Search This Blog

Showing posts with label User Security. Show all posts

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

A Provider of Cyber Security Training Loses 28,000 Items of Personally Identifiable Information (PII) In a Data Breach


A provider of cybersecurity training and certification services, 'The Sans Institute', lost roughly 28,000 items of personally identifiable information (PII) in a data breach that happened after a solitary staff part succumbed to a phishing attack. 

The organization discovered the leak on 6 August 2020, when it was leading a systematic review of its email configuration and rules. 

During this process, its IT group identified a dubious forwarding rule and a malignant Microsoft Office 365 add-in that together had the option to forward 513 emails from a particular individual's account to an unknown external email address before being detected. 

While the majority of these messages were innocuous, however, a number included files that contained information including email addresses, first and last names, work titles, company names and details, addresses, and countries of residence. 

Sans is currently directing a digital forensics investigation headed up by its own cybersecurity instructors and is working both to ensure that no other data was undermined and to recognize areas in which it can harden its systems. 

When the investigation is complete, the organization intends to impart all its findings and learnings to the extensive cybersecurity community. 

Lastly, Point3 Security strategy vice-president, Chloé Messdaghi, says that "Phishers definitely understand the human element, and they work to understand peoples’ pain points and passions to make their emails more compelling. They also know when to send a phishing email to drive immediate responses." 

And hence she concluded by adding that "The final takeaway is that we all need to stay aware and humble – if a phishing attack can snag someone at the Sans Institute, it can happen to any of us who let our guard down."

Twitter Rolled-out its Latest Feature that Lets Users Limit Reply



In an attempt to make conversations more effective and meaningful, Twitter has rolled out a new feature that will allow users to have a little more control over who is showing up in their mentions, the feature will enable users to get rid of spam in their conversations by limiting who can reply to their Tweets.

Before being launched globally on 11th August for both the Android and iOS users, the feature underwent a brief run in beta. It is now available for the Twitter App on both the platforms and also for the users accessing the platform via the official website twitter.com.

How the feature works?


While posting a tweet, you will come across a small globe icon at the bottom, upon tapping on that, three options will appear to choose who can reply to your tweet. If you choose nothing, the setting will remain default – meaning anyone can reply to the tweet or you can limit replies just to those who are tagged in the tweet; or only to your followers.

After selecting the preferred option, you are all set to compose your tweet and click on the 'Tweet' tab to publish it. One important thing to note here is that once the tweet is posted, you won't be able to change the reply settings for that particular tweet.

However, users must also note that people who are restricted from replying will get a greyed-out icon, but they will still be able to view and share your tweets – they can Retweet, Retweet with Comment, and like the tweet.

The feedback received by the users has been positive so far, indicating that users have felt more comfortable and guarded against abuse, trolls, and spam.

As per a blog post by Director of Product Management, Suzanne Xie, the new feature is successfully preventing about three potentially abusive replies while adding one potentially abusive retweet with comment.

Referencing from Xie's observations, “Sometimes people are more comfortable talking about what’s happening when they can choose who can reply,”
“We’ve seen people use these settings to have conversations that weren’t really possible before. Starting today, everyone will be able to use these settings so unwanted replies don’t get in the way of meaningful conversations," the blog post read.

"Since your Tweet = your space, we've been testing new settings to give people more control over the conversations they start. Sometimes people are more comfortable talking about what's happening when they can choose who can reply. We've seen people use these settings to have conversations that weren't really possible before. Starting today, everyone will be able to use these settings so unwanted replies don't get in the way of meaningful conversations," Xie further said in a statement.

CNY Works Data Breach: Personal Details of 56,000 Customers Exposed


Social Security numbers, names, and other personal details of around 56,000 individuals were exposed as CNY Works faced a data breach. The data breach potentially affected people who sought employment via the company's services.

CNY Works is a New York-based non-profit corporation working to help businesses and job-seeking individuals with the objective of providing skilled workers to businesses and employment for those seeking a job within Central New York – providing a single entry point for Workforce Information.

