Search This Blog

Showing posts with label User Privacy. Show all posts

CareFirst Data Breach: Sensitive Information of Customers Leaked Online

 

For the third time in the past six years, cybercriminals have targeted CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC). The insurance provider had issued a written statement disclosing a data breach of one of its databases, which occurred on January 28. 

CHPDC’s managed IT service provider alerted CHPDC of abnormal behavior impacting CHPDC systems. Considering the long relationship with cyber-attacks the insurance provider immediately decided to engage cybersecurity group CrowdStrike to identify the source of the leak and also notified both the FBI and the Office of the Attorney General for the District of Columbia.

Unfortunately, hackers were able to gain access to a database and stole sensitive information including names, addresses, contact numbers, date of birth, Medicaid identification numbers. After the examination, CHPDC suggested the attack was likely carried out by a ‘sophisticated, foreign cybercriminal gang’ and it was premature to say how many clients had been affected.

“We’ve taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees. We’re angry and troubled that anyone would target our enrollees. We’re taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available,” George Aloth, CEO of CHPDC, stated.

The company has decided to provide free two-year credit, identity theft monitoring, and a website with information on data breaches to all the enrolled clients who were affected due to this data breach.

The 2014 cyber-attack on CHPDC was one of the largest healthcare breaches ever reported, nearly 1.1 million customers were affected. Threat actors targeted a single database that contained information about CareFirst members and others who accessed its websites and services. CareFirst learned of the data breach on April 21, 2015, nearly one year later after they hired Mandiant, a leading cybersecurity company. 

In October 2020, the FBI, The Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) alerted that cybercriminals were stepping up ransomware attacks on health sector groups as the organizations were involved in Covid-19 treatment and research.

Data Stolen from 500 Million LinkedIn Users Leaked Online

 

Just days after a Facebook data leak was revealed, security experts have discovered another one, this time the victim being LinkedIn as a huge pile of data containing the personal information of 500 million LinkedIn users has been found on sale on a popular hacking forum.

To prove the legitimacy of the data leak, the poster has included nearly 2 million records as a sample, which forum members can view for $2 worth of forum credits. The leaked data includes user names, contact numbers, email addresses, links to other social media profiles, and users’ workplace details. While, the data does not contain credit card information, legal documents, or other financial information that could be used for scams.

However, security researchers warned that lack of financial information does not mean that it is not dangerous. Hackers could misuse the data to create detailed profiles of their potential victims and then conduct targeted phishing or social engineering attacks. They could also use the information to spam emails and contact numbers, or brute-force the passwords of LinkedIn profiles and linked email addresses. 

The threat actor has demanded a minimum of ‘four-digit sum in turn for access to the entire 500 million-user databases. Cybernews confirmed that the data in the sample was scraped from LinkedIn, although it remains unclear if the leaked files contain the latest information, or if it was taken from the previous data breach.

5 steps to protect your LinkedIn account

Across the globe, there are nearly 740 million user profiles on LinkedIn. If we presume that the hacker is telling the truth, then the data of 500 million users is on the hacking forum. Considering that, LinkedIn users should take all the necessary precautions to protect their accounts by:

• Creating a strong and unique password, and storing it in a password manager.

• Enabling two-factor authentication (2FA) on all your online accounts.

• Downloading strong anti-phishing and anti-malware software. 

• Learning to identify phishing emails and text messages.

• Reporting to the cyber police if any problem arises. 

This is not the first time that hackers have targeted LinkedIn users. In 2012, hackers were able to steal password hashes of nearly 170 million LinkedIn users. The stolen data was in the private hands for almost 4 years before appearing on the dark web in 2016.

Furniture Retailer Vhive's Data Breach: Customer Information Leaked Online, Under Investigation

 

The officials are investigating a data breach at local furniture retailer Vhive, which resulted in customer’s personal information such as phone numbers and physical addresses being leaked online. In response to questions from The Straits Times on Saturday, April 3, police confirmed that a report had been filed on the matter.

According to the company, information compromised in the hack includes customers' names, physical and e-mail addresses, and mobile numbers, but it did not include identification numbers or financial information.

In a Facebook post on March 29, Vhive announced that its server was hacked on March 23 and that it was working with police and other relevant agencies, as well as IT forensic investigators, to investigate the breach. 

"All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked," said Vhive. 

"We are truly sorry for the incident and stand ready to assist you if you require immediate help," Vhive told customers. 

According to ST's checks on Saturday afternoon, Vhive's e-mail servers were also compromised. The website only displayed a warning of the cyber attack, while the company's stores on the online shopping platforms Lazada and Shopee were open for business. 

