Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
User Security
American Firm Data Breach Data Leak Hot Topic User Privacy User Security

Hot Topic Data Breach Exposes Private Data of 57 Million Users

 

Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music merchandise. 

The firm has approximately 640 stores in the United States and Canada, mostly in shopping malls, with a large customer base.

According to HIBP, the exposed information includes full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card data for Hot Topic, Box Lunch, and Torrid users. 

On October 21, 2024, a threat actor known as "Satanic" claimed responsibility for the security incident on BreachForum. The threat actor claims to have siphoned 350 million user records from Hot Topic and its subsidiaries, Box Lunch and Torrid. 

"Satanic" attempted to sell the database for $20,000 while also demanding a $100,000 ransom from Hot Topic to remove the ad from the forums. According to a HudsonRock report published on October 23, the intrusion could be the result of an information stealer malware infection that acquired credentials for Hot Topic's data unification service. 

While Hot Topic has stayed silent, and no notifications have been issued to potentially impacted users, data analytics firm Atlas Privacy revealed last week that the 730GB database impacts 54 million users. Atlas further highlighted that the collection contains 25 million credit card numbers encrypted with a poor cypher that can be easily broken by current computers. 

Although Atlas is not positive that the database belongs to Hot Topic, it did note that approximately half of all email addresses had not been seen in previous breaches, adding to the authenticity of the threat actor's claims. According to Altas, the hack appears to have occurred on October 19, with data ranging from 2011 until that date. 

The company has set up a website where Hot Topic consumers can see if their email address or phone number was compromised in the data breach. Meanwhile, the threat actor continues to offer the database, albeit for a lower cost of $4,000. Potentially impacted Hot Topic consumers should be wary of phishing attacks, keep track of their financial accounts for strange activity, and change their passwords on all platforms where they use the same credentials.
Read more »
User Privacy
Chrome Extension Manifest V3 Mobile Security Security flaw SquareX User Privacy

Chrome Extensions Continue to Pose a Threat, Even With Google's Manifest V3

 

Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies. 

Despite efforts to boost security, several of these extensions have found ways to exploit vulnerabilities in Google's latest extension framework, Manifest V3 (MV3). SquareX's recent research explained how these rogue extensions can continue to evade crucial security protections, exposing millions of users to risks such as data theft, malware, and unauthorised access to sensitive information. 

Google has always had troubles with Chrome addons. In June 2023, the company had to manually remove 32 vulnerable extensions that had been installed 72 million times before being removed. 

Google's previous extension framework, Manifest Version 2 (MV2), was notoriously unstable. It frequently granted excessive rights to extensions and allowed scripts to be introduced without user knowledge, making it less complicated for cybercriminals to steal data, access sensitive information, and install malware.

In response, Google launched Manifest V3, which intended to improve security by limiting permissions and requiring extensions to declare their scripts in advance. While MV3 was supposed to address the vulnerabilities found in MV2, SquareX's study indicates that it falls short in important areas. 

Malicious extensions built on MV3 can still circumvent security measures and grab live video streams from collaboration services such as Google Meet and Zoom Web without requiring specific permission. They can even add unauthorised contributors to private GitHub repositories and send users to phishing pages masquerading as password managers. 

Furthermore, these malicious extensions, like their MV2 counterparts, can access browser history, cookies, bookmarks, and download history by displaying a fake software update pop-up that dupes users into downloading the malware. 

Once the malicious extension is installed, individuals and businesses are unable to notice its activity, leaving them vulnerable. Endpoint protection, Secure Access Service Edge (SASE), and Secure Web Gateways (SWG) are examples of security solutions that cannot dynamically assess potential risks in browser extensions. 

SquareX has created a number of solutions targeted at enhancing browser extension security in order to address these issues. Their strategy includes customised rules that let administrators choose which extensions to accept or ban depending on user ratings, reviews, update history, and extension permissions.

This system can prevent network requests from extensions in real time using policies, machine learning insights, and heuristic analysis. Additionally, SquareX is experimenting with dynamic analysis of Chrome extensions using a customised Chromium browser on its cloud server, which will provide greater insights into the behaviour of potentially malicious extensions.
Read more »
User Privacy
Data Laws Data Privacy Digital Rights Privacy User Data User Privacy

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Data Privacy and State Access

Russia's Ministry of Digital Development, Communications, and Mass Media has introduced a draft decree specifying the conditions under which authorities can access staff and customer data from businesses operating in Russia, according to Forbes.

The decree would authorize authorities to demand anonymized personal data of customers and employees from businesses in order to protect the population during emergencies, prevent terrorism, and control the spread of infectious diseases, as well as for economic and social research purposes.

The Proposed Decree

Expected to take effect in September 2025, this draft decree follows amendments to the law On Personal Data, adopted on August 8. This law established a State Information System, requiring businesses and state agencies to upload the personal data of their staff and customers upon request.

