Search This Blog

Showing posts with label Online data breach. Show all posts

Online Payments for Water Services Intercepted By Hackers


The City of Waco warns residents that their online payments for water services may have been impeded by hackers who stole credit card details.

As per a spokesperson for the City of Waco, the Click2Gov portal for water bill payments was breached by vindictive hackers who had the option to plant pernicious code that redirected sensitive data between August 30th and October 14th.

Security researchers have been following these attacks against Click2Gov's payment portals for two or three years now, with numerous reports of breaches including the urban areas extending across the United States and Canada, bringing about a thousands of payment card details being traded on the dark web.

The core of the issue is said to have been the third-party online payment software that Waco and a few other urban communities and regions use to let residents pay their bills, pay parking fines, just as make other financial transactions. CentralSquare Technologies, the creators of Click2Gov, counters that lone a "limited number" of Click2Gov customers have announced unauthorized access by hackers and that a vulnerability they recognized in the portal has now been closed.

As indicated by media reports, on account of the latest breach including water utility payments, the City of Waco was informed regarding the issue with the Click2Gov software on November 8, 2019.

City representative Larry Holze says, “Of the 44,000 water customers, typically we receive 12,500 payments online each month. During the period identified, a little over 8,000 customers were mailed letters. Payments made with a credit card inside the water office (not online) are not involved in this incident.”

Consumers affected by the breach can hope to get a letter from the city the previous week informing them about the occurrence and advising them whenever required on the means that ought to be taken to secure against such fraud.

“We’ve sent out letters to all those people who they’ve been able to give us that have been compromised, in some fashion, asking them to be careful and watch their statements and make sure something doesn’t show up,” said spokesman Holze.

The city has additionally set up a hotline for residents with inquiries regarding the breach, accessible from Monday to Friday on 833-947-1419.7

Russian Intelligence Attempts to Crack Tor Anonymous Web Browser



On being breached by cybercriminals, a Russian intelligence contractor has been found to be attempting to crack an anonymous web browser, 'Tor', which is employed by the people who wish to bypass government surveillance and acquire access to the dark web. However, it is unclear how effective the attempt to crack the web browser was because the modus operandi relied largely on the luck factor to match Tor users to their activity.

According to the findings of the BBC, the intelligence contractor which is widely known in Russia is also working on various secret projects.

SyTech, a contractor for Russia's Federal Security Service FSB, fell prey to a massive data breach wherein hackers gained illicit access to around 7.5 terabytes of data and included details regarding its projects.

The internet homepage of the company was replaced by a smug smiley face by the hackers from a group namely 0v1ru$ who acquired illegal access to the company on 13th July.

In order to crack Tor, SyTech resorted to Nautilus-S which required them to become an active member of the browser's network.

Whenever a user gets connected to Tor, the usage of the web browser is visible to the internet service providers who later can provide this data to the FSB or any other state authority, on being asked.

Commenting on the viability of SyTech's attempt to crack Tor, a spokesperson for the Tor project said, "Although malicious exit nodes would see a fraction of the traffic exiting the network, by design, this would not be enough to deanonymize Tor users,"

"Large-scale effective traffic correlation would take a much larger view of the network, and we don't see that happening here," he added.


Over 200 Million Chinese CVs Compromised On The Dark Web


Over 200 Million Chinese CVs Compromised Online







Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information.



Having lacked, fundamentally basic security endeavors, the database exposed some really personal data of people.



The database encompassed their names, addresses, mobile phone numbers, email addresses, education details and other what-not.



The much detailed information on the base was developed by persistently scouring various Chinese job sites.



Reportedly, the director of the researching institution cited on the issue that at the outset, the data was thought to be gained from a huge classified advert site, namely, BJ.58.com.



Nevertheless, BJ.58.com, vehemently denied the citation and their relation with this accident.



They had thoroughly analysed and checked their databases and found nothing questionable, hence reassuring that they had no role to play in the data leakage.



They also mentioned that certainly some third-party CV website “Scraper” is to blame.



It was via twitter that the news about this data cache first floated among people, and soon after that, it was removed from Amazon cloud where it had been stored.



But, as it turned out while further analyzing, before it was deleted it had previously been copied around 12 times.



There has been a series of incidents where the Chinese have been cyber-affected, and this data loss is the latest of all.



From online rail bookings to allegedly stealing rail travelers personal data, the early days of January were quite bad for the Beijing people.



Reportedly, in August last year, the police of China were busy investigating a data breach of hotel records of over 500 million customers.



Personal data, including the booking details and accounts, registration details and other similar information were leaked.



Also, the Internet Society of China had released a report wherein the several phishing attacks and data breaches the country’s residents had faced were mentioned.