The agency started sending letters to all its affected customers, warning them about the security breach – the officials told that files compromised during the attack (likely to be a ransomware attack) on their servers consisted of their names and Security numbers. However, the agency did not spot signs of any data being accessed, viewed, or taken down by the threat actors.

Social Security number is a nine-digit number used to record a person's earnings and verify his identity whenever he starts a new job; having your social security number compromised can lead to identity theft in various ways, cybercriminals can sell people's identities on the dark web marketplaces to highest bidders. In a way, it's like getting your bank account info. stolen, only that you can always get a new bank account number, while new Social Security numbers are rarely issued by the concerned administration.

While addressing the security issue, Lenore Sealy, executive director for CNY Works, said in an email to media outlets, “We are sending notification letters to approximately 56,000 individuals.”

“However, we are notifying individuals out of an abundance of caution. CNY Works has no evidence that any of the personal information for these individuals has been misused, or even that any of the personal information in its possession was accessed or stolen as a result of this incident.” The email further read.

Fake Email Campaign Demanding Ransom in Cryptocurrency


Internet users have been alerted by national federal cybersecurity agency against a fake email campaign that is going on in the country; the authors behind the campaign are threatening to post a personal video of a victim that they claim to have recorded if the demanded ransom in the form of cryptocurrency is not paid to them.

While assuring users that there's nothing major to worry about these emails as the claims made in it are fake, the Computer Emergency Response Team of India (CERT-In) in a related advisory, suggested users assign new passwords to all their online platforms including their social media handles.

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology security organization. It has been designated as the national agency to respond to computer security incidents. The purpose of CERT-In is to issue guidelines, advisories, and promote effective IT security practices throughout the country.

A number of emails have been sent as a part of the campaign, claiming that the receiver's computer was compromised and a video was recorded via their webcam and that the sender has access to their passwords, as per the CERT-In latest advisory on the matter. The attacker attempts to convince the user into falling in his trap by mentioning his previous password in the email, then by strategic use of computer jargon, the attacker comes up with a story to appear as a highly-skilled scammer to the recipient. The story tells the victim that while he was surfing a porn website, his display screen and webcam was compromised by a malware placed by the hacker onto the website. It states that all of the user's contacts from Facebook, email, and messenger have been hacked alongside.

As these emails are scams and claim false information, users are advised to not get tricked into paying the demanded ransom in haste as even if the password mentioned by attackers in the email seems familiar it's because they accessed it via leaked data posted online and not through hacking their account. All you have to do is change or update your password for all the online platforms where it is being used.

Nintendo Confirms Around 160,000 User Accounts Affected in Recent Hacks


On Friday, the Japanese gaming giant, Nintendo confirms that around 160,000 user accounts of Nintendo Switch users have been affected in the recent hacking attempts.

Nintendo's Switch game console is immensely popular among avid gamers and its demand has risen dramatically amid the lockdown forced by COVID-19 pandemic, making it out of stock almost everywhere. As the number of people turning to Nintendo is rapidly increasing, the number of hackers targeting digital accounts has also increased as a result.

In the wake of the breach, Nintendo has disabled the option of logging into a Nintendo account via Nintendo Network ID (NNID)– login IDs and passwords of the users have been acquired in an unauthentic way by some means other than Nintendo's service, the company confirmed. Notably, these attempts to access accounts illegally have been made since the beginning of April. The information compromised during the breach includes usernames, DOB, email addresses, and country.

The company has notified all the affected users of the breach through an email, alerting them to reset their passwords.
Meanwhile, the company also warned the users in case they have used a common password for their NNID and Nintendo account, and said, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

The company further recommended the users to enable two-factor authentication as some accounts are already being used to make fraudulent purchases. Affected users are advised to contact Nintendo so that the company can examine their purchase history and cancel fraudulent purchases.

"We will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorization," the company said.

