Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Safety. Show all posts
User Safety
Banking Security Cyber Security India RBI User Safety

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.
Read more »
User Safety
Data Breach Leak Personal Data Safety Security User Data User Safety

ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data

 

The London branch of the Industrial and Commercial Bank of China (ICBC) recently fell victim to a ransomware attack, resulting in the theft of sensitive data. According to a report by The Register, which references information posted on the hackers' data leak site, the bank has until September 13 to meet the ransom demand or risk the stolen data being publicly leaked.

The attack was orchestrated by a group called Hunters International, who claim to have exfiltrated 5.2 million files, amounting to 6.6 terabytes of sensitive information. Despite being a relatively new name in the ransomware scene, some experts believe Hunters International is a rebranded version of Hive, a notorious ransomware group that was dismantled by the FBI in July 2022. At that time, the FBI successfully infiltrated the Hive group, seizing decryption keys and halting its operations.

Emerging approximately a year ago, Hunters International has shifted its focus toward data theft rather than system encryption. Some cybersecurity researchers suggest that developing and deploying encryption tools is complex and time-consuming, making data theft alone an equally profitable, yet simpler, approach for the group.

ICBC, the world’s largest bank by total assets and market capitalization, is a state-owned financial institution in China. It provides a variety of banking services, including corporate and personal banking, wealth management, and investment banking. With an extensive global presence, ICBC plays a significant role in funding infrastructure projects both domestically and abroad.

As of now, ICBC has not made any public statements regarding the attack or responded to requests for comment.
Read more »
User Security
Data Data Breach Safety Security User Data User Privacy User Safety User Security

Massive Data Leak Exposes Sensitive Information for Millions

 


A significant data breach has compromised the personal information of millions of individuals across the United States, United Kingdom, and Canada. The leaked data, obtained from a company called National Public Data, includes highly sensitive information such as names, mailing addresses, and social security numbers.

The leaked database, consisting of nearly 2.7 billion records, was reportedly offered for sale on the dark web. While the exact scope of the breach is still being investigated, numerous individuals have confirmed the presence of their personal data within the leaked files.

The exposed information poses a serious risk of identity theft and other malicious activities. Scammers may use this data to target individuals with phishing attempts or fraudulent transactions.

To protect yourself:

1. Be wary of suspicious emails: Avoid clicking on links or opening attachments in unsolicited emails, even if they appear to be from legitimate sources.
2. Verify the sender: Double-check the sender's email address to ensure it is authentic.
3. Use strong, unique passwords: Create complex passwords for all your online accounts and avoid reusing them across different platforms.
4. Monitor your accounts: Regularly check your bank statements, credit reports, and online accounts for any unauthorized activity.

If you believe your personal information may have been compromised in this data breach, it is recommended to take steps to protect your identity and report the incident to the appropriate authorities.

Read more »
User Safety
AI Apps Mobile Security Privacy Violation User Privacy User Safety

The Concerning Rise of AI “Undressing” Apps: A Violation of Privacy and Ethics

 

Today, AI can help with a variety of tasks, like making personalised food plans and offering dating advice, as well as fixing image flaws and optimising workflow.

However, AI technology has also opened the door to more controversial apps, such as AI nude generators used for AI undressing. AI undressing is becoming increasingly popular as a result of rapid technical breakthroughs and the interest it generates. These apps use deep learning algorithms to analyse and edit images, successfully removing clothing from photographs. 

Nevertheless, the usage of these apps raises serious legal and ethical concerns. Many of these apps have the potential to infringe private rights and be used maliciously, which could result in legal consequences. Responsible use of AI undressing apps is critical, but the potential for abuse and the difficulties of regulation remain significant hurdles.

In Israel, for example, there have been debates about implementing regulations similar to those governing revenge pornography, which would criminalise the unauthorised use of AI undressing apps. In addition, Israeli tech businesses and academic institutions are creating educational courses and guidelines to promote the appropriate use of AI. These initiatives aim to mitigate the negative effects of applications such as AI undressing while upholding ethical standards in technology use. 

One of the most pressing challenges concerning AI-powered undressing apps is whether they can be used properly. This is a complex subject that ultimately depends on individual notions of right and wrong, as well as the willingness to take the required measures to safeguard oneself and others from the possible harms that these apps can generate. 