The Big Data Association, a nonprofit that includes major Russian companies like Yandex, VK, and Gazprombank, has expressed concerns that the draft decree would permit authorities to request personal data from businesses "for virtually any reason." They warned that this could create legal uncertainties and impose excessive regulatory burdens on companies processing personal data, affecting nearly all businesses and organizations.

Global Context: A Tightrope Walk

Russia is not alone in its quest for greater access to personal data. Countries around the world are grappling with similar issues. For instance, the United States has its own set of laws and regulations under the Patriot Act and subsequent legislation that allows the government to access personal data under certain conditions. Similarly, the European Union’s General Data Protection Regulation (GDPR) provides a framework for data access while aiming to protect individual privacy.

Each country’s approach reflects its unique political, social, and cultural context. However, the core issue remains: finding the right balance between state access and individual privacy.

Ethical and Social Implications

The debate over state access to personal data is not purely legal or political; it is deeply ethical and social. Enhanced state access can lead to improved public safety and national security. For example, during a health crisis like the COVID-19 pandemic, having access to personal data can help in effective contact tracing and monitoring the spread of the virus.
Read more »
User Security
Cyber Attacks Infostealer Malvertising Campaign User Privacy User Security

Malvertising Campaign Hijacks Facebook Accounts to Propagate SYS01stealer

 

A new malvertising effort is using Meta's advertising network to disseminate the SYS01 infostealer, a cybersecurity issue known to Meta and specifically Facebook users for collecting personal information. 

What distinguishes this attack is that it targets millions of people worldwide, primarily men aged 45 and up. It successfully disguises itself as advertisements for popular software, games, and online services. This campaign, discovered in September 2024, stands out for its imitation tactics and the popular brands it exploits. 

Instead of zeroing in on a single lure, the perpetrators impersonate a wide range of well-known brands, including productivity tools like Office 365, creative software like Canva and Adobe Photoshop, VPN services like ExpressVPN, streaming platforms like Netflix, messaging apps like Telegram, and even popular video games like Super Mario Bros Wonder. 

Modus operandi 

According to Bitdefender's blog article, malicious adverts frequently lead to MediaFire links that offer direct downloads of seemingly legitimate software. These zip-archived downloads contain a malicious Electron program. 

When executed, this application drops and runs the SYS01 infostealer, frequently while presenting a fake app that replicates the advertised software. This deceitful strategy makes it harder for victims to recognise that they have been compromised. 

An Electron application is a desktop software that uses web technologies such as HTML, CSS, and JavaScript. Electron is an open-source framework built by GitHub that enables developers to build cross-platform programs that run on Windows, macOS, and Linux using a single codebase. 

However, in this attack, the Electron app employs obfuscated Javascript code and a standalone 7zip application to extract a password-protected archive containing the core malware components. This bundle contains PHP scripts used to install the infostealer and establish persistence on the victim's PC. The malware also includes anti-sandbox tests to circumvent detection by security experts. 

The primary goal of the SYS01 infostealer is to acquire Facebook credentials, particularly those associated with business accounts. These compromised accounts are then used in subsequent assaults or frauds. 

What's worse, the assault takes advantage of the hijacked accounts' advertising capabilities, allowing attackers to produce new malicious ads that appear more authentic and easily evade security filters. This sets up a self-sustaining loop in which stolen accounts are used to propagate the malware even further. The stolen credentials are likely to be sold on underground marketplaces, enriching the crooks even more.
Read more »
Webflow
Crypto Wallet Cyber Fraud Phishing Site User Privacy Webflow

Webflow Sites Employed to Trick Users Into Sharing Login Details

 

Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare. 

The malicious campaign targets login credentials for multiple corporate webmail services, Microsoft 365 login credentials, and sensitive data from cryptocurrency wallets like Coinbase, MetaMask, Phantom, Trezor, and Bitbuy.

According to the researchers, between April and September 2024, the number of visitors to Webflow-created phishing pages jumped tenfold, and the attacks targeted over 120 organisations worldwide. The majority of the people targeted work in the banking, technology, and financial services industries in North America and Asia.

Attackers have utilised Webflow to create standalone phishing pages as well as to redirect unsuspecting users to additional phishing pages under their control. Because there are no phishing lines of code to write and identify, the former provides attackers with convenience and stealth, but the latter allows them to carry out more complex activities as required. 

Webflow is far more appealing than Cloudflare R2 or Microsoft Sway since it allows clients to create custom subdomains for free, as opposed to auto-generated random alphanumeric subdomains, which are likely to raise suspicion.

To increase the chances of success, phishing sites are designed to resemble the login pages of their legitimate counterparts. This method is used to deceive users into disclosing their credentials, which are subsequently at times exfiltrated to another server. 