While apologizing to the customers, Nintendo said, "We sincerely apologize for any inconvenience caused and concern to our customers and related parties,"

"In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur." the company added.

Biometric Data Exposure Vulnerability in OnePlus 7 Pro Android Phones Highlighted TEE Issues


In July 2019, London based Synopsys Cybersecurity Research Center discovered a vulnerability in OnePlus 7 Pro devices manufactured by Chinese smartphone maker OnePlus. The flaw that could have been exploited by hackers to obtain users' fingerprints was patched by the company with a firmware update it pushed in the month of January this year. As per the findings, the flaw wasn't an easy one to be exploited but researchers pointed out the possibility of a bigger threat in regard to TEEs and TAs.

Synopsys CyRC's analysis of the vulnerability referred as CV toE-2020-7958, states that it could have resulted in the exposure of OnePlus 7 pro users' biometric data. The critical flaw would have allowed authors behind malicious android applications with root privileges to obtain users' bitmap fingerprint images from the device's Trusted Execution Environment (TEE), a technique designed to protect sensitive user information by keeping the Android device's content secure against illicit access.

As it has become increasingly complex for malicious applications to acquire root privileges on Android devices, the exploitation of the flaw would have been an arduous task and might also be an unlikely one given the complexity of the successful execution. Meanwhile, the fix has been made available for months now– ensuring the protection of the users.

However, the issue with Trusted Execution Environments (TEEs) and Trusted Applications (TAs) remains the major highlight of Synopsys's advisory released on Tuesday, “Upon obtaining root privileges in the REE [Rich Execution Environment], it becomes possible to directly communicate with the factory testing APIs exposed by Trusted Applications (TAs) running in the TEE. This attacker invokes a sequence of commands to obtain raw fingerprint images in the REE,” it read.

While explaining the matter, Travis Biehn, principal consultant at Synopsys, told, “Of course, people’s fingerprints don’t usually change. As attackers become successful in retrieving and building large datasets of people’s fingerprints, the usefulness of naïve fingerprint recognition in any application as a security control is permanently diminished,”

“A further possible consequence is that fingerprints become less trustworthy as evidence in our justice systems.”

“...this vulnerability shows that there'there are challenges with Trusted Execution Environments (TEEs) and Trusted Applications (TAs); these are software components that are opaque to most (by design), expertise is limited, and typically involve long supply chains. These factors together mean there'there are opportunities for organizations to make a mistake, and hard for security experts to catch at the right time,” he further added.

The flaw would have allowed attackers to recreate the targeted user's complete fingerprint and then use it to generate a counterfeit fingerprint that further would have assisted them in accessing other devices relying upon biometric authentication.

1.1 Million Customers Records of SCUF Gaming Exposed Online


The database of more than 1 million customers was exposed online by 'SCUF Gaming', a subsidiary of Corsair that develops high-end gamepads for Xbox, PS4, and PC. The incident led to the exposure of clients' names, payment info, contact info, repair tickets, order histories, and other sensitive information. Other data belonging to the company's staff and internal API keys were also compromised as a result.

The data was left unprotected for two days before being discovered by the security researcher, Bob Diachenko who reported the same to Scuf Gaming. The team led by the researcher found the data on the web without any password protection or authentication.

The database was taken down by the company in less than two hours of being notified. Meanwhile, bot crawlers got enough time to locate the exposed database and a ransom note was found demanding 0.3 BTC from the company. The note says that the data had been downloaded by the cybercriminals, however, no such action is being detected by the systems. "Your Database is downloaded and backed up on our secured servers. To recover your lost data, Send 0.3 BTC to our BitCoin Address and Contact us by eMail.” The note read.

Experts are of the belief that the involved criminals did not get enough time to delete or encrypt the data present in the database, hence, it's unlikely that they would have been able to download it either. However, SCUF clients and staff could face a risk of phishing attacks, identity theft, and fraud by the cybercriminals who might have downloaded some pieces of
the leaked database.

