Search This Blog

Showing posts with label User Data. Show all posts

CEO of Koo App Denies the Allegations of Data Breach by French Hacker

 

Koo, a home-grown microblogging platform has come under the scanner after a French ethical hacker known by the moniker Elliot Alderson on Twitter uncovered the security loopholes in the Koo app. Cybercriminals can exploit the vulnerabilities in the app to retrieve personally identifiable information such as e-mail ID, date of birth, name, marital status, gender, and more.

Several Union ministers, politicians, and film actors are switching to the micro-blogging platform Koo but this leak has raised serious concerns regarding the safety of private information of the users. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of users: email, dob, name, marital status, gender…” Alderson tweeted with emended screenshots of the data he was able to access.

Aprameya Radhakrishna, Koo’s co-founder, and CEO responded that the app is fully secured and data visible is something that the users have voluntarily shown on the profile. Aprameya explained on Twitter that “some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway”.

Alderson countered the tweet by sharing a screenshot of an IAS officer on Koo, he claimed he could gain access to the data of an IAS officer without it being visible on the profile page and he tagged Aprameya in his tweet.

Aprameya replied to the tweet – “@fs0c131y (Elliot Alderson) We’re attempting to do something for our country, India. All help is appreciated. If you want to help out in this journey of ours please write to me at ar@kooapp.com and we can take a look at all the feedback you have. Thanks!” 

The popularity of the Koo app is increasing with each passing day and has surpassed over 3 million downloads on both Google Play and the Apple app store. Observably, the app is seen as the alternative to Twitter and many prominent personalities have moved to the Koo app.

Chinese Firms Infiltrate into U.S. Healthcare Data

 

The gulf between the two most powerful nations has widened after the United States National Counterintelligence and Security Center (NCSC) revealed that Chinese firms have secured access to U.S. healthcare data by collaborating with universities, hospitals, and various other research organizations.

According to the reports of the agency the People’s Republic of China (PRC) has successfully managed to infiltrate the US healthcare data, including genomic data via a variety of sources both legal and illegal. The agency also claimed that by securing access to the U.S. healthcare data, China is expanding the growth of its Artificial Intelligence and precision medicine firms.

NCSC wrote in a fact sheet that “for years, the People’s Republic of China (PRC) has collected large healthcare data sets from the U.S. and nations around the globe, through both legal and illegal means, for purposes only it can control. The PRC’s collection of healthcare data from America poses equally serious risks, not only to the privacy of Americans but also to the economic and national security of the U.S.”.

According to the agency, China’s access to the US healthcare and genomic data have raised serious concerns regarding the privacy and national security of the United States, there has been an escalation in the efforts of China during the Covid-19 pandemic with Chinese biotech firm offering Covid-19 testing kits to the majority of the nations and setting up 18 test labs in the past six months, allegedly as part of an attempt to secure health data. 

The agency wrote, “the PRC understands the collection and analysis of large genomic data sets from diverse populations helps foster new medical discoveries and cures that can have substantial commercial value and advance its precision medicine industries”.

The Chinese government is using health data and DNA as a weapon to suppress and control its own people, in the Xinjiang province of China the Uighur population had been forced to give fingerprints, blood groups, and other private data.

Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

 

Recently, Marijuana Business Daily has disclosed a data breach at Aurora Cannabis. The security incident compromised the credential information of an unknown number of employees of the Canadian company. The data breach was not restricted to the current employees of the company but also encompassed the former employees as well. 

A victim has shared an email of a data breach with Marijuana Business Daily which was sent to him on Dec. 25, “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email read. 

The victim, a former employee of Aurora Company who was terminated in February 2020 with other hundreds of employees, didn’t get notification of the breach until late December 31. The source said that working for Alberta-based Aurora was “an experience that I think a lot of people want to forget.” 

“And then getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face,” he further added. The former employee said that he had talked with three present workers at Aurora and five other former employees about the information that has been exposed. Each of them reported a different kind of data breach, some reported breach of their credit card information and government identification, while others said that their home address and banking details were exposed, he added. 

The company’s spokeswoman Michelle Lefler has confirmed that the company “was subject to a cybersecurity incident” on Christmas Eve. It has affected both present and former employees of the company. 

As of now, it remains unclear what "kinds" of personal information were exposed. “The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement. 