Security experts have also discovered Webflow cryptocurrency phoney websites that use screenshots of genuine wallet homepages as their landing pages. When a visitor clicks anywhere on the fake website, they are taken to the real scam site. The final goal of a crypto-phishing campaign is to gain the victim's seed phrases, allowing the attackers to take over cryptocurrency wallets and pilfer funds. 

When users enter the recovery phrase in one of the assaults identified by the cybersecurity firm, they are presented with an error message saying that their account has been suspended due to "unauthorised activity and identification failure." Additionally, the message directs the user to start an online chat session on Tawk.to to contact their support personnel. 

It is worth noting that Avast's CryptoCore fraud operation exploited chat services such as LiveChat, Tawk.to, and Smartsupp. Instead of using search engines or clicking on other links, users should always enter the URL into their web browser to access important pages like their webmail or banking portal.
Read more »
User Privacy
BlackCat Change Healthcare Data Breach Medical Data User Privacy

UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

 

UnitedHealth has acknowledged for the first time that over 100 million people's personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. 

During a congressional hearing in May, UnitedHealth CEO Andrew Witty warned that the attack had exposed "maybe a third" of all Americans' medical data.

A month later, Change Healthcare issued a data breach notification, stating that the February ransomware assault had exposed a "substantial quantity of data" for a "substantial proportion of people in America.” 

Last week, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal increased the overall number of affected people to 100 million, marking the first time UnitedHealth, Change Healthcare's parent company, published an official number for the breach. 

Change Healthcare has sent out data breach alerts since June stating that a huge amount of sensitive information was stolen during the February ransomware assault, including: 

  • Health insurance information (including primary, secondary, or other health plans/policies, insurance firms, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); 
  • Health information (such as medical record numbers, providers, diagnoses, medications, test results, images, care, and therapy); 
  • Personal information may include billing, claims, and payment information, as well as Social Security numbers, driver's licenses, state ID numbers, and passport numbers.

The information may differ for each person, and not everyone's medical history was disclosed. 

Change healthcare breach 

This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages across the US healthcare system. 

The disruption to the company's IT systems prevented doctors and pharmacists from filing claims, as well as pharmacies from accepting discount prescription cards, forcing patients to pay full price for their drugs.

The attack was carried out by the BlackCat ransomware group, also known as ALPHV. They used stolen credentials to get access to the company's Citrix remote access service, which did not have multi-factor authentication activated. 

During the attack, threat actors took 6 TB of data and ultimately encrypted network devices, forcing the organisation to shut down IT infrastructure in order to prevent the attack from propagating further.

UnitedHealth Group acknowledged paying a ransom to get a decryptor and have the threat actors delete the stolen data. The alleged ransom payment was $22 million, according to the BlackCat ransomware subsidiary that carried out the attack.

This ransom payment was meant to be shared between the affiliate and the ransomware operation, but the BlackCat abruptly stopped down, taking the entire payment and committing an exit scam. 

However, this was not the end of Change Healthcare's issues, since the affiliate claimed to still have the company's data and did not delete it as agreed. The affiliate collaborated with a new ransomware operation known as RansomHub and began releasing some of the stolen data, demanding an additional payment for the data not to be leaked.

The Change Healthcare entry on RansomHub's data breach site inexplicably removed a few days later, suggesting that UnitedHealth paid a second ransom demand. 

UnitedHealth said in April that the Change Healthcare ransomware assault resulted in $872 million in losses, which were included in Q3 2024 earnings and are estimated to total $2.45 billion for the nine months ending September 30, 2024.
Read more »
User Privacy
Data Breach Data Leak UN Documents United Nations User Privacy

Over Thousand UN Documents Linked to Gender Equality Exposed Online

 

A database believed to belong to the United Nations Trust Fund to End Violence Against Women was uncovered unsecured online, containing financial records, bank accounts, staff details, victim testimonies, and other information. 

Jeremiah Fowler, a cybersecurity researcher, uncovered the database, which contained 228 GB of information, and reported it to vpnMentor. It lacked password protection, leaving the 115,141 files displayed unencrypted and accessible to anyone with an internet connection. 

While not confirmed, the database contained data that linked it to UN Women and the UN Trust Fund to End Violence Against Women, such as letters and documents addressed to the UN and stamped with UN insignia, with a specific reference to UN Women. 

Fowler discovered scanned passport documents and ID cards in the database, as well as specific details on staff roles such as names, job titles, salary information, and tax data. 

“There were also documents labelled as “victim success stories” or testimonies,” Fowler wrote in his report. “Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014.” 

It is unclear how long the database has been exposed, whether it is managed by the UN Women organisation or a third party, and whether anyone outside of the organisation has accessed it. 

Fowler outlines a number of hypothetical possibilities in which the data might be exploited, including convincing spear phishing attempts that employ customised documents to target vulnerable email accounts. The records might theoretically also be used by a threat actor to obtain a high-level grasp of the organisational and the financial framework of the company. 