In a conversation with Comparitech, a spokesperson for Corsair, parent company to SCUF gaming told, “…Once notified, we identified the root cause of this exposure and secured the database within two hours. While investigating Mr. Diachenko’s warning, we also discovered that a bot had connected to the database’s server and placed a ransom note there. We have no evidence that either the bot or any other actor was able to misappropriate customer data.

This issue was specific to one system, being operated off-site due to work-from-home precautions resulting from the current COVID-19 pandemic.”

To stay on a safer side, SCUF Gaming customers are advised to keep an eye for any suspicious activity in regard to their bank accounts as scammers who were to able gather whatever bits of information they could, are likely to attempt targeted phishing attacks.

'Paranoid' Blocks your Smart Speakers from Spying on you


Smart speakers have proven to be one of the most versatile gadgets of the era, the high-tech AI companions can do everything from playing music to ordering a meal with just the sound of your voice. They come with virtual assistants ready to answer all your queries, other features include reminding you of appointments, telling about the weather and news along with helping you to control your smart home devices.

Amazon's Echo and Google's Nest are two of the widely employed smart speakers. However, these devices also raise security concerns in regard to the voice captured by the speakers but in order to avail services of a voice assistant that as a matter of fact operates on voice commands, you can't block it from listening to your voice.

To make the experience easier and safer, a new device known as 'Paranoid' is made to enter the tech space, it is designed to block your Amazon Echo or Google Home smart speaker from listening to your voice until you say the word, "Paranoid" which is the device's wake word. After saying the word, the gizmo allows your smart speaker to listen.

Another thing to take notice of is the simplicity in the operations of Paranoid, it's extremely easy to use, it simply needs to be connected to the smart speaker in order to block it from spying upon you –meanwhile,  it still allows the speaker to be voice-activated. In order to activate it, all you have to do is to say "Paranoid" every time before you say "Okay, Google!" or "Alexa!"

The device comes in three different variants, The Home Button, Home Wave, and Home Max. It has no antenna, no SIM card slot, no Bluetooth, no Wi-Fi and no kind of wireless capability. As per its website, the makers claim that their device is "hack-proof".

The Home Button is the simplest model, it is placed on Amazon Echo's mute button and presses it manually. The second one, the Home Wave is designed to jam the microphones on your smart speakers and the most sophisticated one, the Home Max requires you to send your Amazon Echo or Google Home Devices to Paranoid headquarters stationed at Edmonton, Alberta. There, experts will attach your speaker's microphone cable to an external Paranoid device by cutting off the original cable. After the completion of the process, your smart speakers will be sent back to your address.

All the three models of Paranoid can be purchased from its official website; the original charges of the device and services are $49, however, as of now it will cost only $39.

Dutch Government Loses Hard Drive Containing Data of 6.9 Million Donors


Officials from the Dutch Ministry of Health, Wellness, and Sport confirmed this week that the government has lost two external hard disk storage devices that contained electronic copies of all donor forms filled with the Dutch Donor Register between February 1998 to June 2010, it was used to store personal information such as the first and the last name, date of birth, ID card numbers, address while filling the form, gender, copy of signatures and choice of organs being donated of about 6.9 million organ donors.

It was when authorities decided to sweep out old donor registration paper forms and wanted to get rid of electronic copies of all these donor forms, they discovered that the two aforementioned disks are nowhere to be found. There have been no comments made onto the encryption of data, it's not in public knowledge that whether the data was encrypted not.

The disks were last accessed almost four years ago and were put securely inside a safety vault for keeping a record, as per the statements given by the Dutch Donor Register, the hard disks were no longer to be found in the security vault and are still unaccounted for. Reportedly, the data stored into the disks belonged to over 6.9 million Dutch people – a few out of whom may no longer be alive, as per the authorities.

