Search This Blog

Showing posts with label User Data. Show all posts

The User Data of Swarmshop Card Shop has been Leaked Online

 

The details of the Swarmshop Darknet payment card market have been removed for the second time in two years and published on a competing underground website. The breach includes all of Swarmshop's records and all the data exchanged on the platform with the stolen credit card. 

Group-IB, the global threat chasing business, has detected that Swarmshop credit card shop consumer data was leaked on the internet on 17 March 2021. As per the Group IB, details of 623,036 bank cards provided by banks in the US, Canada, United Kingdom, China, Singapore, France, Brazil, Saudi Arabia, and Mexico have been dumped into the Swarmshop dump. 

Though recently, Swarmshop Carding Store seems to have been a common, illegal digital shopping market where cybercriminals were permitted to sell and buy stolen card and banking information. However, it remains unclear as to who has extracted this information, or how and when. The leak revealed massive amounts of data comprising data on four website operators, 90 sellers, and 12,250 purchasers. The researchers have written, "The dump included criminals' nicknames, hashed passwords and account balance and contact details for some entries.” 

The researchers also found that “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” 

The one who breached Swarmshop did not warn the hacker and only sent a message with a connection to the database. At first, the administrators of the Card Shop claimed that the information was linked to a prior breach of the platform by a hacker in January 2020. However, their passwords were requested to be modified. Group-IB reviewed the current dump and found it fresh based on the most recent timestamps for user operation. 

“While underground forums get hacked from time to time, card shop breaches do not happen very often,” Dmitry Volkov, Group-IB’s CTO, said in a statement. “In addition to buyers’ and sellers’ data, such breaches expose massive amounts of compromised payment and personal information of regular users.” 

For decades, hackers have hacked other hackers. It seems quite simple for them to gain access to new hacking instruments, dumps, cards, PII, and value products than to hack people who steal them first of all. It is not surprising that Swarmshop has been successfully breached several times. Like everybody else, cybercriminals have security problems. It only shows that cybersecurity is a hard issue regardless of who you are. 

In Swarmshop's case, researchers seem to think that the attack is yet another criminal's business. About one year ago, a set of information has also been compromised. The site underwent a similar attack. No matter who is responsible, researchers believe that the breach would affect Swarmshop's position on cybercrime.

Hackers Send Fake Census Form Alerts to UK Respondents

 


The United Kingdom, like every other country, runs a census every ten years. The census asks residents a number of questions regarding the address of individuals, their age, name, nationality, employment, health, education, and language. (The census here is mandatory and participants are obliged to provide answers)
 
The census happens in the year that ends with number-1, except Scotland, the census is postponed until 2022 due to the Covid-19 pandemic. Due to the Covid-19 pandemic, most of the respondents are filling their services online, they are getting a unique 16 digit access code from the government to each resident via snail-mail. The participant can go to the official government census website, enter the 16 digit login code, saving him the arduous work of filling the form by hand, and snail-mail it back. If the participant fails to fill the census form before 21-03-2021, the government will send a chain of warning notifications with a unique 16 digit code, requesting the participant to fill the form and also fining €1000 if he fails to do so.
 
Naked Security reports, "the criminals did make some grammatical mistakes in their forms that a native speaker of English might notice, and these would be another giveaway, along with the fake domain name, but the crooks have cloned the UK Office for National Statistics “look and feel” very believably."
 
Stay alert of forged forms-
 
If the participant hasn't filled the form yet but may soon do it, he/she should stay wary of fake "census reminders" that are sent by the hackers. And if you've already filled your form, be on alert if you think there have to be some modifications in the details. The hackers are trying to take advantage of the online census by luring the participants into phishing attacks and stealing their data.
 
The fake form may ask for your postcode instead of your 16 digits unique code (the hackers could've also sent a fake 16 digit code but they chose not to), after that, the hackers will ask you similar questions that you may answer while filling out the original forms. However, in the fake form case, you end up exposing your personal details to the hackers, instead of sending your details to Office for National Statistics.

 
How to stay safe?

 
1. Check the Domain name before filling the form on the official website.
 
2. Don't open links that you may receive via SMS or e-mail.
 
3. Stay alert of the text messages that you may receive, please go through the message before filling the form.
 

Furniture Retailer Vhive's Data Breach: Customer Information Leaked Online, Under Investigation

 

The officials are investigating a data breach at local furniture retailer Vhive, which resulted in customer’s personal information such as phone numbers and physical addresses being leaked online. In response to questions from The Straits Times on Saturday, April 3, police confirmed that a report had been filed on the matter.

