Air Canada Exposes the Personal Details of 20000 Customers



A security breach incident occurred in Air Canada as the personal details of approx. 1% (i.e. 20,000 users) of the airline customers was exposed. The matter came to light as the airline authorities saw an unauthorized access to its mobile application and uploaded a notice on their official website about the same on the 28th of August 2018.

The company said that it had "observed odd log-in behaviour" transpiring between August 22-24.

The attackers - apart from the sensitive data that users may have had - likewise had access to passport numbers and expiry date, passport country of issuance, NEXUS numbers alongside essential profile data, gender, dates of birth, nationality and country of residence.

In any case, the company expresses that the credit card numbers remained unaffected in the break yet at the same time advised the customers to keep a mind on every one of their transactions.

As an extra security precautionary measure, the Air Canada authorities saw it fit to have locked all Air Canada mobile Application accounts with a specific end goal to protect their customers' data.

In this way, each of the 1.7 million customers of Air Canada will have to sign in again to the apps. Air Canada, along with sending messages to the customers influenced by the breach is currently looking for more ways to keep the customers at ease and is focused on sending mails to the customers with directions to reset logins.




Mozilla Extirpates 23 Firefox Add-Ons




Yesterday, Mozilla had extirpated 23 Firefox add-ons that pried in on clients and sent their information to remote servers, as affirmed by the Bleeping PC.

The blocked add-ons even incorporate "Web Security," the security-centric add-on with more than 220,000 users, which was found sending users' browsing histories to a server situated in Germany and remained at the centre of a controversy this week.

At the time, Mozilla engineers guaranteed that they would audit the add-on's conduct. Be that as it may, following the underlying report, a few users announced other add-ons displaying identical data collection patterns, some of which sent data to the same server as "Web Security".

"The mentioned add-on has been taken down, together with others after I conducted a thorough audit of [the] add-ons, these add-ons are no longer available at AMO and [have been] disabled in the browsers of users who installed them," says Mozilla Browser Engineer and Add-on reviewer, Rob Wu.

Remaining true to its word though, after a brisk test, Mozilla incapacitated the Web Security add-on in a Firefox instance Bleeping Computer utilized two days ago for tests and made sure that users of any of the restricted add-ons will be displayed a warning in this way:



A bug report incorporates the rundown of each of the 23 add-ons by their IDs, and not by their names, in spite of this fact Bleeping Computer has successfully tracked down the names of some additional items.

Other than Web Security, other restricted add-ons incorporate Browser Security, Browser Privacy, and Browser Safety. These have been sending information to an indistinguishable server as Web Security, situated at 136.243.163.73.

As indicated by a rundown gave to Bleeping Computer by Wu, other banned add-ons include:

YouTube Download & Adblocker Smarttube
Popup-Blocker
Facebook Bookmark Manager
Facebook Video Downloader
YouTube MP3 Converter & Download
Simply Search
Smarttube - Extreme
Self-Destroying Cookies
Popup Blocker Pro
YouTube - Ad block
Auto Destroy Cookies
Amazon Quick Search
YouTube Adblocker
Video Downloader
Google No Track
Quick AMZ

More than 500,000 users had atleast one of these add-ons installed inside their Firefox browser.
In the warning message above, Mozilla diverts users to this page for clarifications,

Sending user data to remote servers unnecessarily, and potential for remote code execution. Suspicious account activity for multiple accounts on AMO.



Attackers Targeting Dlink DSL Modem Routers ; Exploiting Them To Change The DNS Settings




A recent research has found attackers to be resorting to targeting DLink DSL modem routers in Brazil, with a specific end goal to exploit their DNS settings, which at that point enables them to redirect users endeavoring to associate with their online banks to fake banking websites that steal the client's record data.

As per the research by Radware, the exploit being utilized by the hackers enables them to effectively scan for and script the changing of a lot of vulnerable switches so the user's DNS settings point to a DNS server that is under the hacker's control.

Example of Fake Cloned Bank Site (Source: Radware)
Certificate Warning on Fake Site

At the point when the user attempts to connect to a website on the internet, they first question a DNS server to determine a hostname like www.google.com to an IP address like 172.217.11.36.
Their PC at that point associates with this IP address and starts the coveted connection. In this way by changing the name servers utilized on the router, users are diverted to fake and malignant sites without their insight and made to believe that these sites are indeed legitimate and dependable.
The pernicious URL takes the following form:

/dnscfg.cgi?dnsPrimary=&dnsSecondary=&dnsDynamic=0&dnsRefresh=1

at the point when the exploit permits unauthenticated remote configuration of DNS server settings on the modem router.

Radware’s research stated that – “The uniqueness about this approach is that the hijacking is performed without any interaction from the user, phishing campaigns with crafted URLs and malvertising campaigns attempting to change the DNS configuration from within the user’s browser have been reported as early as 2014 and throughout 2015 and 2016. In 2016, an exploit tool known as RouterHunterBr 2.0 was published on the internet and used the same malicious URLs, but there are no reports that Radware is aware of currently of abuse originating from this tool."

