Search This Blog

Showing posts with label UK. Show all posts

Ticketmaster Fined $10 Million by Department of Justice for Unlawful Business

Ticketmaster had to pay €7.3 Million ($10M) fine compensation for intervening in a rival company's computer systems, says the US Department of Justice. Ticketmaster agreed to pay a fine amount after it faced allegations by the US DoJ that the company gained unlawful access into rival company's systems to obtain information about its business. According to DoJ, the US ticket sales and distribution company illegally used retained passwords of a former employee of a rival company to access their computer systems. Ticketmaster had done this as a scheme to wipe out the competitor's business. Responding to the action, Ticketmaster has said that it feels good now that the issue is resolved.


The DoJ in the released statement said that the unlawful activity happened in 2017. The scheme involved 2 company employees, both now dismissed. According to Ticketmaster, the employees' actions violated their company policies and conflicted with their organizational values. Federal officers alleged Ticketmaster of computer intrusion, wire fraud, and other illegal activities dating back to 2013. The federals have agreed to remove charges in 3 years if the company doesn't make any trouble as per the federal prosecution deal. The inquiry emphasized the company's (Ticketmaster) attempts to obtain information, specifically related to concert pre-sale tickets, says the court statements. 

The rival is a UK based company with headquarters in Brooklyn, New York, but the information in legal documents suggest it was Songkick. Songkick holds expertise in offerings performance artists digital widgets called "artist's toolbox," which allowed Songkick to pre-sell tickets to their events on its online websites separately from ticket blocks which were available to Ticketmaster, a company owned by Live Nation Entertainment Inc. 

Live Nation and Ticketmaster unlawfully took a former worker rival company to get details about its business operations, client details, and marketing plans. The employee gave Ticketmaster the login credentials of his former company, which Ticketmaster used several times to gain access to computer systems and get information about Songkick's pricing to develop their own competing platform. 

Bloomberg reports, "songkick sued Live Nation and Ticketmaster in Los Angeles federal court and reached a $110 million settlement in 2018 that included the sale of its ticketing assets to Live Nation. Other Songkick assets had been sold earlier to Warner Music Group."

New Laws for Drone Users Across Europe and UK

 

As of December 31, 2020, the new European Drone Regulations spread out by the European Union Aviation Safety Agency (EASA) will come into power, making the way for an epoch of harmonization across the 27 EU Member States as well as Iceland, Norway, Liechtenstein, and the UK. The set of new rules clarify where drones can be flown, just making it simpler to follow/trace the owners. The UK Civil Aviation Authority (CAA) issued the rules, they have anticipated that there will be an escalation in the number of drone clients after they eliminated the differentiation among recreational and business applications.

At first, these drones didn't need to be enlisted because of their sub-250g weight, yet this prerequisite has now been extended out to all drones with a camera. This implies proprietors of those drones, or any with a camera, should enlist their drone with the Civil Aviation Authority (CAA) and get an Operator ID. All drone proprietors in the UK will require two IDs before flying outside: the Flyer ID, which includes breezing through a short online assessment, and an Operator ID, which means enrolling your drone at an expense of £9 every year. 

Three new classifications will consider the drone you have and where you mean to fly it, this will, at last, make it workable for novice drone pilots without a qualification. These categories are Open, Specific, and Certified. These have various prerequisites as far as training is concerned and the kinds of drones you can utilize. Recreational flying will be covered by the 'Open' category. 

Open category: The Open Category is for what are viewed as generally low-risk flights and will apply to the sort of consumer drones that most of the novice drone pilots use. It further has three subcategories – A1, A2, and A3.
 • A1 - drones weighing under 250g (0.55lb) can be flown over individuals. 
 • A2 - drones weighing more than 250g however under 2kg should be flown at least 50m (164ft) away from individuals. 
 • A3 - drones weighing more than 2kg should be flown well away from individuals. 

Specific category: The Specific Category covers drone flights that represent more danger than the 'Open' Category and requires a degree of planning, similar to all current commercial activities. The CAA will distribute a bunch of pre-characterized situations and danger assessments.

Certified category: The Certified Category identifies with complex tasks, for example, those where parcels or even individuals are conveyed by the drone. This category is profoundly trained professionals and won't apply to the vast majority of drone pilots.

Elliott Corke, director of Global Drone Training, said, “We would encourage people to read the manual and practise somewhere safe first.”

New marketing campaign against UK subway by using TrickBot malware

 

UK subway market has disclosed that its marketing system has been hacked. The malicious actor was sending TrickBot malware-laden phishing emails to the customers by using its marketing system. 

Threat actor successfully accessed subway UK customers' confidential information such as names and email addresses by hacking a subcard server. This campaign has come to light when BleepingComputer observed a massive phishing campaign targeting U.K. citizens, pretending to be order confirmation from subway UK. 

According to the researchers, threat actor was distributing malicious Excel documents to the users that would install the updated version of the TrickBot malware into the system. As per the analysis, the downloaded TrickBot malware is a DLL that will be inserted into legitimate Windows Problem Reporting executable directly (wermgr.exe) from memory to avoid being caught by security software and would appear like an authentic task running in the task manager. 

What is TrickBot? 

Trickbot is a computer malware-trojan, which targets Microsoft Windows or other operating systems to get sensitive information and acts as a dropper for other malware. Mainly, the malware is configured to send direct links to users by emails to download malware from malicious websites and trick the users into opening malware through an attachment. 

It is about yesterday when Subway UK customers were receiving bogus emails from 'Subcard' of Subway about customers placed orders. The emails that were sent to the users comprised of certain links of documents that appeared to be a confirmation of the order. 

