government-issued I'd documents.

What Happens to Affected People?

For impacted individuals, Auto Canada has offered a three-year free-of-cost Identity theft protection and credit monitoring coverage via Equifax, the enrollment deadline is valid until January 31, 2025. Auto Car says the compromised systems were separated from the main network, compromised accounts were taken down, the encryption process was shut down, and resetting of all admin account passwords.

Despite the implemented measures, Auto Car can't provide a 100% guarantee of such incidents happening in the future. While the company acknowledges the attack, it has taken a few measures to prevent future incidents:

  • Conducting cybersecurity training for employees
  • Reviewing security policies
  • Implementing threat detection and incident response programs
  • Conducting regular security audits

Read more »
Subscribe to: Posts (Atom)