According to the company, information compromised in the hack includes customers' names, physical and e-mail addresses, and mobile numbers, but it did not include identification numbers or financial information.

In a Facebook post on March 29, Vhive announced that its server was hacked on March 23 and that it was working with police and other relevant agencies, as well as IT forensic investigators, to investigate the breach. 

"All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked," said Vhive. 

"We are truly sorry for the incident and stand ready to assist you if you require immediate help," Vhive told customers. 

According to ST's checks on Saturday afternoon, Vhive's e-mail servers were also compromised. The website only displayed a warning of the cyber attack, while the company's stores on the online shopping platforms Lazada and Shopee were open for business. 

The Altdos hacking group, which operates mainly in Southeast Asia, has claimed responsibility for the breach. In an email to affected customers on Saturday, Altdos said it had hacked into Vhive three times in nine days and claimed to have stolen information of over 300,000 customers as well as nearly 600,000 transaction records. 

The group announced that it will publish 20,000 customer records daily until its demands to Vhive’s management are met. In its Facebook statement, Vhive said it would be closely guided by the forensic investigator and authorities on the steps to protect its systems and ensure that customers can conduct transactions securely. 

In previous hacking incidents, Altdos has stolen customer data from companies, blackmailed the compromised company, leaked the data online if its requirements were not met, and publicized the violations. The cyberattacks were mainly focused on stock exchanges and financial institutions. 

In January, Altdos claimed to have broken into the IT infrastructure of the Bangladeshi conglomerate Beximco Group and stole data from 34 of its databases. 

Last December, it hacked a Thai securities trading firm and posted stolen data online when the firm allegedly failed to confirm her emails and claims.

BCPS Hit by Conti Ransomware Gang, Hackers Demanded $40 Million Ransom

 

Several weeks ago, the Conti ransomware gang encrypted the systems at Broward County Public Schools and took steps to release sensitive personal information of students and staff except if the district paid a colossal $40 million ransom. Broward County Public Schools, the country's 6th biggest school district with an annual budget of about $4 billion, enlightened parents about a network outage on March 7 that adversely affected web-based teaching, but dependent on this new data, the incident was unmistakably much more serious. 

First reported by DataBreaches.net, the hackers took steps to disclose a huge trove of personal information, including the social security numbers of students, teachers, and employees, addresses, dates of birth, and school district financial contact information. "Upon learning of this incident, BCPS secured its network and commenced an internal investigation,” the statement continued. “A cybersecurity firm was engaged to assist. BCPS is approaching this incident with the utmost seriousness and is focused on securely restoring the affected systems as soon as possible, as well as enhancing the security of its systems." 

The hackers published screenshots of a text message from mid-March between them and a district official — clearly a negotiation for the hackers to deliver the documents back to the district. 

“The good news is that we are businessmen,” the text message from the hackers said. “We want to receive ransom for everything that needs to be kept secret, and don’t want to ruin your reputation. The amount at which we are ready to meet you and keep everything as collateral is $40,000,000.” 

After weeks of negotiations, the hackers in the end brought the proposal down to $10 million. Under district policy, that sum is the maximum it can pay without school board approval. 

Broward County's case was one of a few ransomware assaults that hit educational institutions in the past two weeks. The Clop ransomware gang was very active, with reported cases influencing the University of Maryland, Baltimore Campus (UMBC); the University of California, Merced; the University of Colorado; and the University of Miami. Jamie Hart, cyber threat intelligence analyst at Digital Shadows noticed that these assaults were led by the Clop gang and were targeted as a part of the Accellion FTA breach.

Ubiquiti Shares Fall After Reportedly Downplaying 'Catastrophic' Data Breach


New York City-based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company dropped drastically this week. 

In January, Ubiquiti informed customers that unauthorized access to certain IT systems hosted by an unidentified third-party cloud provider had been discovered. The company said at the time that it had found no evidence of user data being compromised, but it could not rule it out so it advised the customers to change their passwords. 

When Ubiquiti disclosed the security breach, it only had a small impact on its stock and the value of its shares has increased tremendously since, from roughly $250 per share on January 12 to $350 per share on March 30. Ubiquiti shares are now down to $290 at the time of publishing, following the news that the breach may have been bigger than the company led customers and investors to believe. 