The UN Women organisation has an undated scam notice on its website, although the page dates back at least to July 2022, with an update in July 2024 that includes an instruction to use the Quantum procurement verification portal. 

Fowler notified the UN Information Security team about the unprotected database, and received a response that stated, "The identified vulnerability does not belong to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN Women.”
Read more »
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
User Security
Data Breach Data Leak Data Sale IntelBroker User Privacy User Security

Cisco Investigates Data Breach After Hacker Claims Sale of Data

 

Cisco has acknowledged that it is investigating reports of a data breach after a hacker began offering allegedly stolen firm data for sale on a hacking platform. As per a report in a local media outlet, the investigation was launched following claims made by a well-known hacker identified as “IntelBroker.”

“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson stated. “We have launched an investigation to assess this claim, and our investigation is ongoing.” 

The allegations surfaced after IntelBroker claimed, along with two others designated as "EnergyWeaponUser" and "zjj," that they infiltrated Cisco's servers on June 10, 2024, and obtained a large amount of developer-related data.

IntelBroker's post on a hacking forum showed that the data would include "GitHub projects, GitLab projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco technology SRCs, Docker builds, Azure storage buckets, private and public keys, SSL certificates, Cisco premium products, and more." The hacker uploaded samples of a database, client information, multiple files, and screenshots of customer management interfaces. 

According to a recent update from IntelBroker, the breach also involves the theft of sensitive data from other major global companies such as Verizon, AT&T, and Microsoft. The stolen data is now allegedly being offered for sale on the cybercrime platform Breach Forums, with IntelBroker specifying that the transaction would take place in exchange for Monero (XMR), a cryptocurrency known for its anonymity properties. 

The hacker expressed a willingness to use an intermediary to facilitate the sale, assuring anonymity for both the buyer and seller. This technique is often used by hackers to evade detection by authorities. 

IntelBroker, which is known for high-profile data thefts, has already claimed responsibility for compromising other prominent firms. In June 2024, IntelBroker reported that they had infiltrated Apple, taking source code for internal tools, as well as Advanced Micro Devices (AMD), stealing employee and product information. In May 2024, IntelBroker claimed to have hacked Europol, which the organisation later confirmed.

IntelBroker did not provide any specific details on the techniques employed to acquire the data. The stolen data originated from a third-party managed services provider that specialises in software development and DevOps, according to sources knowledgeable with the breaches who spoke with BleepingComputer. It's still unclear if the earlier June incidents and the recent Cisco hack are linked.
Read more »
User Privacy
ACR Online Security Smart TV Technology User Privacy

Here's How to Stop Smart TV From Harvesting Your Personal Data

 

Watching television seems to be a benign pastime, but as all TVs become "smart" and link to the internet via your network, they will be able to track you as well. When you turn on a smart TV from LG, Samsung, or Sony, data is collected from the TV itself, as well as the operating system and apps. Then there are the gadgets you connect to your television, like Google's Chromecast, Apple TV, and Amazon's Fire Stick. 

A TV is now more than just a screen for entertainment; it's a two-way mirror that lets a network of data brokers and advertisers watch you in real time, stated Rowenna Fielding, director of data protection consultancy Miss IG Geek. “The purpose of this is to gather as much information as possible about your behaviour, interests, preferences and demographics so it can be monetised, mainly through targeted advertising.”

Your smart TV's data collection relies on the manufacturer, brand, and version. In theory, most smart TVs can gather audio, video, and TV usage data, according to Toby Lewis, global head of threat analysis at cybersecurity firm Darktrace. 

Voice activation is a function that has the ability to collect significant volumes of data. Microphones and software listen for instructions and can record conversations and other noises within range. These recordings can be sent to third parties for analysis. 

What does your TV do with the data?

There is no clear answer. According to Lewis, what is done with the data is complex and "highly opaque". When looking at what a smart TV does on the network, it is often unclear why certain data is being harvested and where it is being sent.

There isn't much distinction between television brands. Manufacturers claim to utilise your information for "personalisation" and content quality, although it is usual to sell anonymous or semi-anonymized data to third parties, advertising companies, or streaming services. 

“After the data has been sold, it is out of the manufacturer’s control,” Lewis explains. "It is often unclear what data exactly is being sent back, depending on the T&Cs and privacy settings, and it can be very difficult to change default settings once you have agreed to them.”

What is Automatic Content Recognition (ACR)? 

Automated content recognition (ACR) is one alarming feature to keep an eye out for. This feature, which is frequently enabled by default, uses analytical techniques to detect video and audio on the TV and compares it to a large database to determine what is playing. It's fairly disturbing stuff; ACR works on anything played on television, including DVDs, Blu-rays, CDs, and games.

Jake Moore, global cybersecurity adviser at security company ESET, explains that viewing data and habits are shared with manufacturers and eventually sold to advertisers in order to target you with adverts. When your TV is connected to your home router, data will include your IP address and position.