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” Further, she added, for now, I am unable to provide the specific number of Aurora employees whose data was exposed. I can confirm we are following all security protocols, are working with privacy councils and law enforcement, and have communicated directly with any impacted current or former employee,” Lefler added.

Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

Data Breach: Stolen User Records from 26 Companies Being Sold Online

 

A data broker has been allegedly selling stolen user data of twenty-six companies on a hacker forum. Reportedly, the hacker who has put on sale the stolen data for certain companies at a particular price – is yet to decide the pricing for the rest of the stolen databases. 

The hacker behind the sale has stolen a whopping total of 368.8 million user records majorly from companies that previously reported 'Data Breach', however, seven new companies that joined the list were – Sitepoint.com, Anyvan.com, MyON.com, Teespring.com, Eventials.com, ClickIndia.com, and Wahoofitness.com.

Dark Web and Hacking Forums keep making headlines for their notorious relationship with data brokers and hackers who extensively use these platforms to leak or sell databases containing user information/credentials/records acquired during data breaches of various companies worldwide who later confirm the breaches. However, in the aforementioned case, only MyON and Chqbook have confirmed the data breaches, the other six companies have not given any statement confirming that they have experienced a data breach.

In a conversation with BleepingComputer, while confirming that their networks were compromised, MyON.com said, "In July 2020 we were made aware of a bad actor trying to sell portions of our data on the dark web. We immediately began investigating to shut down any continued threats to our data or the data of our customers. We were then able to confirm that according to federal and state privacy laws, no confidential student or customer data was compromised, and this incident did not rise to the level of an actual breach of student private data."  

Whereas, while denying the claims of a data breach, Chqbook.com emailed BleepingComputer, saying, "There has been no data breach and no information belonging to our customers has been compromised. Data security is a key priority area for us and we conduct periodic security audits to ensure the safety of our customers’ information,"  

The companies that fell prey to the data breach are as follows: MyON.com (13 million), Singlesnet.com (16 million), Teespring.com (8.2 million), ModaOperandi.com (1.2 million), Chqbook.com (1 million), Pizap.com (60 million), Anyvan.com (4.1 million), Fotolog.com (33 million), Eventials.com (1.4 million), Wahoofitness.com (1.7 million), Reverbnation.com (7.8 million), Sitepoint.com (1 million), Netlog.com (53 million), Clickindia.com (8 million), Cermati.com (2.9 million), Juspay.in (100 million), Everything5pounds.com (2.9 million), Knockcrm.com (6 million), Accuradio.com (2.2 million), Mindful.org (1.7 million), Geekie.com.br (8.1 million), Bigbasket.com (20 million), Wognai.com (4.3 million), Reddoorz.com (5.8 million), Wedmegood.com (1.3 million), Hybris.com (4 million). 

Users who happen to be a part of any of the abovementioned websites are strongly advised to update their passwords, preferably something unusual and strong enough to thwart a brute-force attack.

UK Finance Body: Beware of Parcel Delivery Scam, Especially During Christmas Season

 


After months of lockdown, this Christmas season has become even more special to people but fraudsters are also beginning to capitalize on the much-delayed excitement of the users. The banking trade body UK Finance has warned the public against parcel delivery scams getting popular during the Christmas shopping season. 

The banking trade body said that this Christmas, more people across the nation are expected to shop online than ever before and there are high chances that con men will take advantage of this.
 
According to Intelligences from UK Finance Trade body, malicious actors’ are sending purportedly phishing emails from genuine delivery companies, claiming that companies have been unable to deliver parcels, large letters or packages and later requesting recipients to send their personal and financial information such as their date of birth, address, bank details, and mobile numbers along with a fee in order to rearrange the delivery. 

It also has been observed that in certain cases, bank customers are also receiving a phone call from the fraudsters as their bank’s fraud team, suggesting them to move their money to a safe account or reveal their passcodes. 

Katy Worobec, managing director of economic crime at UK Finance said, "We are urging people not to give gift to fraudsters this Christmas and to follow the advice of the Take Five to Stop Fraud campaign. Criminals will stop at nothing to commit fraud and that includes exploiting the festive season to target their victims". 

Steps to Prevent Fraud Campaign:

• According to intelligence, people must be vigilant against phishing emails with fake links which can lead people to fake platforms and will ask them to fill in important data, particularly personal and financial. It can be seen that these emails may appear more genuine and trusted but be aware of any fraud scam like this which can cost you more than you expect. 