Although there is no proof regarding the data being stolen or misused by anyone, officials claimed that the lost donor forms do not consist of Dutch ID copies and other official documents of the people of Dutch which automatically reduces the likability of fraud or an identity theft taking place amid the incident of lost hard drives. The Minister for Health, Wellness, and Sport confirmed that the event did not affect the Donor Register's ability to deliver accurate donor data.

Financial and Customer Info being Exposed in Slickwraps Data Breach


Slickwraps, a mobile device case retailer that specializes in designing and assembling the most precision-fitted phone cases in the world has suffered a major data breach that exposed the personal information of employees including their API credentials, resumes and much more.



In January 2020, a security researcher named Lynx attempted to gain access to Slickwraps's systems, he acquired full access to the company's website employing a path traversal vulnerability present in a script which is used by them for customizing cases.

After exploiting the vulnerability, Lynx sent emails stating the same to the company and upon receiving no response to those emails, he decided to make public disclosure of the vulnerability and how he exploited it to acquire access to the systems and the data that was compromised.

While giving insights of the incident, Lynx told that it allowed them to acquire access to 9GB of personal customer data that included employee resumes, customers' pictures, API credentials, ZenDesk ticketing system along with more sensitive data such as hashed passwords, transactions, and contact-related information.

As per the reports, multiple attempts made by Lynx to report the data breaches to Slickwraps were blocked by the company. Even though Lynx made it clear that they don't want any bounty and are just trying to get Slickwraps to publicly disclose the breach.

In a post made by Lynx on Medium, he stated, "They had no interest in accepting security advice from me. They simply blocked and ignored me."

While accepting the shortcomings of the company in terms of user security, Jonathan Endicott, Slickwraps CEO, apologized for the data breach and said, "There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back."

"We are reaching out to you because we've made a mistake in violation of that trust. On February 21st, we discovered information in some of our production databases was mistakenly made public via an exploit. During this time, the databases were accessed by an unauthorized party."

"Upon finding out about the public user data, we took immediate action to secure it by closing any database in question. As an additional security measure, we recommend that you reset your Slickwraps account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. Finally, please be watchful for any phishing attempts."

"We are deeply sorry about this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving the communication of security guidelines to all Slickwraps employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cybersecurity firm to audit and improve our security protocols."

"More details will follow and we appreciate your patience during this process." the statement further read.

SoPo Nonprofit Told, Unknown Number of Clients Affected by Data Breach


A South Australian company, PSL Services, also known as Peregrine Corporation involved in the operation of service stations, convenience retail outlets and tobacconists recently disclosed a data breach to Mainebiz.

The company administered from its head office in Kensington Park, South Australia told that personal data of its employees including their names, email accounts, some medical information along with other sensitive information may have been accessed illegally between December 16 and December 19, 2019. Other information accessed without authorization includes address, DOB, Driving License Number, Social Security Number and Identifying Numbers of clients for participation in Mainecare.

There have been no speculations made by the corporation as to who is behind the public breach of its confidential data, however, the officials told in an email that there are chances that the criminal behind the incident was trying to force the agency in sending funds electronically which they did not.

Post-incident, the company was subjected to back to back investigations and it refused to specify the number of employees being affected. PSL did not provide other details regarding the incident such as whether the individuals were clients, employees, family members or others. As per some news releases, PSL came to know about the breach on 17th December after some suspicious activity was observed in an employee's email account, it immediately reported the same to its information services department.

The corporation told that it had “notified the Office of Civil Rights at U.S. Department of Health and Human Services, the Maine Attorney General, and prominent news media outlets throughout the state of Maine."

Referencing from the statements given by Lori Sanville, executive director, “The contents of a small number of email accounts were exposed,”

“The number is unknown until the data mining is completed. We will then contact anyone affected.”

In regard of the same incident, PSL also contracted with a cybersecurity vendor to further investigate the matter and come up with security measures, as per Sanville. In addition, she told Mainebiz, “We want our clients and the community to know that we take this matter very seriously and that we remain committed to assisting our clients first and foremost."