In a recent development, it has been observed that TrickBot malware expanded its arsenal by adding TrickBoot. 

In November, operators of TrickBot had added a new tool to its array with the name ‘LightBot’ to inspect the victim’s network for high-value targets. 

Subway said in a statement to BleepingComputer, "Having investigated the matter, we have no evidence that guest accounts have been hacked. However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details."

"Crisis protocol was initiated and compromised systems locked down. The safety of our guests and their personal data is our overriding priority and we apologies for any inconvenience this may have caused."

A Government-Backed Advert for Career Opportunities in Cyber Security Taken Down Mere Hours After Release

 

A campaign originally meant to draw in more individuals to career opportunities in cybersecurity has gone under hefty analysis and criticism which ultimately resulted in it being removed completely after just a couple of hours of its release.

Part of the government's Cyber First mission, the advertisement shows a young lady tying up her ballet shoes with the caption being "Fatima's next job could be in cyber. (she just doesn't know it yet)” with the slogan "Rethink. Reskill. Reboot." 

At first, it was quite unclear regarding who was behind this campaign, with it including the branding of DCMS and NCSC's Cyber First Campaign. Secretary of State for DCMS Oliver Dowden however dismissed any association with the campaign, saying “this is not something from DCMS” while agreeing that “it was crass.” 

The poster though, one of a few which highlights individuals from a wide variety of different professions has been vigorously criticized on online media.

Javvad Malik, a security awareness advocate at KnowBe4, said the poster did come across as tone-deaf.

“With any career, you want to pull people towards it and motivate them to want to choose it,” he said. “It's only when people enjoy, have an interest in, or have a passion for a role that they actually have a sense of achievement and contentment. 

The Prime Ministers official spokesperson stated: "This is part of a campaign encouraging people from all walks of life to think about a career in cybersecurity. However, this particular piece of content was not appropriate and has been removed from the campaign. The government recognizes the challenge to the cultural industry and today the culture secretary has announced £257m of funding to help support 1,385 theatres, art venues, museums, and cultural organizations across England." 

This move comes after the chancellor denied empowering laborers in the already struggling arts industry to retrain. 

Rishi Sunak has although insisted that this was a general statement made by him about the requirement for some workers to "adapt" and recommended there would be "new and fresh opportunities" accessible for the individuals who couldn't do their old jobs.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

More than 300 hundred arrested in "dark web child abuse" sting!


Hundreds, around 338 people have been arrested in the worldwide sting of "largest dark web child porn marketplaces", investigators said.

The now seized English website, "Welcome to Video" hosted 2,00,000 videos showing illegal acts committed to children, which were downloaded more than a million times. The site had eight terabytes of data containing gruesome acts being done to infants, toddlers and children.

The site's owner Jong Woo Son, 23, from Korea is currently in prison, serving a sentence of 18 months. Unites States officials have unsealed nine allegations against him.

"You may try to hide behind technology but, we will find you and arrest you and prosecute you." Jessie Liu, the US attorney for the District of Columbia said in a press conference.

The site was shut down a year ago in March by US authorities, but on Wednesday officials said 338 users have been arrested from 38 countries including UK, Ireland, US, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada.
The site also used a Bitcoin based marketplace with at least 7,300 transaction worth about 730,000 dollars. UK's National Crime Agency said "The site was one of the first to offer sickening videos for sale using the cryptocurrency bitcoin. "

The arrest was  result of a three years of hunt by National Crime Agency of Britain, and task forces from UK, US, South Korea and Germany. The officials first came across the website while investigating one of UK's worst child sex offender and paedophile, geophysicist Dr Matthew Falder in 2017. Fadler, admitted to 137 offenses and is serving a 25 years sentence for sharing images and abusive videos on the dark web. Then in March, 2018 officials went to South Korea to take down the website's server and to arrest Jong Woo Son, the owner of the site.

The officials were able to arrest many suspects by tracing the cryptocurrency transactions. Seven men from the UK and five from America have already been convicted of the investigation. One of them being, Kyle Fox another child offender already in jail for raping a five-year-old boy and sexually abused a three-year-old girl.
“The scale of this crime is eye-popping and sickening,” said John Fort, the chief of IRS criminal investigations. The task force was able to rescue 23 children from a state of constant abuse.

Forensic services firm pays ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.

At the time, the firm described the attack as "highly sophisticated".

BBC News has not been told how much money was involved in the ransom payment or when it was paid.

The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

The agency, which is investigating the attack, said: "As there is an ongoing criminal investigation, it would be inappropriate to comment."

Eurofins previously said the attack was "well-resourced" but three weeks later said its operations were "returning to normal".

Cyber-attack hits police forensic work

It said it would also not comment on whether a ransom had been paid or not.

It added it was "collaborating with law enforcement" in the UK and elsewhere.

The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.

Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.

Eurofins deals with over 70,000 criminal cases in the UK each year.

It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.

Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government's Forensic Science Service in 2012.

'Court hearings postponed'

An emergency police response to the cyber-attack was led by the National Police Chiefs' Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.

Spotify app: Crashed down for users around the world







Spotify users around the world are having trouble logging in the app as well as while streaming the music.

Initially, the users in the UK and Europe reported about the app's crashing down, but after some time the users around the world reported the same problem.

The first report of app crashing came out at 11am GMT (7am ET).

However, Spotify tweeted a response to the influx of reports from its customers: 'Something's not quite right, and we're looking into it. Thanks for your reports!'

 According to the outrage monitoring site DownDetector, users are facing a problem as the website is not working properly. Around 63 percent of users reported that they are facing trouble in playing music.

Users have started making memes about the crashing of the popular music streaming website.