• People are advised to check their delivery notification attentively to ensure that they are genuine. Criminals are employing the same pattern as genuine companies use for their customers. 

• Customers should always remember that they are about to claim and hence, they should ask questions to the authorities or companies before sending information and money. 

• If one feels that the company is not genuine then he is advised to contact the company directly before sending any form of information. 

• Last and also the most important step to take is to report and register a complaint on a genuine platform if you are being attacked by any fraud or scam.

Hackers Dropping Malware via Free WinZip Trial Popup Vulnerability

 

Researchers have discovered a critical security flaw in WinZip 24 that targets users with malware. WinZip trial popup vulnerability allows hackers to perform arbitrary code execution and DNS poisoning.
 
When WinZip displays prompt informing about the expiry of the free trial and sends requests for checking updates, it communicates in plaintext over HTTP instead of HTTPS; the vulnerability has been reported to exist in the way WinZip communicated with its servers, making it susceptible to exploits by malicious actors who delivered malware through the same. 

WinZip is free to download ZIP tool program that is used to compress and decompress files easily. It enables users to zip and unzip almost all file formats including zip, tar, rar, and etc. However, the tool is available online free for a trial period, and to continue availing its services fully, users need to purchase a license for which the tool checks software status for users over a period of time, repeatedly. Once it detects the trial period being expired, the software displays a prompt using the abovementioned way of communication: That is where the bug was found.
 
It was in between that attackers could intercept the traffic and intervene in the communicated text and added an infected WinZip version. Furthermore, the users' concerns are aggravated by the fact that the update request also contains personal data of the user such as 'registered username', 'registration code', and other required information for the processing of the request. This information could also be accessed by the attacker meddling with the trial popup.
 
"WinZip 24 opens pop-up windows time to time when running in Trial mode. Since the content of these popups is HTML with JavaScript that is also retrieved via HTTP, it makes manipulation of that content easy for a network adjacent attacker," as told by Researchers from Trustwave.
 
"The application sends out potentially sensitive information like the registered username, registration code and some other information in query string as a part of the update request. Since this is over an unencrypted channel this information is fully visible to the attacker."
 
"This means anyone on the same network as user running a vulnerable version of WinZip can use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web server instead of legitimate WinZip update host. As a result, unsuspecting user can launch arbitrary code as if it is a valid update," the researchers further added.

Google’s Data Security: How Google Protects your Data from Cyber Threats?



The world is moving very fast towards technology and materialism. Subsequently, it has become increasingly difficult for people to shun away from online services. According to the reports, Google has a large international market – over 50% of its customers represent premier business customers. Interestingly, more than 5 million businesses have chosen Google Apps services for their Businesses. Users of online services are much familiar with Google and its products but cyber threats always threaten people and make them question the security of their data. Is Google selling their data or personal information? 

According to Google, the tech giant takes the following measures- 

Physical Security - Google claims that it provides 24/7 physical security to all data centers located across the world. The organization is also known for its advanced measures such as laser-based surveillance and biometric identification to protect its employees from cyber threats and identity theft. 

The company’s in-house disaster response team assures that even during natural disasters such as fire, flood, etc which hits the physical location of its data center Google still manages to use security monitoring to protect users from malware. The company also says, “We constantly monitor all applications, deploy patches through automated network analysis and proprietary technology, it helps us in detecting threats such as malware, viruses, and other forms of malicious code’’. 

Encryption-  Encryption means ‘the process of converting information or data into a code, especially to prevent unauthorized accesses’. The company states that ‘we use encryption into every data flow so customer’s data remain protected from any kind of snooping activities funded by official government actors. Furthermore, the tech giant added that it protects all the data access to security technologies such as HTTP and TLS or Transport Layer Security so that all email content remains inaccessible to malicious actors.

Malware protection-  According to Google, Google ensures protection to its users from any malware by deploying automated network analysis solution which keeps all kind of malicious codes away from customers credential information, with that company also use multi-purpose tools for software security and quality assurance.

Customized hardware- Google ensures that its hardware remains well protected with highly customized server components against any network infiltration by hackers. It also ensures that only its legitimate devices access the user’s data which are all under protection. 