Lewis adds that ACR may theoretically be utilised for even more ominous profiling. "Data from facial recognition, sentiment analysis, speech-to-text, and content analysis could be gathered to build an in-depth picture of an individual user with the analytical technologies available." 

Lewis suggests that rather than comparing material to a catalogue of well-known films, ACR may theoretically be examined for factors like political stance, ethnicity, social status, and other characteristics that could be misused. 

Safety tips 

Smart TVs will gather data as long as they are connected to the internet, and it is impossible to prevent this from happening. In many cases, doing so is not in your best interests because it will interfere with your viewing experience; for example, Netflix's useful suggestions tool. 

However, there are several simple steps you may take to protect yourself from smart TV snooping. Turn off ACR in the settings, disable customisation, opt out of all advertising features, and hide or disable cameras and microphones. 

It's also vital to secure your router by changing the password and creating a guest network. You may increase security by opting out of online tracking when it's provided and installing software updates as soon as possible.
Read more »
User Privacy
iPhone Security flaw Security Update Technology User Privacy

Apple's Latest iPhone Update: Bad News for Millions of Google Users

 

If the latest reports are correct, Apple consumers have just over a fortnight to wait until the launch of iOS 18.1 and the belated arrival of Apple Intelligence, the flagship feature in the latest iOS release. Until then the most significant update is still RCS, the even more belated upgrade of stock SMS on iPhones. 

As security experts commented before, Apple’s RCS upgrade has a lot of security flaws—no end-to-end encryption is the key one, with its lack being a major step back, but there’s also patchy carrier adoption, no full iMessage integration, and no end in sight for those dreaded green bubbles.

But Google campaigned hard for years, cajoling Apple into making this move as its own Android Messages app lost ever more ground to WhatsApp and other over-the-tops, while Apple seemingly brushed away any concerns, with its critical US user base continuing to iMessage between themselves. 

And, while Google has teased Apple over their flawed RCS implementation, it has also made it clear how welcome this is. But there was always the chance that Google and its consumers would not see the equal playing field they desired, and that risk appears to be coming true. 

Android Authority recently claimed that "iPhone users are not as into RCS as their Android buddies would have liked." There are some clear barriers to better adoption, particularly carrier support. But the underlying issue is much simpler: WhatsApp. This long-awaited partial integration of iMessage and Google Messages has been so delayed that WhatsApp has effectively locked down every significant market outside of the United States (and China). 

With Apple's iMessage security being one of its main selling points, security and privacy have grown so central to the iPhone and its user base that an update that abandons all of that appears counter-intuitive in every sense. The fact that even Google is unable to view user content due to its extensive usage of end-to-end encryption throughout its own platform—which is akin to Apple's—makes this situation worse. However, all of that disappears when using cross-platform RCS texting.,
Read more »
Windows Defender
Data Leak Infostealer malware User Privacy User Security Windows Defender

New Yunit Infostealer Bypasses Windows Defender and Steals Sensitive Data

 

A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints.

CYFIRMA cybersecurity researchers have published a detailed investigation of the infostealer known as Yunit Stealer. Yunit Stealer employs JavaScript to include system utility and cryptography modules, enabling it to do activities such as system information retrieval, command execution, and HTTP queries. It persists on the target device by altering the registry, adding jobs via batch and VBScript, and, finally, by setting exclusions in Windows Defender.

When it comes to infostealing, Yunit is just as effective as any other malware. It can steal system information, browser data (passwords, cookies, autofill information, etc.), and bitcoin wallet information. In addition to passwords, it can keep credit card information that is kept in the browser. 

Once the malware has gathered all of the data it deems useful, it will attempt to exfiltrate it via Discord webhooks or into a Telegram channel. It will also upload it to a remote site and provide a download link for future use. The URL will also include screenshots, allowing the threat actor to access the information while remaining anonymous and evading discovery. Accessing data using encrypted communication channels is also beneficial.

The fact that the Telegram channel was only established on August 31, 2024, and that it only has 12 subscribers, according to CYFIRMA, serves as further evidence that Yunit is a fledgling infostealer that has not yet proven its mettle. As an alternative, the Discord account isn't operational right now. 

Prevention tips 

Keep your systems updated: Regularly updating your operating system and software can help defend against known vulnerabilities that Yunit Stealer could exploit. 

Use trustworthy antivirus software: While Yunit Stealer can disable some antivirus products, choosing a reputable and often updated security solution provides an extra degree of protection. 

Avoid dubious links and downloads. Phishing attacks are frequently the starting point for malware infections. Use caution while opening email attachments or clicking on unexpected URLs. 