The Altdos hacking group, which operates mainly in Southeast Asia, has claimed responsibility for the breach. In an email to affected customers on Saturday, Altdos said it had hacked into Vhive three times in nine days and claimed to have stolen information of over 300,000 customers as well as nearly 600,000 transaction records. 

The group announced that it will publish 20,000 customer records daily until its demands to Vhive’s management are met. In its Facebook statement, Vhive said it would be closely guided by the forensic investigator and authorities on the steps to protect its systems and ensure that customers can conduct transactions securely. 

In previous hacking incidents, Altdos has stolen customer data from companies, blackmailed the compromised company, leaked the data online if its requirements were not met, and publicized the violations. The cyberattacks were mainly focused on stock exchanges and financial institutions. 

In January, Altdos claimed to have broken into the IT infrastructure of the Bangladeshi conglomerate Beximco Group and stole data from 34 of its databases. 

Last December, it hacked a Thai securities trading firm and posted stolen data online when the firm allegedly failed to confirm her emails and claims.

Data Breach at Facebook Leaks Information of 533 Million Users

 

A major privacy violation by hackers allegedly took the data of almost 533 million users of Facebook from 106 countries to be posted online for free. More than 533 million private details that were posted online include records of over 32 million users in the US, 11 million users in the UK, and 6 million users in India. This breach is perhaps the largest in the social media giant’s history of breaches. Details such as phone numbers, Facebook IDs, full names, sites, birthdates, bios, and even e-mail addresses of several people are included in the breach. 

A spokesman for Facebook stated that the data had been scrapped on the social website due to a security vulnerability that had already been patched in 2019. The vulnerability was identified in 2019, enabling millions of Facebook servers to remove telephone numbers. In August 2019, the social media outlet was kicked off by the vulnerability. 

On Saturday 3rd of April, Alon Gal, who is the CTO of Hudson Rock, the CIC, detected the leaks and confirmed the same via Twitter. Gal is the very same researcher who had blown the whistle of an initially accessible Telegram bot in January, which seems to be the same, leaking database. While the individual behind the bot sold the leaked figures to the people willing to pay for it, this time the disparity is that all these figures are now freely accessible on a low-level hacking forum. After the vulnerability that Facebook fixed in 2019, the database was reported to have been leaked, this is because not many people frequently alter their telephone numbers so that the data can be very accurate. In the past, this information was sold by a person who sold a telegraph bot to sell a telephone number or a Facebook ID for $20,000, or in bulk for $5,000. It is now widely available to anyone with certain technical know-how. 

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” added Gal. 

This is not the first time Facebook is spotted with a data leak. Data from 419,000,000 Facebook and 49,000 Instagram users were displayed in online databases in 2019. In that meme year, data of 267 million users had been exposed to an additional violation. In the meantime, there was the infamous Cambridge Analytica scandal that, for its data collection practices, was perhaps the first time the Zuckerberg company had come under the radar. 

Ubiquiti Shares Fall After Reportedly Downplaying 'Catastrophic' Data Breach


New York City-based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company dropped drastically this week. 

In January, Ubiquiti informed customers that unauthorized access to certain IT systems hosted by an unidentified third-party cloud provider had been discovered. The company said at the time that it had found no evidence of user data being compromised, but it could not rule it out so it advised the customers to change their passwords. 

When Ubiquiti disclosed the security breach, it only had a small impact on its stock and the value of its shares has increased tremendously since, from roughly $250 per share on January 12 to $350 per share on March 30. Ubiquiti shares are now down to $290 at the time of publishing, following the news that the breach may have been bigger than the company led customers and investors to believe. 

On Tuesday, March 30, cybersecurity blogger Brian Krebs reported that he discovered from someone involved in the response to the breach that Ubiquiti "massively downplayed" an incident that was actually "catastrophic" in order to reduce the effect on the company's stock market value. 

According to Krebs' source, the intruder obtained access to Ubiquiti's AWS servers and then tried to extort 50 bitcoin (worth approximately $3 million) from the company to keep quiet about the hack. As per the source, "the intruder acquired obtained privileged credentials from the Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies”. The hacker allegedly had access to Ubiquiti cloud-based devices through remote authentication. 

Ubiquiti released a statement on Wednesday in response to Krebs' report, stating that it could not comment further due to an ongoing law enforcement investigation. “In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” the company stated. “These experts identified no evidence that customer information was accessed or even targeted. The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information. This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.” 

At least two law firms are investigating whether Ubiquiti violated federal securities laws and are urging the company’s investors to contact them.