The researcher's state that the attack is deceptive as the user is totally unaware of the change, the hijacking works without creating or changing URLs in the user's browser.

A user can utilize any browser and his/her consistent regular routes, the user can type in the URL physically or even utilize it from cell phones, for example, a smart phone or tablet, and he/she will in any case be sent to the vindictive site rather than to their requested for site since the capturing viably works at the gateway level.

Radware along these lines , recommends users to utilize the http://www.whatsmydnsserver.com/ website to check their router's configured DNS servers, with the goal that they can alone decide whether there are servers that look suspicious as they won't be relegated by their internet service provider.


Hackers Target Travel Firm to Plunder Hundreds of Thousands from Clients




The Cyber criminals have now targeted a travel firm Booking.com in an offer to plunder hundreds and thousands of pounds from clients.

The clients were sent WhatsApp and text messages asserting a security break that implied that they needed to change their password.

Be that as it may, the link gave the attackers access to the bookings and they at that point, sent follow-up messages requesting full installment for holidays ahead of time with false bank details provided.

David Watts, the Marketing manager of Newcastle, got a WhatsApp message but realized it as a trick. He stated: "It looked exceptionally reasonable and I can now believe how people fell for it."

These seemed bona fide as they incorporated personal information of individuals  including their names, addresses, telephone numbers, dates and booking prices as well as reference numbers.





A Staggering Leak Results in 1.5 billion Sensitive Data and Records Made Public


According to a new research by risk intelligence company and cyber security firm, Digital Shadows, 1.5 billion sensitive and personal records have been made public online for anybody to take a look at.

The records, which range from medical archives to financial data, such as payslips, are "openly accessible" for anybody - even those with limited technical knowledge, the report said.

These documents were found over the initial three months of 2018, with the firm finding more than one and a one and a half billion (1,550,447,111, to be correct) records open over various misconfigured document sharing administrations, even  overshadowing 2016's Panama Papers spill.

The fact worth stressing for those in the UK was that the security analysts said that an incredible 36 for every penny of those uncovered records were situated in the European Union.

Rafael Amado, Digital Shadows' strategy and research, said in an interview that while the "sheer quantity of unprotected data was staggering, the quality of the data was really interesting too".

He clarified that confidential corporate information was additionally part of the leak, which included points of interest of products that haven't been released yet. He gave an example of a point of sale terminal that was leaking information on customer exchanges, times, places, and considerable parts of credit card numbers.

Germany was evidently the worst offender in Europe for data exposure levels, followed by France, Italy and after that the UK.

Be that as it may, the US still managed to turn out the biggest culprit as the report found that the States was the most noticeably awful nation for leaking data universally, with 200 million sensitive records prepared to be seen by anybody intrigued enough to look.

Amado faulted the data leakage for the poor security practices of businesses, which he said ought to be more vigilant in regards to how they store and ensure their assets and utilize file sharing protocols and servers as by not doing as such makes it easier for hackers and rival companies to take their important data.


French Security Researcher Claims Personal Security Breach Of Users By PM Modi’s Android App.


Since everybody nowadays is more accustomed to do everything digitally rather than manually the usage of applications and other technological shortcuts is very common , but it is still a shocking revelation for any user to come to know that his/her personal data is being transmitted to a third party without their consent, but what’s more distressing here is the fact the  “app” that is held responsible to do so is the Narendra Modi app, the personal mobile application of the Prime Minister of India Narendra Modi.

French security researcher Elliot Alderson has claimed that the app. is allegedly sharing private information of users to a third-party US company Clever Tap without their consent, Alderson shared a series of tweets claiming that when users create profile on Narendra Modi Android app, their device information, as well as personal data, is sent to a third-party domain called in.wzrkt.com., which apparently belongs to the US company.



In order to confirm whether this privacy breach occurred or not, Alt News decided to take a deep dive into this issue and investigated PM Modi’s Android App. They used popular software called Charles, to intercept the data between the phone and the outside world so as to ascertain whether the user’s phone is transacting with a certain website or not.

The software is capable of enabling one to view all the HTTP and SSL/HTTPS traffic between a machine and the Internet.

Alt News, to verify the claim of the researcher, installed the Narendra Modi Android app and proceeded further to create a profile. After successfully registering they got to know that the “app” was transacting data over the Internet which they captured using the Charles software mentioned above. There they saw that personal information such as name, email id, gender, telecom operator type and more was indeed being shared with the website in.wzrkt.com.

Here, the email-id pratik@xyzabc.com that Alt news entered during registration has been sent to in.wzrkt.com.

This is a very consequential happening as security issues related to sharing of personal information  are becoming more and more generic and so to say, this is not the first time that Elliot Alderson has claimed to such an occurrence.