On Tuesday, March 30, cybersecurity blogger Brian Krebs reported that he discovered from someone involved in the response to the breach that Ubiquiti "massively downplayed" an incident that was actually "catastrophic" in order to reduce the effect on the company's stock market value. 

According to Krebs' source, the intruder obtained access to Ubiquiti's AWS servers and then tried to extort 50 bitcoin (worth approximately $3 million) from the company to keep quiet about the hack. As per the source, "the intruder acquired obtained privileged credentials from the Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies”. The hacker allegedly had access to Ubiquiti cloud-based devices through remote authentication. 

Ubiquiti released a statement on Wednesday in response to Krebs' report, stating that it could not comment further due to an ongoing law enforcement investigation. “In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” the company stated. “These experts identified no evidence that customer information was accessed or even targeted. The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information. This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.” 

At least two law firms are investigating whether Ubiquiti violated federal securities laws and are urging the company’s investors to contact them.

533 Million Facebook Users' Phone Numbers And Personal Data Leaked Online

 

On Saturday, a user turned to a low-level hacking forum to leak the personal information of hundreds of millions of Facebook users, free of cost. The sensitive credentials that have been exploited included personal data of over 533 million Facebook users from 106 countries – around 32 million users from the US, 11 million from the UK, and around 6 million from India. Leaked data includes users’ full names, their date of birth, address location, phone numbers, Facebook IDs, bios, and in certain instances email addresses also. 

Alon Gal, a CTO of cybercrime intelligence firm Hudson Rock, analyzed the breach on Saturday and informed about this event on Twitter. Alon Gal is also known for his last research finding that was appeared as the same leaked database previously became accessible via a Telegram bot in January. 

While back then, the situation was different. The hacker who was behind the Telegram bot leaked database was selling the hacked credentials to those clients who were ready to pay for the information, but this time the difference is that that all this leaked data of more than 533 million people is available for everyone for free in a low-level hacking forum. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Alon Gal stated. 

The incident is not foreign to Facebook, which is indeed a popular platform in the arena of cyberattacks. Before this cyberattack, the platform had already experienced data breaches multiple times, notably so. 

The vulnerability that had been spotted in 2019 exposed sensitive information of millions of Facebook users including their phone numbers to be scraped from Facebook's servers in contravention of its terms of service. Back then, Facebook officially stated that the vulnerability was patched in August 2019. Additionally, Facebook vowed to eliminate mass data-scraping after Cambridge Analytica scraped over 80 million users’ data in violation of Facebook's terms of service to target voters with political ads in the 2016 election.

Telemetry Data is Being Shared by Google and Apple Despite the user Explicitly Opting out

 

A new study revealing Apple and Google's monitoring of mobile devices is making headlines. It discusses how, despite the fact that both companies give consumers the possibility to opt-out of sharing telemetry data, the data is still shared. Both Google's Pixel and Apple's iPhone extract data from mobile devices without the users' permission. Both iOS and Android transfer telemetry, according to Trinity College researcher Douglas Leith, “despite the user explicitly opting out.” 

The analysis is a component of a complete study titled "Mobile Handset Privacy: Measuring the Data iOS and Android Send to Apple and Google." Perhaps it comes out that Google gathers much more data than Apple, almost 20 times more data from the Android Pixel users. 

“The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google,” as per the report. “When a SIM is inserted, both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets, and the home gateway, to Apple, together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.” 

According to the researcher’s observations, Google Pixel transfers approximately 1MB of data to Google servers during the first ten minutes of operation. For the same duration of time, the iPhone sends about 42KB of data to Apple servers. When the Pixel is turned off, it transfers approximately 1MB of data to Google every 12 hours, whereas the iPhone sends just 52KB. The report also indicated that, whether in use or not, both operating systems link to their back-end servers every 4.5 minutes on average. 

Nevertheless, third-party software and pre-installed apps that come with both the operating system were not included in the evaluations. The study focused solely on data collected by handset features and elements at the operating system level, such as Apple's Bluetooth UniqueChipID, Secure Element ID, and the transmission of Wi-Fi MAC address. Even after not being opened or used by the user, the highlight of the study is the ability of pre-installed applications and services, which are exclusive to handset manufacturers, to connect to the network. 