Tala Research Shows that European Telecommunication Websites Expose Sensitive Customer Data

 

In 7 EU countries, Tala assessed the websites of the leading MSPs for the European top mobile providers, data exposure is a major unacknowledged concern. Analysis of Europe's leading mobile providers' websites by Tala Security shows that critical information has been at risk of over-sharing and attack — with few appropriate security measures in place to discourage it. Tala Security's recent study reveals that data exposure is a real concern for Europe's leading mobile companies and by extension for more than 253 million customers who register up and share personal information. The main issue is the insecure website supply chains. 

For many valid reasons, European Telecommunication companies collect sensitive information as part of the digital sign-up procedure, including passport numbers, payment slips, and bank account details. The analysis by Tala shows that European Telco sites do not have enough protection against third-parties risk but also uncover them to other serious risks by using numerous third-party JavaScript integrations. Without command, all websites that have JavaScript code from each owner's website including the supply chain vendor can alter, grab, or release information via JavaScript facilitated client-side attacks. The average JavaScript integration among Telecommunications companies was 162 in the group; this is a very high risk of over-sharing and data visibility. If website owners do not protect sensitive data when entered on their websites, they actually do not leave it suspended; the only reason why it is not stolen is that criminals did not use it. 

“In many cases, data sharing or exposure takes place via trusted, legitimate applications on the allow list —often without the website owner's knowledge,” said Deepika Gajaria, VP of Products at Tala Security. 

Forms used to collect credentials, banking information, passport numbers, etc. are revealed to an average of 19 third parties at considerable risk through form data exposure. No responsive website protection was established on any of the sites. On a scale of 100 with a score of 50 at an average, the website average was only 4.5. 100 percent of the most widespread website attack that frequently led to a significant sensitive leakage in the data is cross-site scripting (XSS). 

“European Telco’s routinely collect sensitive data like passport scans, banking details, address, and employment information. When website owners fail to effectively secure data as it is entered into their websites, they’re effectively leaving it hanging, an accident waiting to happen,” said Gajaria.

Protect Your Android Phones from Android 'System Update' Malware

 

Security researchers at Zimperium zLabs have discovered a new ‘sophisticated’ Android malware posing as a software update application. This malware becomes more lethal when it sits stealthily masqueraded as a system update.

Once the malware is downloaded on a device, the victim’s device is registered with the Firebase Command and Control (C2), upon which a hacker can send commands via Firebase messaging service to manage data theft. The process of data exfiltration starts once a condition is fulfilled, including the addition of a new mobile contact, app installation, or a receipt of an SMS text.

“When the victim is using Wi-Fi, all the stolen data from all the folders are sent to the C2, whereas when the victim is using a mobile data connection, only a specific set of data is sent to C2,” security researcher at Zimperium zLabs stated.

According to a report by researchers at Zimperium, this malware has the capability of stealing your data once it is installed into your Android phone. Once in control, cybercriminals can record audio and phone calls, take photos, access WhatsApp texts, steal instant messenger texts, peer into GPS location data, examine the default browser’s bookmarks, search for files with specific extensions, inspect the clipboard data, the content of the notifications, steal SMS texts and call logs, list the downloaded applications and even extract device information. 

Security researchers have termed the malware as ‘FakeSysUpdate’ which is quite capable of concealing its source. Unfortunately, researchers have not detected the source of this malware but advised the Android users to remain vigilant regarding the content on their device. Frequently check for official updates, uninstall all the apps that you feel are necessary, and also avoid installing apps from a third-party source.

In an interview with TechCrunch, Shridhar Mittal, CEO of Zimperium zLabs stated that “it’s easily the most sophisticated attack we’ve seen…I think a lot of time and effort was spent on creating this app. We believe that there are other apps out there like this, and we are trying our very best to find them as soon as possible.”

Ubiquiti has been Covering up a Data Breach

 

Ubiquiti, an organization whose prosumer-grade routers have gotten synonymous with security and manageability is being blamed for concealing a “catastrophic” security breach — and following 24 hours of silence, the organization has now given a statement that doesn't deny any of the whistle-blower’s claims. 

In January, the creator of routers, Internet-connected cameras, and other networked gadgets, revealed what it said was “unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” The notification said that, while there was no proof the intruders accessed client information, the organization couldn't preclude the likelihood that they got clients' names, email addresses, cryptographically hashed passwords, addresses, and telephone numbers. Ubiquiti suggested clients to change their passwords and enable two-factor authentication.

 Initially, Ubiquiti emailed its clients about a supposedly minor security breach at a “third-party cloud provider” on January 11th but found out that the cybersecurity news site KrebsOnSecurity is reporting that the breach was far more awful than Ubiquiti let on. A whistle-blower from the organization who spoke to Krebs guaranteed that Ubiquiti itself was breached and that the organization's legal team forestalled efforts to precisely report the dangers to customers. 