The appropriate use of such technology necessitates a thorough awareness of its ramifications as well as a commitment to ethical principles. As AI evolves, it is critical for society to strike a balance between innovation and ethical responsibility. It is critical to ensure that technological breakthroughs are used to improve our lives while maintaining our values and safety. 

This includes establishing strong legal frameworks, raising awareness and educating about the risks, and cultivating an ethical AI culture. By doing so, we can maximise the benefits of AI while minimising its potential risks, resulting in a safer and more responsible technological landscape for everybody.
Read more »
User Safety
Cyber Safety Data Data Breach Data Leak Safety Security User Data User Safety

ERP Firm Data Breach Exposes Over 750 Million Records

 

A leading Enterprise Resource Planning (ERP) company based in Mexico inadvertently left an unsecured database online, exposing sensitive information on hundreds of thousands of users. This was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to Website Planet. According to Fowler, the database contained 769 million records and was accessible to anyone who knew where to look.

The exposed data included highly sensitive and personally identifiable information such as API keys, secret keys, bank account numbers, tax identification numbers, and email addresses. The database, which is 395GB in size, belongs to ClickBalance, a software provider that offers a range of cloud-based business services including administration automation, accounting, inventory, and payroll.

Website Planet describes ClickBalance as one of Mexico’s largest ERP technology providers. Upon discovering the database, Fowler immediately contacted ClickBalance, which secured the database within hours. However, it remains unclear whether any malicious actors accessed the data before it was secured or whether the data has been used in any malicious activities. Fowler emphasizes that only a comprehensive forensic investigation can determine the full extent of the exposure.

The exposure of tax identification numbers and bank account details poses significant risks, enabling cybercriminals to conduct fraudulent activities. The theft of active email addresses is particularly concerning, as it allows criminals to launch phishing attacks that can deliver malware and ransomware.

Despite the severe potential consequences, unsecured databases continue to be a common cause of data breaches. Many large enterprises and government organizations have been found with online databases lacking adequate protection. For instance, a previous incident resulted in the personal information of the entire Brazilian population being leaked.
Read more »
User Safety
Data Privacy Mobile Security Public Charging Stations USB Attacks User Safety

Here's Why You Shouldn't Use Public USB Charging Ports

 

We've all been there: stranded in a coffee shop with a dropping phone battery and no connector, only to find a free USB charging station nearby. Relieved, you plug in your device and go about your business, unaware that a potential threat lurks behind that seemingly benign USB port. 

That concern is "juice jacking," a cybersecurity vulnerability that has received enough attention in recent years to warrant an advisory from the FBI. So, what exactly is juice jacking and how risky is it? Here's all you need to know, along with some recommendations for keeping your mobile devices safe while charging on the road. 

What is juice-jacking? 

Juice-jacking is when hackers siphon your phone's data while it is charging. It achieves this using software placed in a kiosk that allows you to quickly charge your phone, or through a cable connected to a charging station. It can do this by plugging the USB charger directly into the socket. USBs, unlike two-pronged plugs, may transmit data as well as electricity. 

The methodology is similar to how a "skimmer" steals your bank or credit card information; however, juice-jacking has the potential to collect all of the data on your cell phone, including passwords, account information, contacts, emails, and so on. While this form of hacking is not yet widespread, it has the potential to become so. However, there are techniques to defend yourself from this type of hack. 

Prevention Tips 
  • Do not plug your phone directly into a USB charging port. Keep your data secure by using a 2-prong electrical charger.
  • Don't use the provided cord or someone else's 2-prong attachment since it might contain software designed to steal your information. 
  • Use a "sync stop" device to prevent attackers from accessing your phone. When charging your phone, leave it locked or switched off. 
  • Most phones cannot access your information while locked or switched off. Don't rely on others; bring your own personal power bank to charge your mobile device. 