According to the study, telemetry data transmission poses major privacy issues. The study does highlight the importance of sending general user data to the software manufacturer, as this provides for the creation and release of critical device and security updates for specific models.

Here's How to Safeguard Against Mobikwik Data Breach

 

Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put up for sale on the dark web. However, the Gurugram-based digital wallet company is denying the data breach by stating that they have not discovered any evidence of a data leak.

Rajshekhar Rajaharia, an independent cyber-security researcher was the first person who disclosed the data leak in February. He had said that bank details, email addresses, and other sensitive details of nearly 11 crore Indians were leaked on the dark web. 

Approximately, 8 terabytes (TB) of personal user information were stolen from Mobikwik’s main server by a hacker named ‘Jordan Daven’ and put on dark web platforms on January 20, Rajaharia stated. As a shred of evidence, Jordan Devan emailed the link of the stolen database to PTI and stated that they do not have any other motive of using the data except to acquire it from the company and delete it from their end and also shared the private details of Mobikwik founder Bipin Preet Singh and CEO Upasana Taku from the stolen database. 

When approached, Mobikwik denied the claims and stated, “the company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of breach.” 

Precautionary measures for Mobikwik users 

To check out whether your data is compromised or not, you have to download the Tor browser. It is a free and open-source web that helps you anonymously browse the web. You should also update your Mobikwik account by setting new passwords and setting up two-factor authentication. 

Open this link to access the entire database of the leak that is now online. Search for your data by using your email id or contact number. If nothing pops up, you are safe but if something does pop up then you should immediately contact your bank, and block your cards now.

In just $16, Hackers May Steal User Data Via SMS Attack

 

Smartphone users are facing a new confidentiality and security risk as text messaging services are currently misused to secretly divert text messages from users to hackers, for only Rs 1,160 (nearly $ 16), allowing cybercriminals to control two-factor codes or SMS. The unreachable cyber-attack on SMS redirecting firms is carried out in conjunction with workers from telecommunications companies. 

Though having every feasible thread, new technological changes take place every day to fight hackers and protect user data, and further their privacy. But here's a new attack that has been witnessed recently – to defraud one’s protection against OTP in every online transaction. This whole new attack allows hackers to redirect SMS connected to their systems by the victim's phone number. Through its exploiting services, hackers use business-driven text messaging management services to conduct the attack. In a manner, these attacks are also achievable, at least in the United States, due to the failure of the telecommunications industry, and hackers are at ease. 

"The method of attack, which has not been previously reported or demonstrated in detail, has implications for cybercrime, where criminals often take over target's phone numbers in order to harass them, drain their bank account, or otherwise tear through their digital lives," stated the report from Motherboard late on Monday, 15th of March. 

Joseph Cox, a reporter for the motherboard, was personally attacked and was not really aware of the attack on his cell phone number. The odd thing about the attack is that the hacker is available with just a $16 payment (Rs. 1,160). In the case of Cox, the company providing the services said that the attack was resolved but was not taken care of, for several others. Besides, some firms know the attack, still, CTIA, the commercial organization, is being blamed. 

These services not only allow the attacker to intercept incoming texts but also allow them to answer. Another hacking act frequently performed by hackers is the SMS redirect attack. SIM Swapping and SS7 have already been attacking many users. However, what is interesting about such attacks is that in a few instances the user learns about the exploit because the phone has no network. 

Therefore it’s better not to rely on SMS services to prevent this. Users should use Authenticator apps and log their email account to obtain OTPs, especially for bank-related OTPs. 

"It is better to use an app like Google Authenticator or Authy. Some password managers even have support for 2FA built-in, like 1Password or many of the other free managers we recommend," the report mentioned.

US Telemarketing Company Leaks Data of 114,000 Consumers In a Cloud Storage Error

In a recent cybersecurity incident, a US telemarketing firm leaked sensitive data of tens of thousands of customers after a misconfiguration of a cloud storage bucket happened. VpnMentor team's Noem Rotem identified the malicious AWS S3 bucket last year on 24 December. The finding was traced back to CallX, a Californian business, and its clients use the analytics service to strengthen their inbound marketing and media buying. As per the website, the company lends marketplace Lending tree, security provider Vivint and Liberty Mutual Insurance to its customers. 