The breach comes as Ubiquiti is pushing—if not outright requiring—cloud-based accounts for clients to set up and regulate gadgets running newer firmware renditions. An article says that during the underlying setup of an UniFi Dream Machine (a popular router and home gateway appliance), clients will be incited to sign in to their cloud-based account or, on the off chance that they don't have one, to make an account. 

Brian Krebs of KrebsOnSecurity wrote, "In reality, Adam (the fictitious name that Brian Krebs of KrebsOnSecurity gave the whistleblower) said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there." 

“They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said.

Telemetry Data is Being Shared by Google and Apple Despite the user Explicitly Opting out

 

A new study revealing Apple and Google's monitoring of mobile devices is making headlines. It discusses how, despite the fact that both companies give consumers the possibility to opt-out of sharing telemetry data, the data is still shared. Both Google's Pixel and Apple's iPhone extract data from mobile devices without the users' permission. Both iOS and Android transfer telemetry, according to Trinity College researcher Douglas Leith, “despite the user explicitly opting out.” 

The analysis is a component of a complete study titled "Mobile Handset Privacy: Measuring the Data iOS and Android Send to Apple and Google." Perhaps it comes out that Google gathers much more data than Apple, almost 20 times more data from the Android Pixel users. 

“The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google,” as per the report. “When a SIM is inserted, both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets, and the home gateway, to Apple, together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.” 

According to the researcher’s observations, Google Pixel transfers approximately 1MB of data to Google servers during the first ten minutes of operation. For the same duration of time, the iPhone sends about 42KB of data to Apple servers. When the Pixel is turned off, it transfers approximately 1MB of data to Google every 12 hours, whereas the iPhone sends just 52KB. The report also indicated that, whether in use or not, both operating systems link to their back-end servers every 4.5 minutes on average. 

Nevertheless, third-party software and pre-installed apps that come with both the operating system were not included in the evaluations. The study focused solely on data collected by handset features and elements at the operating system level, such as Apple's Bluetooth UniqueChipID, Secure Element ID, and the transmission of Wi-Fi MAC address. Even after not being opened or used by the user, the highlight of the study is the ability of pre-installed applications and services, which are exclusive to handset manufacturers, to connect to the network. 

According to the study, telemetry data transmission poses major privacy issues. The study does highlight the importance of sending general user data to the software manufacturer, as this provides for the creation and release of critical device and security updates for specific models.

In just $16, Hackers May Steal User Data Via SMS Attack

 

Smartphone users are facing a new confidentiality and security risk as text messaging services are currently misused to secretly divert text messages from users to hackers, for only Rs 1,160 (nearly $ 16), allowing cybercriminals to control two-factor codes or SMS. The unreachable cyber-attack on SMS redirecting firms is carried out in conjunction with workers from telecommunications companies. 

Though having every feasible thread, new technological changes take place every day to fight hackers and protect user data, and further their privacy. But here's a new attack that has been witnessed recently – to defraud one’s protection against OTP in every online transaction. This whole new attack allows hackers to redirect SMS connected to their systems by the victim's phone number. Through its exploiting services, hackers use business-driven text messaging management services to conduct the attack. In a manner, these attacks are also achievable, at least in the United States, due to the failure of the telecommunications industry, and hackers are at ease. 

"The method of attack, which has not been previously reported or demonstrated in detail, has implications for cybercrime, where criminals often take over target's phone numbers in order to harass them, drain their bank account, or otherwise tear through their digital lives," stated the report from Motherboard late on Monday, 15th of March. 

Joseph Cox, a reporter for the motherboard, was personally attacked and was not really aware of the attack on his cell phone number. The odd thing about the attack is that the hacker is available with just a $16 payment (Rs. 1,160). In the case of Cox, the company providing the services said that the attack was resolved but was not taken care of, for several others. Besides, some firms know the attack, still, CTIA, the commercial organization, is being blamed. 

These services not only allow the attacker to intercept incoming texts but also allow them to answer. Another hacking act frequently performed by hackers is the SMS redirect attack. SIM Swapping and SS7 have already been attacking many users. However, what is interesting about such attacks is that in a few instances the user learns about the exploit because the phone has no network. 

Therefore it’s better not to rely on SMS services to prevent this. Users should use Authenticator apps and log their email account to obtain OTPs, especially for bank-related OTPs. 