Incident Response–A team of “Incident Management Program’’ (IMAG) at Google says, that our incident response team is 24/7 active at every data center to protect individuals' data by altering every individual if any malicious activity has been found on their account. 

Limited Access- Google gives limited access to important data which includes; business data, highly sensitive information to its employees, by doing this Google ensures security and privacy at every stage of its system.

Sensitive Data of 7 Million Indian Cardholders Circulating On Dark Web


There is a rapid increase in the number of data breaches last year, jumping by 17%, which has become an increasingly serious issue. Recently, sensitive data of 7 million debit and credit cardholders has been circulating on the dark web.

The 2GB database included names, contact numbers, email addresses, Permanent Account Number, income details, and employers' firm.

As per the screenshots of the leaked data, the details were found on a public Google Drive document discovered by Rajshekhar Rajaharia, an Internet cybersecurity researcher who informed Inc42, warning that as the private data pertains to the finances, it is highly valuable and can potentially be used by malicious actors to develop phishing attacks.

The database that also included the PAN numbers of around 5 lakh users, relates to the time period between 2010 and 2019 which could be of extreme significance to cybercriminals and scammers, per se. Although the card numbers were not available in the database, Rajaharia managed to verify the details for certain users including himself. He matched the LinkedIn profiles of the names mentioned in the list, and it proved to be accurate.

In a conversation with Suriya Prakash, Sr Security Researcher Cyber Security and Privacy Foundation Pte Ltd, Ehacking News attempted to understand the source of the breach: He said, "These usually don't originate at the bank level as they have secure environments. Regulators and banks often misunderstand this and spend crores securing infrastructure."

"The main source of data breaches are usually due to bank employees using their official emails to create accounts in third-party sites (social media etc). When these third parties get breached its causes issues for the bank. This can be simply avoided by putting in the SOP that employees should not use their official emails for other services, any usage should get written permission from the admin team. If this is strictly enforced majority of data breaches can be avoided."

"Also websites that collect payments like e-commerce sites should be brought user RBI regulations as they too might be causes of the breach," he concluded.

Data Breach: HR Consulting Giant Randstad Hit by Egregor Ransomware

 

Randstad NV, a multinational Human Resource consulting firm announced that they were hit by Windows Egregor ransomware. Ransomware operators while breaching the network of the staffing agency stole unencrypted files; 1% of which have been published by the threat actors as proof of the data breach. 
 
The data that has been made public is a 32.7MB archive which contains 184 files including legal documents, business files, accounting spreadsheets, and some financial reports. After the data was published by the ransomware operators, a security notification regarding the confirmation of the same was issued by Randstad. However, there is no clarity on whether the personal data of employees or clients was compromised during the attack. 

As per the sources, the attack impacted only a limited number of servers, disrupting their operations based in the US, France, Italy, and Poland. However, in other areas, the company continued its business operations without any interruption. 
 
Headquartered in Diemen, Netherlands, Randstad NV is a Dutch-based globally operated human resources giant that was founded in 1960 and currently operates in 39 countries and 5 continents. Reportedly, the company has trained over 350,000 candidates and helped around 2 million to find a job with their clients.

“Randstad NV (“Randstad”) recently became aware of malicious activity in its IT environment and an internal investigation into this incident was launched immediately with our 24/7 incident response team. Third-party cybersecurity and forensic experts were engaged to assist with the investigation and remediation of the incident,” Randstad disclosed. 
 
"To date, our investigation has revealed that the Egregor group obtained unauthorized and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France," reads the statement published by the firm. 
 
"They have now published what is claimed to be a subset of that data. The investigation is ongoing to identify what data has been accessed, including personal data, so that we can take appropriate action with regard to identifying and notifying relevant parties,"

First identified earlier this year in September, Egregor ransomware has been observed to be rapidly escalating its threat activity by breaking into organizations and running the malware to encrypt their sensitive data. The initial infection vector employed by the attackers is still unknown, however, security researchers have anticipated it to be malicious links or spam emails. Some similarities such as obfuscation techniques, API calls, strings, and functions have been spotted between Egregor and Sekhmet. The sources say that the ransom note left after the attack is also identical in many ways.