Rotem discovered around 1,14,000 files that were dumped openly in the leaky bucket. Most of the files were the audio recordings of call logs between customers and CallX clients, these were traced through the company's software. Besides this, 2000 text transcripts of conversations were also accessible. The files' PII (Personally Identifiable information) include user names, contact no, residential address, and much more. 

"If cybercriminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow up’ phone calls or emails posing as a representative of the relevant CallX client company. Using the transcripts, it would be easy to establish trust and legitimacy with targets in such schemes," reports VpnMentor. As the people exposed have no apparent relationship to one another, by the time the fraud was discovered, it may be too late, it says. VpnMentor alarmed that hackers could launch phishing attacks using the leaked data. CallX can also fall under regulatory scrutiny, being in the purview of the new CCPA (Californian privacy law). Sadly, the bucket is still open to date. 

VpnMentor in its research team reported (https://www.vpnmentor.com/blog/report-callx-breach/) "our team discovered CallX’s S3 bucket and was able to view it due to insufficient security. We found an image of the company’s logo amongst the files stored on the S3 bucket and, upon further investigation, confirmed the company as its owner. We immediately contacted CallX to notify it of the vulnerability and provide guidance on securing an S3 bucket. It’s unclear how many people were aware that somebody recorded their conversations. As a result, the people exposed in this data breach may never know their private data was exposed publicly."

Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach

Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe. 

Lactalis group also owns few top global brands which include Galbani, Lactel, Parmalat, Santal, and Président.  In a press release issued last Friday, the company said that merely a few computers in the network were affected in the attack. Lactalis had identified malicious access in its computer network, upon finding the intrusion, the company immediately contained the attack and informed the investigative agencies later. 

Further investigations revealed that a third party tried breaking into the company networks.  Luckily, there was no data breach, says Lactalis after an ongoing investigation that confirmed the incident. The press release reads, "The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the competent authorities. The results of our investigations establish that a malicious third party is seeking to break into our servers.  For the sake of transparency, we are making public this information. Our IT teams are fully mobilized and supported by experts recognized in cybersecurity. Our investigation with them revealed no data breach at this point." 

The company has currently taken down its IT systems across all the company websites that were affected by the attack. The company further adds, "Lactalis teams are working to protect the interests of our customers, our partners, and our employees. This is why we have restricted, at our initiative to as a preventive measure, our access to the public internet network." As of now, Lactalis says that it didn't suffer any data breach during the attack, however, in most cases, threat actors usually steal personal information and data when spreading throughout a breached network. Attacks like these often lead to extortion and threat actors may expose information on data leak sites if the party fails to pay the ransom.

CEO of Koo App Denies the Allegations of Data Breach by French Hacker

 

Koo, a home-grown microblogging platform has come under the scanner after a French ethical hacker known by the moniker Elliot Alderson on Twitter uncovered the security loopholes in the Koo app. Cybercriminals can exploit the vulnerabilities in the app to retrieve personally identifiable information such as e-mail ID, date of birth, name, marital status, gender, and more.

Several Union ministers, politicians, and film actors are switching to the micro-blogging platform Koo but this leak has raised serious concerns regarding the safety of private information of the users. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of users: email, dob, name, marital status, gender…” Alderson tweeted with emended screenshots of the data he was able to access.

Aprameya Radhakrishna, Koo’s co-founder, and CEO responded that the app is fully secured and data visible is something that the users have voluntarily shown on the profile. Aprameya explained on Twitter that “some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway”.

Alderson countered the tweet by sharing a screenshot of an IAS officer on Koo, he claimed he could gain access to the data of an IAS officer without it being visible on the profile page and he tagged Aprameya in his tweet.

Aprameya replied to the tweet – “@fs0c131y (Elliot Alderson) We’re attempting to do something for our country, India. All help is appreciated. If you want to help out in this journey of ours please write to me at ar@kooapp.com and we can take a look at all the feedback you have. Thanks!” 

The popularity of the Koo app is increasing with each passing day and has surpassed over 3 million downloads on both Google Play and the Apple app store. Observably, the app is seen as the alternative to Twitter and many prominent personalities have moved to the Koo app.

Chinese Firms Infiltrate into U.S. Healthcare Data

 

The gulf between the two most powerful nations has widened after the United States National Counterintelligence and Security Center (NCSC) revealed that Chinese firms have secured access to U.S. healthcare data by collaborating with universities, hospitals, and various other research organizations.