"It is better to use an app like Google Authenticator or Authy. Some password managers even have support for 2FA built-in, like 1Password or many of the other free managers we recommend," the report mentioned.

Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach

Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe. 

Lactalis group also owns few top global brands which include Galbani, Lactel, Parmalat, Santal, and Président.  In a press release issued last Friday, the company said that merely a few computers in the network were affected in the attack. Lactalis had identified malicious access in its computer network, upon finding the intrusion, the company immediately contained the attack and informed the investigative agencies later. 

Further investigations revealed that a third party tried breaking into the company networks.  Luckily, there was no data breach, says Lactalis after an ongoing investigation that confirmed the incident. The press release reads, "The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the competent authorities. The results of our investigations establish that a malicious third party is seeking to break into our servers.  For the sake of transparency, we are making public this information. Our IT teams are fully mobilized and supported by experts recognized in cybersecurity. Our investigation with them revealed no data breach at this point." 

The company has currently taken down its IT systems across all the company websites that were affected by the attack. The company further adds, "Lactalis teams are working to protect the interests of our customers, our partners, and our employees. This is why we have restricted, at our initiative to as a preventive measure, our access to the public internet network." As of now, Lactalis says that it didn't suffer any data breach during the attack, however, in most cases, threat actors usually steal personal information and data when spreading throughout a breached network. Attacks like these often lead to extortion and threat actors may expose information on data leak sites if the party fails to pay the ransom.

CEO of Koo App Denies the Allegations of Data Breach by French Hacker

 

Koo, a home-grown microblogging platform has come under the scanner after a French ethical hacker known by the moniker Elliot Alderson on Twitter uncovered the security loopholes in the Koo app. Cybercriminals can exploit the vulnerabilities in the app to retrieve personally identifiable information such as e-mail ID, date of birth, name, marital status, gender, and more.

Several Union ministers, politicians, and film actors are switching to the micro-blogging platform Koo but this leak has raised serious concerns regarding the safety of private information of the users. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of users: email, dob, name, marital status, gender…” Alderson tweeted with emended screenshots of the data he was able to access.

Aprameya Radhakrishna, Koo’s co-founder, and CEO responded that the app is fully secured and data visible is something that the users have voluntarily shown on the profile. Aprameya explained on Twitter that “some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway”.

Alderson countered the tweet by sharing a screenshot of an IAS officer on Koo, he claimed he could gain access to the data of an IAS officer without it being visible on the profile page and he tagged Aprameya in his tweet.

Aprameya replied to the tweet – “@fs0c131y (Elliot Alderson) We’re attempting to do something for our country, India. All help is appreciated. If you want to help out in this journey of ours please write to me at ar@kooapp.com and we can take a look at all the feedback you have. Thanks!” 

The popularity of the Koo app is increasing with each passing day and has surpassed over 3 million downloads on both Google Play and the Apple app store. Observably, the app is seen as the alternative to Twitter and many prominent personalities have moved to the Koo app.

WhatsApp Clients Resort to Other Messaging Platforms

 

WhatsApp has told its two billion clients they should permit it to share information with its parent organization Facebook if they wish to keep utilizing it. All WhatsApp clients would not be able to proceed with the service except if they accept the new terms by 8 February. The stage said the update will empower it to offer features, for example, shopping and payments. 

Message platforms Signal and Telegram have both seen a gigantic surge in downloads around the world over after a questionable update to WhatsApp's terms and conditions. 

As per information from analytics firm Sensor Tower, Signal was downloaded all around the world multiple times the week before WhatsApp declared the change on 4 January and 8.8 million times the week after. This included big surges in India, where downloads went from 12,000 to 2.7 million, the UK from 7,400 to 191,000, and the US from 63,000 to 1.1 million. In a progression of tweets, Signal said a few people were detailing issues with creating groups and postponements to verification codes showing up in light of the fast development but that it was addressing the issues. 

Telegram has proved to be even more popular, with downloads booming all around the world from 6.5 million for the week starting 28 December to 11 million over the next week. In the UK, downloads went from 47,000 to 101,000. Furthermore, in the US they went from 272,000 to 671,000. During the same period, WhatsApp's worldwide downloads shrank from 11.3 million to 9.2 million. 

One industry watcher said he didn't think this fundamentally spoke to a major issue for WhatsApp, which has been downloaded 5.6 billion times since its launch in 2014. 

"It will be hard for opponents to break user habits, and WhatsApp will keep on being one of the world's most popular and broadly utilized messaging platforms," said Craig Chapple, mobile insights strategist at Sensor Tower. 