Google Releases Chrome 79, Warns Users of Data Breach


Tech giant Google has issued warning of data leak for Indian and global users, after fixing Chrome 79 bug and re-issuing it later this week. Users were being sent notifications by the company via affected websites– through the means of pop-up alerts that started to appear on desktops, mobile phone screens and laptop screens; it forced users into reading the text which said that their passwords may have been exposed and hence they should change it immediately – "Change your password. A data breach on a site or app exposed your password. Chrome recommends changing your password for the site," the warning pop-up read.

As per sources, a bug affected data in select Android applications and Google had put on hold the release of Chrome 79. It was finally this week, Google's Chrome Releases blog confirmed the rollout of Chrome 79 for desktop and mobile platforms; Chrome 79 (79.0.3945.93) for Android comes with a fix for the WebView flaw and an assurance of improved defense against issues revolving around password protection of users.

According to the reports by media, the fix, "Resolves an issue in WebView where some users' app data was not visible within those apps. The app data was not lost and will be made visible in apps with this update."

WebView is a feature which is employed by various third-party applications to open a webpage, it ensures rendering of webpages within applications. However, here, Google Chrome is solely responsible for loading the content. PhoneGap and Twitter Lite are two apps that employ WebView functionality, as per AndroidPolice.

There have been various instances recorded in regard of the matter, nationally and globally, one such incident had a user trying to log into an e-commerce platform named 'Freshtohome' to shop fresh and chemical-free seafood as he received a pop-up warning him about the issue and advising to change his password.

In a similar manner, when one of India's media houses attempted to log into their portal, were faced with disruption and warnings began to pop-up onto the screen advising them the same.

In a public statement issued on Google threads, a Chromium engineer explains, "We are currently discussing the correct strategy for resolving this issue which will be one of: a) continue the migration, moving the missed files into their new locations. b) revert the change by moving migrated files to their old locations. We will let you know which of these two options have been chosen soon."

New Chrome Password Stealer, 'CStealer' Sends Stolen Data to a MongoDB Database


The information collected by the Chrome browser including passwords, usernames, and other user credentials is being exposed to heavy risk as a new trojan known as CStealer attempts to steal the confidential data stored onto Google's Chrome browser.

Password stealer trojans include applications that tend to run in the background and silently gather sensitive information about the system such as connected users and network activity. It attempts to steal confidential information stored onto the system and the browsers like usernames, passwords and other credentials which once being stolen are sent to a specified destination by the attacker.

While the idea behind this info-stealing trojan is just like many others- which is to steal user credentials saved onto the browser's password manager, however, the fact that CStealer uses a remote MongoDB database to store the stolen data is what makes this case unprecedented and interesting.

The malware which was discovered by MalwareHunterTeam and was later analyzed by James does not compile and send the stolen data to a C2 under the author's command, rather, it is programmed to directly connect to a remote MongoDB data and utilize it to keep the stolen passwords stored, according to the findings.

As soon as the passwords are successfully stolen, the malware tends to link to the database and store the stolen data as per the network traffic created which was examined by James. In order to carry this out, the malware carries hardcoded MongoDB credentials and to connect to the database, it uses the MongoDB C Driver as the client library.

Notably, the approach is a bit more sophisticated and not as mainstream, however, ultimately it gets the agenda right as it successfully gets the credentials stolen. In doing so, indirectly it also gives a free invitation to other hackers to access the victim's confidential information as it tends to decrypt the privacy layers already. To exemplify, anyone who would examine the malware afterward, from law enforcers to security officers, will be able to retrieve the hardcoded passwords and employ them to get to the stolen data.

Chinese Smartphone Maker OnePlus Discloses Data Breach





Chinese smartphone manufacturer, OnePlus has announced a data breach where the order information including names, contact numbers, email addresses and shipping addresses of customers from its online store was exposed. However, customers' payment information, passwords, and accounts haven't been compromised in the incident. OnePlus ensured that the affected customers are being timely notified.