When your phone's battery goes low in the airport, hotel, or coffee shop, be sure you're prepared to give it the power it requires without leaving you powerless.
Read more »
User Safety
Australia Cyber Fraud Data Leak Data Privacy Flight Scam User Safety

Australian Man Arrested for Evil Twin Wi-Fi Attacks on Domestic Flights

 

Police in Australia have arrested and charged a man with nine cybercrime crimes for allegedly setting up fictitious public Wi-Fi networks using a portable wireless access point to steal data from unsuspecting users. 

The man designed "evil twin" Wi-Fi networks at airports, during flights, and other places related to his "previous employment" that would deceive people into registering into the fake network using their email address or social media accounts. Police stated the login data was then transferred to the man's devices. 

Dozens of credentials were reportedly obtained. This information might have enabled the perpetrator to get access to victims' accounts and possibly steal further sensitive information such as banking login details or other personal information. Employees of the airline noticed one of the strange in-flight Wi-Fi networks. The anonymous Australian airline then reported the Wi-Fi's presence to authorities, who investigated the situation in April and arrested the suspect in May. 

According to the Australian Broadcasting Corporation, the man, Michael Clapsis, appeared before Perth Magistrates Court and was subsequently released on "strict" bail with limited internet access. He also had to submit his passport. Clapsis' LinkedIn profile, which has since been deleted, hints that he may have previously worked for a shipping company. 

He has been charged with three counts of unauthorised impairment of electronic communication, three counts of possession or control of data with the intent to commit a serious offence, one count of unauthorised access or modification of restricted data, one count of dishonestly obtaining or dealing in personal financial information, and one count of possessing identification information with the intent to commit an offence. Clapsis is set to appear in court again in August. 

Evil twin attacks can use a variety of tactics to steal victims' data. However, they typically entail providing free Wi-Fi networks that appear genuine but actually contain "login pages" designed to steal your data. Genuine Wi-Fi networks should never ask you to login using your social media credentials or provide a password for any of your accounts. It is also recommended to use a VPN and avoid connecting to public Wi-Fi networks when a more secure option is available.
Read more »
User Safety
Data Privacy Juice Jacking Lockdown Mode Mobile Security User Safety

Android 15's Lockdown Mode Safeguards Your Phone Against "Juice Jacking"

 

You shouldn't use any random cable that is provided to you to charge your favourite Android phone—or any other device, for that matter—at a public charging station for a few very good reasons. More importantly, there are always a number of security issues, so you might not receive the fastest charging speeds. Even though they are not scalable, "juice jacking" attacks that weaponize charging stations are common; however, Android 15's Lockdown mode now includes defences against such types of attacks. 

Google is still working on Android 15, which is now in beta testing. The most recent development, spotted by apex tech sleuth Mishaal Rahman (via Android Authority), suggests that the operating system update will have built-in protections against fraudulent individuals who attempt to use juice-jacking devices. These attacks have the ability to install malicious apps, run commands, transmit malicious payloads to your device, and maliciously control how the USB connection handles data.

However, Rahman claims there is no reason to be concerned about juice jackers because Android currently prevents you from enabling USB Debugging before you unlock your smartphone. Access to files on the device is similarly restricted until you change the USB connection mode to explicitly allow file transfers. These safety nets work together to prevent attempts to execute ADB commands or tamper with your device's files. Lockdown mode, on the other hand, takes safety to the next level, and it just gets better with Android 15.

Put things on lockdown

Lockdown mode, which was introduced as a safety feature alongside Android 9 in 2018, was made available as a default in the power menu on Pixel phones with Android 12. Other device manufacturers are free to place the option elsewhere, but once selected, it disables all notifications and requires your original PIN, password, or pattern to restore device functionality.

After testing with a Pixel 6 Pro running Android 15 and another device running Android 14, Rahman confirmed that the most recent firmware prevents USB data access. Any current connections to the ADB terminal or linked input devices are likewise terminated when Lockdown mode is enabled. It should work as soon as eligible Pixel phones receive the Android 15 upgrade, but other OEMs must update their devices' USB HAL to include the necessary APIs for this implementation to function. 

In any case, the Android 15 upgrade includes additional safeguards against juice jacking, even if you were already adequately protected on older versions. However, it's worth noting that taking precautions like avoiding unfamiliar chargers at airports and malls is the greatest and most effective defense.
Read more »
Subscribe to: Posts (Atom)