WhatsApp reassured its clients that it doesn't keep logs of every individual who is messaging, it can't see your shared location, it doesn't share your contacts to Facebook, and that groups can stay private. It likewise exhorts clients that they actually have the choice to set messages to disappear and that they can't download their information. WhatsApp's clarification may figure out how to reassure a few clients that the privacy changes aren't as troubling as first dreaded, yet for other people, it might have come past the point of no return.

Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

 

Recently, Marijuana Business Daily has disclosed a data breach at Aurora Cannabis. The security incident compromised the credential information of an unknown number of employees of the Canadian company. The data breach was not restricted to the current employees of the company but also encompassed the former employees as well. 

A victim has shared an email of a data breach with Marijuana Business Daily which was sent to him on Dec. 25, “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email read. 

The victim, a former employee of Aurora Company who was terminated in February 2020 with other hundreds of employees, didn’t get notification of the breach until late December 31. The source said that working for Alberta-based Aurora was “an experience that I think a lot of people want to forget.” 

“And then getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face,” he further added. The former employee said that he had talked with three present workers at Aurora and five other former employees about the information that has been exposed. Each of them reported a different kind of data breach, some reported breach of their credit card information and government identification, while others said that their home address and banking details were exposed, he added. 

The company’s spokeswoman Michelle Lefler has confirmed that the company “was subject to a cybersecurity incident” on Christmas Eve. It has affected both present and former employees of the company. 

As of now, it remains unclear what "kinds" of personal information were exposed. “The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement. 

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” Further, she added, for now, I am unable to provide the specific number of Aurora employees whose data was exposed. I can confirm we are following all security protocols, are working with privacy councils and law enforcement, and have communicated directly with any impacted current or former employee,” Lefler added.

Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

Learn how to Hide your WhatsApp Profile Picture and Why ?

 

The latest statistics of the messaging app usage have shown that WhatsApp has 2.0 billion users worldwide, which doesn't come as a surprise given the tremendous popularity and wide-acceptance of the messaging platform. 

Moreover, it is interesting to note that now businesses around the world have also integrated WhatsApp communication for purely work-related purposes, wherein people connect with one another because they are working in the same organization. 

However, it doesn’t necessarily mean that they can trust every person in their organization or that they do. Sometimes what happens is that one never wishes to show his or her display picture to the people whom they rarely know but are required to communicate with them through WhatsApp because of their professional work. 

Now, everyone doesn’t know how to hide their profile picture from unknown users, hence everyone who has their number or with whom they had a little dialogue on WhatsApp is able to see their profile picture and can also potentially take a screenshot of the same. Have you been in one such situation? If yes, we are here to educate you regarding the same. Do you know WhatsApp provides its users with very neat privacy features which allow us to save our privacy from non-friendly contacts, while letting your friends see your profile picture, at the same time? 

How to do it? 


To access the privacy features of WhatsApp in its entirety, follow the steps given below. 

First Open WhatsApp and go to ‘Settings’. 

Now click on ‘Account’ and then click on ‘Privacy’. 

Then, tap on Profile Photo.  

Now you must be able to see that the default setting here allows 3 options to choose first, “Everyone”, second, “My Contact’’ and third, “No One’’. 

So now what you have to do just select the second option “My Contact’’, this privacy feature will only allow your saved contact number to see your profile picture, while others will be seeing a grey avatar on your profile, instead of the picture you had put on display. And, if you wish to not reveal your profile picture to anyone then you can select the third option “Nobody”. This will hide your picture from everyone on the messaging app. 

To your dismay, unfortunately, currently, there is no option that will allow you to hide your profile picture from a particular bunch of users like it does for story privacy settings.

Data Breach: Stolen User Records from 26 Companies Being Sold Online

 

A data broker has been allegedly selling stolen user data of twenty-six companies on a hacker forum. Reportedly, the hacker who has put on sale the stolen data for certain companies at a particular price – is yet to decide the pricing for the rest of the stolen databases. 

The hacker behind the sale has stolen a whopping total of 368.8 million user records majorly from companies that previously reported 'Data Breach', however, seven new companies that joined the list were – Sitepoint.com, Anyvan.com, MyON.com, Teespring.com, Eventials.com, ClickIndia.com, and Wahoofitness.com.

Dark Web and Hacking Forums keep making headlines for their notorious relationship with data brokers and hackers who extensively use these platforms to leak or sell databases containing user information/credentials/records acquired during data breaches of various companies worldwide who later confirm the breaches. However, in the aforementioned case, only MyON and Chqbook have confirmed the data breaches, the other six companies have not given any statement confirming that they have experienced a data breach.