Alibaba's Online Store Redmart Suffers Data Breach of More Than Million Accounts, Experts say Company's Fault

 

Lazada, a Singapore firm owned by e-commerce company Alibaba, suffered a hacking attack that cost more than one million accounts. On Friday, the e-commerce company said it lost user accounts containing personal information like credit card credentials and addresses. In what is considered one of the most significant data breach incidents, Singapore suffered a data breach of 5.7 million accounts. 

According to ZDNet, "once beloved for its streamlined and clean users interface, the integrated RedMart experience was described by customers as cluttered, difficult navigate, and missing several popular features such as the ability to update a scheduled order and access to the favorite items list." In its email, the firm confirmed that the hackers took the information from the database of its online grocery platform, RedMart. RedMart had been inactive for more than eighteen months. Experts say that the attack on RedMart was bound to happen as the company didn't take cybersecurity measures when it incorporated the app into its digital platform around a year ago. 

There were various flaws in the integration policy when the company merged. According to experts, Lazada should have done a review of the process after completing the transition. After a hacker claimed that he had access to RedMart's one million accounts, the incident became famous, including personal information like banking details, passwords, contacts, addresses, and names. Lazada had taken RedMart in November 2016. The company has notified the affected users about the data breach. The user accounts have automatically logged out and have been told to change their passwords. Lazada has confirmed that RedMart's database was on a third party provider's hosting service and the accounts hacked were out of date. 

The company says it has taken immediate measures to prevent the issue, and any illegal access has been denied, and no customer data has been breached. "The Southeast Asian e-commerce operator in January 2019 announced plans to integrate the RedMart app into its platform, more than two years after it acquired RedMart. Lazada itself was acquired by Chinese e-commerce giant Alibaba in April 2016," reports ZDNet.

Emotet Returns: Here's a Quick Look into new 'Windows Update' attachment

 

Emotet Malware was first discovered by security researchers in the year 2014, but, the threats by Emotet have constantly evolved over the years. At present, the malware is highly active as its developers continue to evolve their strategies, devising more sophisticated tricks and advancements. Recently, it has been noticed to be delivering several malware payloads and is also one of the most active and largest sources of malspam as of now. 
 
The operators behind Emotet are sending spam emails to unsuspected victims to trick them into downloading the malware; botnet has started to employ a new malicious attachment that falsely claims to be a message from Windows Update asking victims to upgrade Microsoft Word. It begins by sending spam email to the victim containing either a download link or a Word document, now when the victim happens to ‘Enable Content’ to let macros run on their system, the Emotet Trojan gets installed. In their previous malspam campaigns, used by the criminals were said to be from Office 365 and Windows 10 Mobile. 
 

How does the malware works? 

 
Once installed, the malware tries to sneak into the victim’s system and acquire personal information and sensitive data. Emotet uses worm-like capabilities that help it spreading itself to other connected PCs. With add-ons to avoid detection by anti-malware software, Emotet has become one of the most expensive and dangerous malware, targeting both governments as well as private sectors. 

The malware keeps updating the way it delivers these malicious attachments as well as their appearances, ensuring prevention against security tools. The subject lines used in a particular malspam campaign are replaced by new ones, the text in the body gets changed and lastly the ‘file attachment type’ and the content of it are timely revised. 
 
Emotet malware has continuously evolved to the levels of technically sophisticated malware that has a major role in the expansion of the cybercrime ecosystem. After a short break, the malware made a comeback with full swing on October 14th and has started a new malspam routine. 
 
Originally discovered as a simple banking Trojan, Emotet’s roots date back to 2014 when it attempted to steal banking credentials from comrpmised machines. As per recent reports, Emotet also delivers third-party payloads such as IcedID, Qbot, The Trick, and Gootkit.

PoetRAT Targeting Public and Private Sector in Azerbaijan

 



APT groups have been targeting the public sector and other major organizations in Azerbaijan via recent versions of PoetRAT. Notably, the threat actor has advanced from Python to Lua script and makes use of Word documents to deploy malicious software.
 
PoetRAT was first discovered by Cisco Talos, it was being distributed using URLs that falsely appeared as Azerbaijan’s government domains, giving researchers a reason to believe that the adversaries intended to target citizens of the Eurasian country, Azerbaijan. The threat actors also attacked private organizations in the SCADA sector such as ‘wind turbine systems’. However, the recent campaigns that unfolded in the months of September and October were targeted towards the public sector and VIPs. In later updated versions, the operators worked out a new exfiltration protocol to cover their activities and avoid being caught. 
 
