Breaking News »

Latest Hacking News

Uber Now Collects Your Location Data After You Are Dropped Off

(pc-Google Images)
Uber can now even track your location after you have been dropped. The latest update on the app will track the location of their users after they have left the car.

The latest app update, which introduces the redesign and new features also changes the way how its service collects location data for commuters.

Uber is now looking to gather location data even when you’ve exited the app — you’ll be prompted to share your current location. Uber just needs your location data from the start of your ride up until five minutes after the driver drops you off.

Uber claims they are aiming to "enhance safety" by collecting more rider data as opposed to just gathering information about the driver and the trip.

Uber also wants to track how often riders cross the street directly after a drop-off, which the company believes could indicate a safety hazard.

“We’re always thinking about ways we can improve the rider experience from sharpening our ETA estimates to identifying the best pick up location on any given street. Location is at the heart of the Uber experience, and we’re asking riders to provide us with more information to achieve these goals,” an Uber spokesperson said in a statement.

The company updated its privacy policy last summer to allow for background location data collection, which prompted backlash from privacy groups and a Federal Trade Commission complaint.

Talk-Talk does not urge customers to change passwords

TalkTalk has been vastly criticised for the handling of a wi-fi password breach by several cyber-security experts.

The cyber attack, which left some Post Office and TalkTalk customers without internet for days last week, also involved up to 57,000 of TalkTalk’s customers having their Wi-Fi passwords stolen. Tens of thousands of TalkTalk customers are at risk of having had their passwords stolen after it was revealed that a hack against the company's broadband routers was more severe than initially thought.

The BBC has presented the company with evidence that many of its customers' router credentials have been hacked, putting them at risk of data theft. The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.

Computer security experts were astounded by TalkTalk's lack of concern over its customers' passwords being at risk.

Talk Talk has been advising users that there is no need to change their router's settings.

However, Talk Talk’s PR department tried to cover up the negative media coverage.

A spokeswoman for TalkTalk said that customers could change their settings "if they wish" but added that she believed there was "no risk to their personal information".

Ken Munro, a security researcher at Pen Test Partners, said passwords could have been stolen from the faulty routers, which could give cyber criminals access to all of the information on customers' home networks, including further passwords and financial details. Munro also added that if the hacker has access to the password key, they can even see all the traffic on the home network, including social media accounts and other passwords.

The risk to TalkTalk's subscribers was first flagged over the weekend by cyber-security researchers at Pen Test Partners who warned that a variant of the Mirai worm was exploiting a vulnerability to force TalkTalk routers to reveal their Wi-Fi passwords but the UK broadband provider played down the discovery saying it was making ‘good progress to protect its routers.

The company’s site has posted up instructions on how to change the wireless name and password on your Talk Talk router but before doing so, it is best recommended to reset your router by pressing a small reset button at the back with a paperclip to force the device to download a new version of its firmware.

It is high time the telecommunications company start caring about its users’ security.

Ransomware took down systems in NHS cyber-attack

An NHS hospital trust which was forced to shut down hospital systems and cancel operations revealed that the cyber attack was the result of the ransomware infection.

Systems of Northern Lincolnshire and Goole NHS Foundation Trust suffered a major Globe2 ransomware infection in October which interrupted the operations for four days. The incident led to the cancellation of 2,800 patient appointments in three hospitals on October 30 which didn’t resume till November 02.

Globe2 works similarly to other ransomware viruses, but uses a Blowfish data encryption, by encrypting files and demanding money to release them. It has been described by security experts as very aggressive.

Although it was initially believed that the issue was caused by a malware infection spreading via USB, Pam Clipson, director of strategy and planning at Northern Lincolnshire and Goole NHS Foundation Trust, confirmed that a ransomware infection had affected the systems.

Ransomware infections usually involve a ransom that organizations need to pay to hackers in order to unlock systems, but Clipson explained that the hospital took systems offline in order to remove the malware themselves.

When the systems were attacked, all servers were checked and cleaned both prior to switching off and before returning to 'live' status.

NHS spokesperson has confirmed that no ransom was paid to the perpetrators of the attack in order to restore systems.

The attack is also being examined by West Yorkshire Police.

Hacked San Francisco Muni lost $50,000 in fares

In yet another ransomware attack happened last month, San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 loss.

SMTA, also known as ‘Muni’ was hacked on November 25 resulting in customers being able to travel for free on the city’s light-rail system. The cyber extortionists hacked into the transit system’s computers and denied access to its ticket machines, e-mail and personnel systems. Hackers succeeded in encrypting over 2000 computers and demanded 100 bitcoin (£56,000; €66,000).

Muni operates city trains, trams and buses which usually bring in around $120,000 in fares on a weekend day. That figure includes fares paid on all the three public transport systems both inside and outside the stations.

Though Muni did not pay the ransom and saved $73,000 but the attack did cost half a million dollar, said the officials on December 02. The officials had shut down the ticket machines in the Muni Metro system’s subway stations and threw open the fare gates as soon as they learned about the hack. The actions were taken to stop the spread of the cyber attack , in case the hacker was still inside the network and to ensure that passengers’ financial information couldn’t be accessed.

The rides remained free on November 26 which meant a hefty hit to Muni profits. Fare gates and ticket machines were back in service by the morning of November 27.

The attackers used a variant of the HDDCryptor malware resulting in every computer displaying a black screen with a ransom note. The ransomware attack was triggered when an employee clicked on an email attachment, pop-up or link following which around 900 office computers were taken out of action with the following message clearly visible on some:

“You Hacked, ALL Data Encrypted. Contact For Key(”

City officials have confirmed a full investigation is now underway.

Though no report of train stopping or passenger safety came to light, but if Muni does not upgrade its systems the next attack can harm the passengers as well.

Vulnerability »

Malware Report »

Defacements »

Spam Report »