In a conversation with BleepingComputer, while confirming that their networks were compromised, MyON.com said, "In July 2020 we were made aware of a bad actor trying to sell portions of our data on the dark web. We immediately began investigating to shut down any continued threats to our data or the data of our customers. We were then able to confirm that according to federal and state privacy laws, no confidential student or customer data was compromised, and this incident did not rise to the level of an actual breach of student private data."  

Whereas, while denying the claims of a data breach, Chqbook.com emailed BleepingComputer, saying, "There has been no data breach and no information belonging to our customers has been compromised. Data security is a key priority area for us and we conduct periodic security audits to ensure the safety of our customers’ information,"  

The companies that fell prey to the data breach are as follows: MyON.com (13 million), Singlesnet.com (16 million), Teespring.com (8.2 million), ModaOperandi.com (1.2 million), Chqbook.com (1 million), Pizap.com (60 million), Anyvan.com (4.1 million), Fotolog.com (33 million), Eventials.com (1.4 million), Wahoofitness.com (1.7 million), Reverbnation.com (7.8 million), Sitepoint.com (1 million), Netlog.com (53 million), Clickindia.com (8 million), Cermati.com (2.9 million), Juspay.in (100 million), Everything5pounds.com (2.9 million), Knockcrm.com (6 million), Accuradio.com (2.2 million), Mindful.org (1.7 million), Geekie.com.br (8.1 million), Bigbasket.com (20 million), Wognai.com (4.3 million), Reddoorz.com (5.8 million), Wedmegood.com (1.3 million), Hybris.com (4 million). 

Users who happen to be a part of any of the abovementioned websites are strongly advised to update their passwords, preferably something unusual and strong enough to thwart a brute-force attack.

Google’s Data Security: How Google Protects your Data from Cyber Threats?



The world is moving very fast towards technology and materialism. Subsequently, it has become increasingly difficult for people to shun away from online services. According to the reports, Google has a large international market – over 50% of its customers represent premier business customers. Interestingly, more than 5 million businesses have chosen Google Apps services for their Businesses. Users of online services are much familiar with Google and its products but cyber threats always threaten people and make them question the security of their data. Is Google selling their data or personal information? 

According to Google, the tech giant takes the following measures- 

Physical Security - Google claims that it provides 24/7 physical security to all data centers located across the world. The organization is also known for its advanced measures such as laser-based surveillance and biometric identification to protect its employees from cyber threats and identity theft. 

The company’s in-house disaster response team assures that even during natural disasters such as fire, flood, etc which hits the physical location of its data center Google still manages to use security monitoring to protect users from malware. The company also says, “We constantly monitor all applications, deploy patches through automated network analysis and proprietary technology, it helps us in detecting threats such as malware, viruses, and other forms of malicious code’’. 

Encryption-  Encryption means ‘the process of converting information or data into a code, especially to prevent unauthorized accesses’. The company states that ‘we use encryption into every data flow so customer’s data remain protected from any kind of snooping activities funded by official government actors. Furthermore, the tech giant added that it protects all the data access to security technologies such as HTTP and TLS or Transport Layer Security so that all email content remains inaccessible to malicious actors.

Malware protection-  According to Google, Google ensures protection to its users from any malware by deploying automated network analysis solution which keeps all kind of malicious codes away from customers credential information, with that company also use multi-purpose tools for software security and quality assurance.

Customized hardware- Google ensures that its hardware remains well protected with highly customized server components against any network infiltration by hackers. It also ensures that only its legitimate devices access the user’s data which are all under protection. 

Incident Response–A team of “Incident Management Program’’ (IMAG) at Google says, that our incident response team is 24/7 active at every data center to protect individuals' data by altering every individual if any malicious activity has been found on their account. 

Limited Access- Google gives limited access to important data which includes; business data, highly sensitive information to its employees, by doing this Google ensures security and privacy at every stage of its system.

Walleon Smart Wallet – where Elegance, Fashion, and Innovation meet


With everything evolving around us, technology has reached another great peak when smart wallets came to the market. Being sure, everyone feels the same way, it was about time we are all able to protect our wallets from being stolen or lost, and this has been made finally possible. And to reach a time when the trackable wallet is not only smart for its anti-theft technology, but it’s also made of high-quality products and speaks of a huge fashion trend, well, it’s time we acknowledge its perfection. Let's start with the things that make it so great. 
 
Safety and protection by tracking your wallet 

Walleon lets you choose between Bluetooth tracking, which offers a more limited range, and Global GPS tracking that allows you to keep track of your wallet worldwide. This means that you can use the app on your phone to track where your wallet is. Moreover, while you may not yet know that your wallet is missing, the app will activate an anti-lost distance notification or alarm, based on the app settings. 
 