Monitor your accounts: Check your online accounts on a regular basis for strange behaviour, particularly those that store sensitive data such as passwords and credit card information.
Read more »
Web
Browser Internet Mozilla Technology User Privacy User Tracking Web

Mozilla Privacy: Tracking Users Without Consent


The organization behind the privacy-centric Firefox browser, has come under fire for allegedly tracking users without their consent. This controversy centers around a feature called Privacy Preserving Attribution (PPA), which has sparked a heated debate about privacy, consent, and the future of online tracking.

The User Tracking Allegations

The European digital rights group NOYB (None Of Your Business) has filed a privacy complaint against Mozilla, claiming that the PPA feature in Firefox tracks users’ online behavior without their explicit consent. According to NOYB, this practice violates the EU’s General Data Protection Regulation (GDPR), which mandates that users must be informed and give consent before any tracking can occur.

What is Privacy Preserving Attribution?

Privacy Preserving Attribution is a method designed to measure the effectiveness of online advertisements without relying on invasive third-party cookies. Instead of allowing individual websites to track users, PPA shifts this responsibility to the browser itself. The idea is to provide advertisers with the data they need while protecting users’ privacy.

However, the implementation of PPA has raised significant concerns. Critics argue that by enabling this feature by default, Mozilla has effectively bypassed the need for user consent. This move has been seen as contradictory to Mozilla’s long-standing reputation as a champion of online privacy.

The GDPR Implications

The GDPR is one of the most stringent privacy regulations in the world, and it requires that any form of data processing must be transparent and consensual. NOYB’s complaint suggests that Mozilla’s PPA feature does not meet these criteria. If the complaint is upheld, Mozilla could face substantial fines and be forced to alter its approach to user tracking.

Mozilla’s Response

In response to the allegations, Mozilla has defended the PPA feature, stating that it is designed to balance the needs of advertisers with the privacy rights of users. Mozilla argues that PPA is a more privacy-friendly alternative to traditional tracking methods and that it does not collect any personally identifiable information.

Despite these assurances, the controversy has highlighted a broader issue within the tech industry: the tension between innovation and privacy. As companies strive to develop new technologies, they must also navigate the complex landscape of privacy regulations and user expectations.

Read more »
User Privacy
Auto Canada Cyber Attacks Data Leak data security User Privacy

Car Dealership Auto Canada Confirms Cyberattack, Alleged Data Leak

Car Dealership Auto Canada Confirms Cyberattack, Alleged Data Leak

Car dealership company Auto Canada warned that employee data might have been leaked in a ransomware attack claimed by the Hunters International ransomware group. In August 2024, the company suffered a company was hit by a cyber-attack. While Auto Canada hasn't reported any fraud campaigns directly impacting individuals, it has notified employees about the potential risks.

Earlier in August, the company was forced to shut down a few internal IT systems offline to limit a ransomware attack, which led to operational disruptions. Although the 66 dealerships continued business as usual, some customer service operations were disrupted causing delays.

Data Leaked?

Auto Canada didn't disclose any further information or updates, but the ransomware gang Hunters International claimed responsibility for the attack, posting the data on their portal.

The group leaked terabytes of data allegedly stolen from the car dealership- network storage images, confidential financial and HR documents, and databases. The released data includes employee records and executive details, sparking debates about the scale of the cyber-attack.

Auto Canada's Reply

Responding to the concerns, Auto Canada has published an FAQ page discussing about the cyber attack and details uncovered during the investigation. “Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response.” says the FAQ page. “We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada.”

The allegedly leaked data includes name, date of birth, address, social insurance number, payroll details, bank account info, and scans of government-issued I'd documents.

What Happens to Affected People?

For impacted individuals, Auto Canada has offered a three-year free-of-cost Identity theft protection and credit monitoring coverage via Equifax, the enrollment deadline is valid until January 31, 2025. Auto Car says the compromised systems were separated from the main network, compromised accounts were taken down, the encryption process was shut down, and resetting of all admin account passwords.

Despite the implemented measures, Auto Car can't provide a 100% guarantee of such incidents happening in the future. While the company acknowledges the attack, it has taken a few measures to prevent future incidents:

  • Conducting cybersecurity training for employees
  • Reviewing security policies
  • Implementing threat detection and incident response programs
  • Conducting regular security audits

Read more »
User Privacy
AI data security Meta Ray-Ban Technology User Privacy

AI-powered Ray-Ban Meta Smart Glasses Raise Concerns About Data Privacy

AI-powered Ray-Ban Meta Smart Glasses Raise Concerns About Data Privacy

Ray-Ban Meta smart glasses are the new wearable tech in the market. Launched in 2021, these AI-powered smart glasses have sparked debates in the community. Though useful, the tech has raised concerns over data security and privacy among users.

Feature of Smart Glasses

The AI-powered glasses are filled with a range of advanced features that improve user experience. These features include open-ear speakers, a touch panel, camera. The glasses can also play music, click images take videos, and also offer real-time info via the Meta AI assistant. These features give an idea of a future where tech is involved in our daily lives.

