Careem hit by cyber attack, affects 14 million users

Careem, ride-hailing app and Uber’s main competitor in the Middle East, on Monday revealed that it was hit by a cyber attack causing data of over 14 million users to be compromised.

In a blog post, the company said that it became aware of the attack on 14th January, when it identified a cyber incident involving “unauthorised access to a system we use to store data,” in which customer and driver account data were stolen.

Information such as names, phone numbers, email addresses, and trip data were stolen, however, according to the company, no password or credit card information was compromised.

“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” it stated.

“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” the post read, adding that customers and “captains” who have signed up after the attack have not been affected by the breach.

The ride-hailing service apologized to its users and said that, “Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”

Aside from informing the users and assuring them that it is working with law enforcement agencies to look into the matter, Careem also advised its customers to use safeguards such as strong password management, cautiousness of unsolicited communications, links, or attachments in emails, and reviewing suspicious credit card or bank activity.

As to why it had taken so Careem so long to tell people, the company said that it “wanted to make sure we had the most accurate information before notifying people.”

Aadhar details, caste, religion of 1.3 lakh people leaked by Andhra Pradesh Govt website

Yet another controversy erupts in Andhra Pradesh where a government undertaking and the Unique Identification Authority of India (UIDAI) have drawn no less flak for allowing some sensitive personal details of around 1.3 lakh people to go to the public domain.

 Initial blame goes to the Andhra Pradesh State Housing Corporation as it released the Aadhaar numbers of 1.3 lakh beneficiaries along with the banking details, caste, religion, mobile numbers and what not triggering an escalating controversy. But the cyber experts, who found the huge fault have refused to pin the blame on UIDAI saying that Aadhar has hardly any link with these sensitive details and pushed responsibility to other government department.

They have observed that the biometric database does not have any records of the citizens personal sensitive details.

 The website in question, however, has covered these details immediately after Srinivas Kodali, an independent cyber expert, brought it to the government’s notice with a tweet.

 He, further, in his tweet, flashed a screenshot of the personal and sensitive details in the public domain in the website to substantiate his revelations. But he confirmed zero role of UIDAI in these bungling.

 What is more worrisome is the search feature in the website page making it easy for the users to extract personal details of anybody targeted. But there is hardly any option to reach either the government or the UIDAI with the complaint.

 Stunned by the revelations of privacy breach, the Andhra Pradesh Government said it would further track the beneficiaries only with the Aadhaar number and not with other sensitive details to protect the privacy of the individuals.

 The government has every right to extract the personal sensitive data of an individual which include mobile no, bank account no IFSC code, father’s name, village and panchayat.

But under no circumstance these are not allowed to be made public. This was what UIDAI told the Supreme Court.

Hackers Infect X-Ray and MRI Machines

A new hacker group is conducting cyber attacks against the healthcare industry around the world, this time they have gotten holds on the systems controlling X-Ray, MRI and other medical machines, according to a report from security researchers at cybersecurity firm Symantec.
Security researchers in past has warned about the vulnerability of connected medical devices. The group who is newly discoverd named as  Orangeworm is mainly targeting Healthcare sector of America, Europe, and some parts of Asia.

 “While Orangeworm is known to have been active for at least several years, we do not believe that the group bears any hallmarks of a state-sponsored actor—it is likely the work of an individual or a small group of individuals. There are currently no technical or operational indicators to ascertain the origin of the group,” the researchers state.

According to a reseracher Alan Neville at  Symantec, it seems that the attackers are more interested in learning how these devices operate rather than to perform any sabotage type activities.

But, you cannot trust them and say that they couldn't carry out more aggressive attacks. Once they are able to successfully infected a computer with their malware, called Kwampirs, "the attackers have the ability to extend the malware’s functionality by downloading and executing additional modules in memory," Neville added.

 "These modules may be customized to the victim’s environment to assist the attackers in performing any desirable action on these devices," he said. Adding to the intrigue, Orangeworm also showed an interest in "machines used to assist patients in completing consent forms for required procedures," Symantec wrote.

Attackers first infected one computer, then spread to others, infecting each with Kwampirs, a tool that granted them remote access to each infected host.

This is not the first time when hackers have hacked medical devices, recently, WannaCry ransomware too targeted hospitals across the world, 

New ransomware unable to restore files it encrypted

A Brand new ransomware attack widely distributed and infected the users based on their geolocation by checking the infected device IP address.

The ransomware was discovered by Doctor Web security experts and cybercriminals, who warned that the malicious program attacks users of Windows operating systems for profit.

The preventive protection of Dr.Web Antivirus detects this Trojan under the name DPH: Trojan encoder 9 or Trojan.Encoder.25129. This is a Trojan cipher that encodes data on an infected computer.
After launch, it checks the user's location by the IP address of the infected device. According to the analysis carried out by the researchers, it seems that the malware authors designed this ransomware to avoid encrypting files for specific countries such as Russia, Belarus and Kazakhstan, as well as in the case where the Windows regional parameters were in Russian and the Russian language. However, as a result of an error in its code, the ransomware encrypts files regardless of the geographic location of the IP address and restoration of the files affected by this malware is impossible in the majority of the cases.

The Trojan encodes the contents of the folders of the current user, the Windows desktop, and the service folders AppData and LocalAppData. Encryption is carried out using the algorithms AES-256-CBC, encrypted files are assigned the extension .tron.

Files larger than 30,000,000 bytes (approximately 28.6 MB) are not affected. Once the encryption is complete, the Trojan creates a file% ProgramData% \\ trig in which it writes the value "123" (if such a file already exists, the encryption is not done). Then the malware sends a request to the iplogger site whose address is registered in his body. Then the malware displays a window with a ransom request.

This ransomware mainly distributed through Social media that contains a malicious Payload and also it distributed through network shares.

Google's Messaging Service "Chat" Raises Security Concern

Amid worldwide acrimony over the Facebook scam, controversy surrounds Google after the largest internet search engine on the planet launched Chat which a section of experts has called an utter contempt for users’ privacy.

The first one expert to have raised the concern is none but Joe Westby who termed the new messaging service nothing but a huge gift to the gang of cyber criminals and spies to enable them to strike at ease.

Westby, who is known for his extensive studies at the Amnesty International technology and human research further said the product in question would provide the cybercriminals with unstoppable access to the content of the Andriod users’ communications on every passing moment.

Quoting a recent revelation by another American expert on end-to-end encryption being a reliable mechanism to safeguard the users’ privacy, Westby charges Google with disregarding its millions of customers and their human rights.

He said Google has never taken into consideration of the consequences of the Facebook faux pas and resorted to the hasty decision to launch the product which simply sounds dangerous.

End-to-end encryption is the reliable and minimum mechanism to safeguard the privacy of the users and that’s what the specified area as the global rights body regards and its absence would be a risky operation, observed the cyber expert.  The Google product hit the market sans the end-to-end encryption as has been confirmed by the top internet search engine who is learned to have invested in a few other messaging soon-to-be-launched products or services.

Same it took place in the case of the  Android Auto when the app from Android smartphones on a car displayed on the screen too many information much to major security concern.  Even the vehicle speed, oil temperature, and engine revs were on displayed sensing an impending danger. Then the mechanism reached Google forcing Toyota to shy away from deploying the Android Auto in their cars. The reason is the privacy concern.