Anti-theft camera 

The in-built camera is an excellent addition to the wallet and offers a ton of other features except for the anti-theft function itself. When you realize that your wallet is stolen, you can activate the emergency mode, and it will start taking photos and sending them to your phone every few seconds. One of the many other favorite features is the option for selfies. You put your Walleon at a distance, and by using your phone, you take a picture of you and or you and your friends. 
 
SOS call button 

Another top-notch advantage the smart wallet gives you is the SOS call option. How does it work? First, you need to insert a SIM card in your wallet - prepaid or other. Then you need to set one or more SOS numbers through your app, and when in need, you can dial those numbers by using your wallet by holding a hidden button for a few seconds. For example, when you break your phone and there is no other way of contacting someone, or you had a car crash with no one around you, you fell during hiking or any other unfortunate situation or accident. Your Walleon will help you make the needed call and save you. 

LED light 

Although we all love the features above, this one is definitely the one that holds us captive more. And why not? It’s amazing! The light goes through the wallet, and you can change the color in any way you prefer - to match it with your outfit and accessories or even your mood. The function is fully optimized to save battery. The camera acts as a sensor, so when the wallet is in your pocket or covered, it turns off the light. Not only that but it can also auto stop after a few minutes (you can set your period for when the light should turn off) or turn it off permanently from the app on your phone. The LED light has low power consumption; the battery is 2500mah, and it also lights the money pocket so you can count your money in a low-light place. 
 
Portable battery charger 

Yes, that’s right! You can use your wallet also to charge your phone on the go. The battery is ultra-thin, in-built, and offers a fantastic opportunity to keep your phone fully charged all the time. RFID protection Speaking of all kinds of protection, as you’ve noticed, Walleon’s team is devoted to serving your needs, and it was created to make sure you are protected first. That is why RFID protection is such a great asset. 

There are many frauds for digital theft and the RFID option actually protects your credit and debit cards from those devices trying to export data and money from them. Your cards in Walleon are safe. Providing that many remarkable benefits, Walleon is a top-notch technology that fits your pocket with the best design ever made - high-quality leather, perfect sizes, and lightweight. Having it means being one step ahead of fashion and bringing your own style to a whole new level. 
 
You can find more information on our website https://walleon.net/ or in our Facebook Group.

Deepfake Bots on Telegram, Italian Authorities Investigating

 

Cybercriminals are using a newly created Artificial Intelligence bot to generate and share deepfake nude images of women on the messaging platform Telegram. The Italian Data Protection Authority has begun to investigate the matter following the news by a visual threat intelligence firm Sensity, which exposed the 'deepfake ecosystem' — estimating that almost 104,852 fake images have been created and shared with a large audience via public Telegram channels as of July 2020. 
 
The bots are programmed to create fake nudes having watermarks or displaying nudity partially. Users upon accessing the partially nude image, pay for the whole photo to be revealed to them. They can do so by simply submitting a picture of any woman to the bot and get back a full version wherein clothes are digitally removed using the software called "DeepNude", which uses neural networks to make images appear "realistically nude". Sometimes, it's done for free of cost as well. 
 
According to the claims of the programmer who created DeepNude, he took down the app long ago. However, the software is still widely accessible on open source repositories for cybercriminals to exploit. Allegedly, it has been reverse-engineered and made available on torrenting websites, as per the reports by Sensity. 
 
In a conversation with Motherboard, Danielle Citron, professor of law at the University of Maryland Carey School of Law, called it an "invasion of sexual privacy", "Yes, it isn’t your actual vagina, but... others think that they are seeing you naked."   

"As a deepfake victim said to me—it felt like thousands saw her naked, she felt her body wasn’t her own anymore," she further told. 
 
More than 50% of these pictures are being obtained through victims' social media accounts or from anonymous sources. The women who are being targeted are from all across the globe including the U.S., Italy, Russia, and Argentina.
 
Quite alarmingly, the bot has also been noticed sharing child pornography as most of the pictures circulated belonged to underage girls. The company headquartered in Amsterdam also told that the vicious Telegram network is build up of 101,080 members approximately. 

In an email to Motherboard, the unknown creator of DeepNude, who goes by the name Alberto, confirmed that the software only works with women as nude pictures of women are easier to find online, however, he's planning to make a male version too. The software is based on an open-source algorithm "pix2pix" that uses generative adversarial networks (GANs). 
 
"The networks are multiple because each one has a different task: locate the clothes. Mask the clothes. Speculate anatomical positions. Render it," he told. "All this makes processing slow (30 seconds in a normal computer), but this can be improved and accelerated in the future."