Data Privacy and Security: Concerns

Meta makes most of its money from advertising, this raises concerns about how images clicked through glasses will be used by the company. Meta has a history of privacy and data security concerns, users are skeptical about how their data will be used if Mera captures the images without consent.

Another issue adding injury to this concern is Meta smart glasses introducing AI. AI has already caused controversies over its inaccurate information, its easy manipulation, and racial biases.

When users capture images or videos via smart glasses, Meta Cloud processes them with AI. Meta's website says "All photos processed with AI are stored and used to improve Meta products and will be used to train Meta’s AI with help from trained reviewers"

According to Meta, the processing analyses text, objects, and other contents of the image, and any info collected is used under Meta's Privacy Policy. In simple terms, images sent to clouds can be used to train Meta's AI, a potential for misuse.

What do Users Think?

The evolving tech like smart glasses has had a major impact on how we script our lives, but it has also sparked debates around privacy and user surveillance.

For instance, people in Canada can be photographed publically without their consent, but if the purpose is commercial, suitable restrictions are applied to prevent harm or distress.

Meta has released guidelines to encourage users to exercise caution and respect rights of the others while wearing the glasses. The guidelines suggest giving a formal announcement if you want to use the camera for live streaming and turning off the device when entering a private place.

Meta's reliability on user behavior to assure privacy standards is not enough to combat the concerns around surveillance, consent, and data misuse. Meta's history of privacy battles and its data-driven business model raise questions about whether the current measures can uphold privacy in the evolving digital landscape.

Read more »
VPN
Compromised Passwords Data Breach Specops User Privacy VPN

Specops Unearths Millions of Compromised VPN Passwords

 

The moment a password is discovered, a virtual private network (VPN) becomes public quickly. In a report published last week, password management provider Specops Software revealed 2,151,523 VPN credentials exposed by malware over the past year.

One professional at the company revealed that many users aren't protecting, or even caring all that much about, a valuable network entrypoint based on the 2 million+ VPN passwords that were pulled from the company's threat-intelligence platform. 

“If we look at some of the content of those passwords, that’s where we really start seeing where there’s still, unfortunately, a general apathy around security, and password security in particular,” Darren James, senior product manager at Outpost24 (which acquired Specops in 2021), stated. 

This is Qwerty. The report's most popular passwords are certainly familiar to you; they are the usual consecutive numbers and versions of "password" and "qwerty." The top compromised password—found 5,290 times, according to Specops—is "123456.” 

And, in fact, 5,290 represents progress—a "quite low" figure, according to the Specops team, given that the information contained almost 2 million VPN passwords. "This could suggest that end users may have generally been using unique, or even strong passwords for their VPN credentials," according to the Sept. 17 blog. 

Even complex passwords can be stolen, according to James, when spyware known as keystroke loggers monitor logins and phishing emails trick users into disclosing VPN credentials. According to a recent report by cyber insurance provider At-Bay, self-managed VPNs accounted for 63% of remote-access ransomware attacks in 2023. 

While several VPN-specific discoveries suggested consumer-level vulnerabilities, given the linked email addresses, the analysis also revealed corporate risk. Several discovered passwords meet the length and complexity requirements for Active Directory in many organisations.

Specops researchers recommend blocking several of the alleged stolen business passwords, such as Abcd@123# and Lordthankyou2.

“Ultimately, it comes down to password reuse. Even if you’ve got a super-strong password, you need to be able to check that that password hasn’t become breached or hasn’t been stolen since the last time you’ve set it,” James added.
Read more »
User Privacy
Data Breach Data Safety data security Safety Security User Data User Privacy

National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

 

Data breaches continue to be a persistent issue without a simple solution, as evidenced by the recent breach of the background-check service National Public Data. This incident highlights the escalating dangers and complexity of such breaches. After months of uncertainty, National Public Data has finally confirmed the breach, coinciding with a large amount of stolen data being leaked online.

In April, a hacker known as USDoD started selling a data set on cybercriminal forums for $3.5 million. The data, said to include 2.9 billion records, purportedly affected "the entire population of the USA, CA, and UK." As the weeks passed, samples of the data emerged, with researchers and other actors verifying its authenticity. By early June, it was confirmed that the data contained information like names, emails, and physical addresses.

Although the data's accuracy varies, it appears to consist of two main sets. One contains over 100 million legitimate email addresses along with other personal information. "There appears to have been a data security incident that may have involved some of your personal information," National Public Data announced on Monday. "The incident is believed to have involved a third-party bad actor who attempted to access data in late December 2023, with potential leaks occurring in April 2024 and summer 2024. The breached information includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses."

The company stated it is cooperating with law enforcement and government investigators. National Public Data now faces potential class action lawsuits due to the breach.