Written in Python and split into various parts, the malware provides full control of the infected system to the operation. It gathers documents, pictures from the webcam, and even passwords, employing other tools. In an attempt to improve their operational security (OpSec), the attacker replaces protocol and performs reconnaissance on infected machines. 
 
Over the past months, the developers of the malware have continuously evolved their strategies to penetrate into more sophisticated targets. The campaign demonstrates how the attackers manually pushed additional tools like keyloggers when required onto the infected machines. To name a few more, camera control applications, generic password stealers, and browser- focused password stealers. Besides malware campaigns, the operators also employed the same infrastructure to perform a phishing campaign wherein the phishing website impersonates the webmail of Azerbaijan’s Government.
 
Other instances when Azerbaijan grappled with cyberattacks include a data breach faced by the Azeri Navy sailors. The hacked data belonged to 18,872 sailors of the Azerbaijan Navy which included their full names, DOB, passport numbers, and expiry dates. In another attack, a U.K based live flight tracking service underwent DDoS attacks that temporarily halted its services, the attack is alleged to be having links with the ongoing geopolitical conflicts in Azerbaijan.

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

A Provider of Cyber Security Training Loses 28,000 Items of Personally Identifiable Information (PII) In a Data Breach


A provider of cybersecurity training and certification services, 'The Sans Institute', lost roughly 28,000 items of personally identifiable information (PII) in a data breach that happened after a solitary staff part succumbed to a phishing attack. 

The organization discovered the leak on 6 August 2020, when it was leading a systematic review of its email configuration and rules. 

During this process, its IT group identified a dubious forwarding rule and a malignant Microsoft Office 365 add-in that together had the option to forward 513 emails from a particular individual's account to an unknown external email address before being detected. 

While the majority of these messages were innocuous, however, a number included files that contained information including email addresses, first and last names, work titles, company names and details, addresses, and countries of residence. 

Sans is currently directing a digital forensics investigation headed up by its own cybersecurity instructors and is working both to ensure that no other data was undermined and to recognize areas in which it can harden its systems. 

When the investigation is complete, the organization intends to impart all its findings and learnings to the extensive cybersecurity community. 

Lastly, Point3 Security strategy vice-president, Chloé Messdaghi, says that "Phishers definitely understand the human element, and they work to understand peoples’ pain points and passions to make their emails more compelling. They also know when to send a phishing email to drive immediate responses." 

And hence she concluded by adding that "The final takeaway is that we all need to stay aware and humble – if a phishing attack can snag someone at the Sans Institute, it can happen to any of us who let our guard down."

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

VPN Services Reportedly Leaked Around 1.2TB User Data Containing Sensitive Information


A recent discovery by a tech service company has taken the world by storm. The VPN services may not be as protected and secure as they guarantee to be, the company reveals that around 894GB of client information and data from UFO VPN has been exposed on the web.

This was proved true for eight quite well-known VPN services that have purportedly released a mammoth 1.2TB of client information. These VPN applications are as yet accessible on the Google Play Store with just one removed until now.

The leaked info contains subtleties like accounts passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices.

As per by Comparitech, the tech service company responsible for the discovery,  more than 20 million client entries are included in the logs every day.

The VPN specialist co-op was likewise informed regarding the information spill yet denied any such claims. UFO VPN said that the client logs are saved for traffic monitoring and that every last bit of it is 'anonymized'.

It was later found that there are seven more Hong Kong-based VPN administrations that have around 1.2TB of client information out in the open online.

The list incorporates FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, and UFO VPN as well. Found by VPNmentor, it was discovered that all these VPN services share a typical Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.

The information uncovered from these VPN administrations contain sensitive data like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user names, and more. Dreamfii HK is expected to be the parent company for all these VPN services.

As of now, these VPN applications are as yet accessible on the Play Store, and only Rabbit VPN has been removed.

Welcome Chat App Harvesting User Data and Storing it in Unsecure Location


A messaging platform for Android, Welcome Chat spies upon its users and stores their data in an unsafe location that is accessible to the public. The authors of the app claim it to be available on the Google Play store, meanwhile, marketing it to be a secure platform for exchanging messages which however is not true by any means.