According to the reports of the agency the People’s Republic of China (PRC) has successfully managed to infiltrate the US healthcare data, including genomic data via a variety of sources both legal and illegal. The agency also claimed that by securing access to the U.S. healthcare data, China is expanding the growth of its Artificial Intelligence and precision medicine firms.

NCSC wrote in a fact sheet that “for years, the People’s Republic of China (PRC) has collected large healthcare data sets from the U.S. and nations around the globe, through both legal and illegal means, for purposes only it can control. The PRC’s collection of healthcare data from America poses equally serious risks, not only to the privacy of Americans but also to the economic and national security of the U.S.”.

According to the agency, China’s access to the US healthcare and genomic data have raised serious concerns regarding the privacy and national security of the United States, there has been an escalation in the efforts of China during the Covid-19 pandemic with Chinese biotech firm offering Covid-19 testing kits to the majority of the nations and setting up 18 test labs in the past six months, allegedly as part of an attempt to secure health data. 

The agency wrote, “the PRC understands the collection and analysis of large genomic data sets from diverse populations helps foster new medical discoveries and cures that can have substantial commercial value and advance its precision medicine industries”.

The Chinese government is using health data and DNA as a weapon to suppress and control its own people, in the Xinjiang province of China the Uighur population had been forced to give fingerprints, blood groups, and other private data.

Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

 

Recently, Marijuana Business Daily has disclosed a data breach at Aurora Cannabis. The security incident compromised the credential information of an unknown number of employees of the Canadian company. The data breach was not restricted to the current employees of the company but also encompassed the former employees as well. 

A victim has shared an email of a data breach with Marijuana Business Daily which was sent to him on Dec. 25, “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email read. 

The victim, a former employee of Aurora Company who was terminated in February 2020 with other hundreds of employees, didn’t get notification of the breach until late December 31. The source said that working for Alberta-based Aurora was “an experience that I think a lot of people want to forget.” 

“And then getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face,” he further added. The former employee said that he had talked with three present workers at Aurora and five other former employees about the information that has been exposed. Each of them reported a different kind of data breach, some reported breach of their credit card information and government identification, while others said that their home address and banking details were exposed, he added. 

The company’s spokeswoman Michelle Lefler has confirmed that the company “was subject to a cybersecurity incident” on Christmas Eve. It has affected both present and former employees of the company. 

As of now, it remains unclear what "kinds" of personal information were exposed. “The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement. 

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” Further, she added, for now, I am unable to provide the specific number of Aurora employees whose data was exposed. I can confirm we are following all security protocols, are working with privacy councils and law enforcement, and have communicated directly with any impacted current or former employee,” Lefler added.

Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

Data Breach: Stolen User Records from 26 Companies Being Sold Online

 

A data broker has been allegedly selling stolen user data of twenty-six companies on a hacker forum. Reportedly, the hacker who has put on sale the stolen data for certain companies at a particular price – is yet to decide the pricing for the rest of the stolen databases. 

The hacker behind the sale has stolen a whopping total of 368.8 million user records majorly from companies that previously reported 'Data Breach', however, seven new companies that joined the list were – Sitepoint.com, Anyvan.com, MyON.com, Teespring.com, Eventials.com, ClickIndia.com, and Wahoofitness.com.

Dark Web and Hacking Forums keep making headlines for their notorious relationship with data brokers and hackers who extensively use these platforms to leak or sell databases containing user information/credentials/records acquired during data breaches of various companies worldwide who later confirm the breaches. However, in the aforementioned case, only MyON and Chqbook have confirmed the data breaches, the other six companies have not given any statement confirming that they have experienced a data breach.

In a conversation with BleepingComputer, while confirming that their networks were compromised, MyON.com said, "In July 2020 we were made aware of a bad actor trying to sell portions of our data on the dark web. We immediately began investigating to shut down any continued threats to our data or the data of our customers. We were then able to confirm that according to federal and state privacy laws, no confidential student or customer data was compromised, and this incident did not rise to the level of an actual breach of student private data."  