"We have become desensitized to the continuous leaks of personal data, but there is a serious risk," says security researcher Jeremiah Fowler, who has been monitoring the National Public Data situation. "It may not be immediate, and it could take years for criminals to figure out how to use this information effectively, but a storm is coming."

When data is stolen from a single source, such as Target, it is relatively easy to trace the source. However, when information is stolen from a data broker and the company does not disclose the incident, it becomes much harder to verify the data's legitimacy and origin. Often, people whose data is compromised are unaware that National Public Data held their information.

Security researcher Troy Hunt noted in a blog post, "The only parties that know the truth are the anonymous threat actors and the data aggregator. We're left with 134M email addresses in public circulation and no clear origin or accountability." Even when a data broker admits to a breach, as National Public Data has, the stolen data may be unreliable and mixed with other datasets. Hunt found many email addresses paired with incorrect personal information, along with numerous duplicates and redundancies.

"There were no email addresses in the Social Security number files," noted Hunt, who operates the website Have I Been Pwned (HIBP). "If you find your email in this data breach via HIBP, there's no evidence your SSN was leaked, and the data next to your record may be incorrect."

For those whose Social Security numbers were included in the breach, the threat of identity theft remains significant. They are forced to freeze their credit, monitor credit reports, and set up financial monitoring services. Notifications about the breach have already been sent out by credit monitoring and threat intelligence services. Although the stolen data is flawed, researchers warn that every data set attackers obtain can fuel scamming, cybercrime, and espionage when combined with other personal data compiled by criminals over the years.

"Each data breach is a puzzle piece, and bad actors and certain nations are collecting this data," Fowler says. "When combined systematically and organized in a searchable way, numerous breaches can provide a complete profile of individual citizens."
Read more »
User Security
Data Data Breach Safety Security User Data User Privacy User Safety User Security

Massive Data Leak Exposes Sensitive Information for Millions

 


A significant data breach has compromised the personal information of millions of individuals across the United States, United Kingdom, and Canada. The leaked data, obtained from a company called National Public Data, includes highly sensitive information such as names, mailing addresses, and social security numbers.

The leaked database, consisting of nearly 2.7 billion records, was reportedly offered for sale on the dark web. While the exact scope of the breach is still being investigated, numerous individuals have confirmed the presence of their personal data within the leaked files.

The exposed information poses a serious risk of identity theft and other malicious activities. Scammers may use this data to target individuals with phishing attempts or fraudulent transactions.

To protect yourself:

1. Be wary of suspicious emails: Avoid clicking on links or opening attachments in unsolicited emails, even if they appear to be from legitimate sources.
2. Verify the sender: Double-check the sender's email address to ensure it is authentic.
3. Use strong, unique passwords: Create complex passwords for all your online accounts and avoid reusing them across different platforms.
4. Monitor your accounts: Regularly check your bank statements, credit reports, and online accounts for any unauthorized activity.

If you believe your personal information may have been compromised in this data breach, it is recommended to take steps to protect your identity and report the incident to the appropriate authorities.

Read more »
User Privacy
Data Breach Data Leak hospital data Ransomware attack User Privacy

Rhysida Ransomware Takes Responsibility for Bayhealth Hospital Breach

 

The Rhysida Ransomware outfit claims to have infiltrated Bayhealth Hospital in Delaware and is offering the allegedly stolen data for 25 BTC. Bayhealth Hospital is a technologically equipped not-for-profit healthcare facility with around 4,000 employees and a medical team of over 450 physicians and 200 advanced practice clinicians. 

Bayhealth Medical Centre, which covers central and southern Delaware, runs two hospitals, Bayhealth Hospital, Kent Campus in Dover and Bayhealth Hospital, Sussex Campus in Milford, as well as the Bayhealth Emergency Centre in Smyrna. The facility has 316 beds and offers inpatient services such as labour, cardiology, and cancer care.

It also offers outpatient care, support services, community outreach, and imaging. Both the Kent and Sussex campuses include 24-hour emergency departments with Level III trauma centres, as does the Smyrna centre. The Rhysida Ransomware organisation claims to have infiltrated Bayhealth Hospital and added it to the list of victims on their Tor leak website. The group claims to have stolen data from the hospital and is asking for 25 BTC to stop the leak. The hacking outfit released screenshots of stolen passports and ID cards as evidence of the hack. 

“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!” announced the ransomware gang. 

This is not the first time that the Rhysida ransomware outfit has targeted a hospital. In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital in Jordan. At the end of November, the ransomware organisation claimed to have hacked the King Edward VII Hospital in London. The organisation also claimed to have hacked the British Library and the China Energy Engineering Corporation. 

The ransomware group has been active since May 2023. According to the gang's Tor leak site, the operation has affected at least 62 companies. The ransomware group targeted organisations across several industries, including education, healthcare, manufacturing, information technology, and government. The victims of the gang are considered "targets of opportunity.”
Read more »
Subscribe to: Posts (Atom)