The website of the malicious 'Welcome Chat' app publicizes the platform as a secure communication Android solution, however, security researchers from ESET discovered the app being associated to a malicious operation having links to a Windows Trojan called 'BadPatch' which was employed by Gaza Hackers in a malicious campaign – a long-running cyber espionage campaign in the Middle-East. While the origins of the website advertising the app are unknown, the domain was registered by the developers in October 2019. Interestingly, the app doesn't only function as spyware but works perfectly as a chatting platform as well.

After downloading the app, users need to give permission for allowing installation from unknown sources as the app was not installed via the official app store. Once the Welcome Chat is activated, it asks permission to access the user's contacts, files, SMS, location details, and record audio. Although the list of permissions gets pretty exhaustive for a user to not doubt it, then again they are used to it, especially in case of a messaging platform.

As soon as the app receives all the permissions, it starts mining the victim's data which includes phone recordings, location details, SMS messages and sends it to the cybercriminals behind the malicious operation.

While giving insights about the app, Lukáš Štefanko, researcher at ESET, told, “In addition to Welcome Chat being an espionage tool, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store.”

“We did our best to discover a clean version of this app, to make its developer aware of the vulnerability. But our best guess is that no such app exists. Naturally, we made no effort to reach out to the malicious actors behind the espionage operation,” added Štefanko.

CNY Works Data Breach: Personal Details of 56,000 Customers Exposed


Social Security numbers, names, and other personal details of around 56,000 individuals were exposed as CNY Works faced a data breach. The data breach potentially affected people who sought employment via the company's services.

CNY Works is a New York-based non-profit corporation working to help businesses and job-seeking individuals with the objective of providing skilled workers to businesses and employment for those seeking a job within Central New York – providing a single entry point for Workforce Information.

The agency started sending letters to all its affected customers, warning them about the security breach – the officials told that files compromised during the attack (likely to be a ransomware attack) on their servers consisted of their names and Security numbers. However, the agency did not spot signs of any data being accessed, viewed, or taken down by the threat actors.

Social Security number is a nine-digit number used to record a person's earnings and verify his identity whenever he starts a new job; having your social security number compromised can lead to identity theft in various ways, cybercriminals can sell people's identities on the dark web marketplaces to highest bidders. In a way, it's like getting your bank account info. stolen, only that you can always get a new bank account number, while new Social Security numbers are rarely issued by the concerned administration.

While addressing the security issue, Lenore Sealy, executive director for CNY Works, said in an email to media outlets, “We are sending notification letters to approximately 56,000 individuals.”

“However, we are notifying individuals out of an abundance of caution. CNY Works has no evidence that any of the personal information for these individuals has been misused, or even that any of the personal information in its possession was accessed or stolen as a result of this incident.” The email further read.

Twitter Data Breach: Apology Sent to Potentially Affected Business Clients


The cyberspace has reportedly witnessed a fivefold increase in malicious attacks since the spread of the Coronavirus pandemic, it's primarily because people have been sidetracked due to systematic threat posed by the coronavirus that cybercriminals are not missing any chance of capitalizing on the adversity. Another reason guiding the crisis is based on the fact that IT has become the backbone of organizations as more and more employees turn to work remotely. In light of that, Twitter has become the latest victim of the crisis as the officials apologize for a business data breach.

Attackers have yet again gained access to personal details of Twitter users following a data breach that led the social media owners to seek an apology from its business clients and other users as well. The allegedly compromised data includes highly sensitive information related to the company's business clients' i.e., their phone numbers, email addresses, and last 4 digits of credit card numbers.

While confirming the data breach to TechCrunch, one of the Twitter's spokesperson told that when the billing information on ads.twitter.com or analytics.twitter.com was being viewed, some of the details were getting stored in the browser's cache.

Twitter warned the users of the serious data breach itself by sending emails to its business clients, acknowledging and appreciating the trust their users' place in them, meanwhile delivering a sincere apology for the security incident that might have led to a possible data breach.

"We're very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day." The email read.

"We are writing to let you know of a data security incident that may have involved your personal information on ads.twiiter and analytics. Twitter," Twitter said in a message to its potentially affected customers.

"We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser's cache."

The issue was taken care of as soon as it came to the notice of the company, while Twitter also ensured that clients' who were
likely to be impacted by the security breach are made fully aware and provided with all the necessary information on how to keep themselves secure.