Whereas, while denying the claims of a data breach, Chqbook.com emailed BleepingComputer, saying, "There has been no data breach and no information belonging to our customers has been compromised. Data security is a key priority area for us and we conduct periodic security audits to ensure the safety of our customers’ information,"  

The companies that fell prey to the data breach are as follows: MyON.com (13 million), Singlesnet.com (16 million), Teespring.com (8.2 million), ModaOperandi.com (1.2 million), Chqbook.com (1 million), Pizap.com (60 million), Anyvan.com (4.1 million), Fotolog.com (33 million), Eventials.com (1.4 million), Wahoofitness.com (1.7 million), Reverbnation.com (7.8 million), Sitepoint.com (1 million), Netlog.com (53 million), Clickindia.com (8 million), Cermati.com (2.9 million), Juspay.in (100 million), Everything5pounds.com (2.9 million), Knockcrm.com (6 million), Accuradio.com (2.2 million), Mindful.org (1.7 million), Geekie.com.br (8.1 million), Bigbasket.com (20 million), Wognai.com (4.3 million), Reddoorz.com (5.8 million), Wedmegood.com (1.3 million), Hybris.com (4 million). 

Users who happen to be a part of any of the abovementioned websites are strongly advised to update their passwords, preferably something unusual and strong enough to thwart a brute-force attack.

UK Finance Body: Beware of Parcel Delivery Scam, Especially During Christmas Season

 


After months of lockdown, this Christmas season has become even more special to people but fraudsters are also beginning to capitalize on the much-delayed excitement of the users. The banking trade body UK Finance has warned the public against parcel delivery scams getting popular during the Christmas shopping season. 

The banking trade body said that this Christmas, more people across the nation are expected to shop online than ever before and there are high chances that con men will take advantage of this.
 
According to Intelligences from UK Finance Trade body, malicious actors’ are sending purportedly phishing emails from genuine delivery companies, claiming that companies have been unable to deliver parcels, large letters or packages and later requesting recipients to send their personal and financial information such as their date of birth, address, bank details, and mobile numbers along with a fee in order to rearrange the delivery. 

It also has been observed that in certain cases, bank customers are also receiving a phone call from the fraudsters as their bank’s fraud team, suggesting them to move their money to a safe account or reveal their passcodes. 

Katy Worobec, managing director of economic crime at UK Finance said, "We are urging people not to give gift to fraudsters this Christmas and to follow the advice of the Take Five to Stop Fraud campaign. Criminals will stop at nothing to commit fraud and that includes exploiting the festive season to target their victims". 

Steps to Prevent Fraud Campaign:

• According to intelligence, people must be vigilant against phishing emails with fake links which can lead people to fake platforms and will ask them to fill in important data, particularly personal and financial. It can be seen that these emails may appear more genuine and trusted but be aware of any fraud scam like this which can cost you more than you expect. 

• People are advised to check their delivery notification attentively to ensure that they are genuine. Criminals are employing the same pattern as genuine companies use for their customers. 

• Customers should always remember that they are about to claim and hence, they should ask questions to the authorities or companies before sending information and money. 

• If one feels that the company is not genuine then he is advised to contact the company directly before sending any form of information. 

• Last and also the most important step to take is to report and register a complaint on a genuine platform if you are being attacked by any fraud or scam.

Hackers Dropping Malware via Free WinZip Trial Popup Vulnerability

 

Researchers have discovered a critical security flaw in WinZip 24 that targets users with malware. WinZip trial popup vulnerability allows hackers to perform arbitrary code execution and DNS poisoning.
 
When WinZip displays prompt informing about the expiry of the free trial and sends requests for checking updates, it communicates in plaintext over HTTP instead of HTTPS; the vulnerability has been reported to exist in the way WinZip communicated with its servers, making it susceptible to exploits by malicious actors who delivered malware through the same. 

WinZip is free to download ZIP tool program that is used to compress and decompress files easily. It enables users to zip and unzip almost all file formats including zip, tar, rar, and etc. However, the tool is available online free for a trial period, and to continue availing its services fully, users need to purchase a license for which the tool checks software status for users over a period of time, repeatedly. Once it detects the trial period being expired, the software displays a prompt using the abovementioned way of communication: That is where the bug was found.
 
It was in between that attackers could intercept the traffic and intervene in the communicated text and added an infected WinZip version. Furthermore, the users' concerns are aggravated by the fact that the update request also contains personal data of the user such as 'registered username', 'registration code', and other required information for the processing of the request. This information could also be accessed by the attacker meddling with the trial popup.
 
"WinZip 24 opens pop-up windows time to time when running in Trial mode. Since the content of these popups is HTML with JavaScript that is also retrieved via HTTP, it makes manipulation of that content easy for a network adjacent attacker," as told by Researchers from Trustwave.
 
"The application sends out potentially sensitive information like the registered username, registration code and some other information in query string as a part of the update request. Since this is over an unencrypted channel this information is fully visible to the attacker."
 
"This means anyone on the same network as user running a vulnerable version of WinZip can use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web server instead of legitimate WinZip update host. As a result, unsuspecting user can launch arbitrary code as if it is a valid update," the researchers further added.

Google’s Data Security: How Google Protects your Data from Cyber Threats?



The world is moving very fast towards technology and materialism. Subsequently, it has become increasingly difficult for people to shun away from online services. According to the reports, Google has a large international market – over 50% of its customers represent premier business customers. Interestingly, more than 5 million businesses have chosen Google Apps services for their Businesses. Users of online services are much familiar with Google and its products but cyber threats always threaten people and make them question the security of their data. Is Google selling their data or personal information? 

According to Google, the tech giant takes the following measures- 

Physical Security - Google claims that it provides 24/7 physical security to all data centers located across the world. The organization is also known for its advanced measures such as laser-based surveillance and biometric identification to protect its employees from cyber threats and identity theft. 

The company’s in-house disaster response team assures that even during natural disasters such as fire, flood, etc which hits the physical location of its data center Google still manages to use security monitoring to protect users from malware. The company also says, “We constantly monitor all applications, deploy patches through automated network analysis and proprietary technology, it helps us in detecting threats such as malware, viruses, and other forms of malicious code’’. 

Encryption-  Encryption means ‘the process of converting information or data into a code, especially to prevent unauthorized accesses’. The company states that ‘we use encryption into every data flow so customer’s data remain protected from any kind of snooping activities funded by official government actors. Furthermore, the tech giant added that it protects all the data access to security technologies such as HTTP and TLS or Transport Layer Security so that all email content remains inaccessible to malicious actors.

Malware protection-  According to Google, Google ensures protection to its users from any malware by deploying automated network analysis solution which keeps all kind of malicious codes away from customers credential information, with that company also use multi-purpose tools for software security and quality assurance.

Customized hardware- Google ensures that its hardware remains well protected with highly customized server components against any network infiltration by hackers. It also ensures that only its legitimate devices access the user’s data which are all under protection. 

Incident Response–A team of “Incident Management Program’’ (IMAG) at Google says, that our incident response team is 24/7 active at every data center to protect individuals' data by altering every individual if any malicious activity has been found on their account. 

Limited Access- Google gives limited access to important data which includes; business data, highly sensitive information to its employees, by doing this Google ensures security and privacy at every stage of its system.

Sensitive Data of 7 Million Indian Cardholders Circulating On Dark Web


There is a rapid increase in the number of data breaches last year, jumping by 17%, which has become an increasingly serious issue. Recently, sensitive data of 7 million debit and credit cardholders has been circulating on the dark web.

The 2GB database included names, contact numbers, email addresses, Permanent Account Number, income details, and employers' firm.

As per the screenshots of the leaked data, the details were found on a public Google Drive document discovered by Rajshekhar Rajaharia, an Internet cybersecurity researcher who informed Inc42, warning that as the private data pertains to the finances, it is highly valuable and can potentially be used by malicious actors to develop phishing attacks.

The database that also included the PAN numbers of around 5 lakh users, relates to the time period between 2010 and 2019 which could be of extreme significance to cybercriminals and scammers, per se. Although the card numbers were not available in the database, Rajaharia managed to verify the details for certain users including himself. He matched the LinkedIn profiles of the names mentioned in the list, and it proved to be accurate.

In a conversation with Suriya Prakash, Sr Security Researcher Cyber Security and Privacy Foundation Pte Ltd, Ehacking News attempted to understand the source of the breach: He said, "These usually don't originate at the bank level as they have secure environments. Regulators and banks often misunderstand this and spend crores securing infrastructure."

"The main source of data breaches are usually due to bank employees using their official emails to create accounts in third-party sites (social media etc). When these third parties get breached its causes issues for the bank. This can be simply avoided by putting in the SOP that employees should not use their official emails for other services, any usage should get written permission from the admin team. If this is strictly enforced majority of data breaches can be avoided."

"Also websites that collect payments like e-commerce sites should be brought user RBI regulations as they too might be causes of the breach," he concluded.