The company told in an FAQ that the breach took place last week and was discovered immediately. According to the officials, it was a certain vulnerability in their website which became the entry point of the attackers. However, no additional details were provided by OnePlus.

"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident." the company said in the FAQ.

As a security measure to ensure there exists no similar security vulnerability, OnePlus thoroughly examined the website. Furthermore, the company is making efforts to upgrade its security program which included partnering with a world-renowned security platform next month. The company told that it would be launching a bug bounty program by the end of this year.

In the OnePlus security ecosystem, this came as the second hit to the privacy of its users, the company witnessed a similar one last year in January wherein almost 40,000 were affected and users' credit card information was stolen. OnePlus's breach came after T-Mobile announced a similar data breach that impacted a small number of accounts using the company's prepaid offerings.

"Our Cybersecurity team discovered and shut down malicious unauthorized access to some information related to your T-Mobile prepaid wireless account," the company said. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."

"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," the company further added.

DJI Proposed App to Identify Nearby Drones and Exact Location of Pilots


The world's leading producer of camera drones, DJI has demonstrated a technique to gather information about a nearby drone, precisely locating its pilot through a smartphone.

It employs a protocol called "Wi-Fi Aware", which makes the information about nearby drones available to anyone looking up for flying drones. The company said it would increase " safety, security, and peace of mind", along with preventing disruptions and security threats. However, the idea is being dismissed by security experts as they are of the opinion that it is not sufficient to fight illegal drone use and that the sophisticated hackers would easily manage to bypass the detection. With ransomware emerging as a service and being easily available, it's reasonable to expect hackers finding ways to circumvent the DJI's protocol. As a result, concerns have been raised regarding the viability of this "drone-to-phone remote identification" tool.

While substantiating the proposed idea, Brendan Schulman, VP of policy and legal affairs at DJI, said, "Remote ID functions as an electronic license plate for drones, allowing anyone who is curious about a drone in the sky to learn more about what it's doing."

"Around the world, aviation authorities have said remote ID is the key to allowing more complex drone use, and to solving concerns about safety and security." He added. "It's going to be very useful against rogue drones," said Elrike Franke, a policy fellow at the European Council on Foreign Relations, in a conversation with the BBC.

"But it's not going to be enough to fight people with real bad intentions, because these are going to be the first people to hack this system."

Further explaining the model, the company said, "Using a simple app, anyone within radio range of the drone can receive that signal and learn the location, altitude, speed, and direction of the drone, as well as an identification number for the drone and the location of the pilot."

However, the proposed app is not expected to be seen anytime soon due to the lack of Wi-Fi protocol compatibility with advanced smartphones. Currently, it also does not work on iPhones.

Cyber Intrusions on a Rise in Oregon, Attackers Bringing in Sophisticated Methods


Cyber intrusions have been on a rise with cybercrime becoming more dangerous and sophisticated than ever. The pervasive and evolving cybercrime poses a serious threat to both the public and private sector networks as attackers target international organizations to steal corporate data and individuals are subjected to identity theft.

In December 2018, Aaron Cole, from the Portland suburb of Oregon City, fell prey to a wire scam and nearly lost his home after being duped into making a fraudulent down payment of $123,000. The attacker sent Cole an email directing him to make the payment and tricked him into believing that it is from the title company he had been working with. At the time, Cole did not realize that a sophisticated network of hackers had been keeping track of his interactions with the title company. Although the email appeared similar in structure to the original emails he received from his title company, it had slight differences.

It was only when the title company reached out Cole on due dates, asking him to send the money, the realization of the blunder hit the Oregon man hard. He suddenly realized that he was duped by cybercriminals to give away all the money which he had saved from the sale of his former house along with other family savings.

Cole's title company, WFG came to his immediate rescue and made up for the losses, in turn, Cole is helping the company in spreading the word about more such scams. He was fortunate to be hired for the same amount he lost to the hackers - to be a spokesperson at the National Title Insurance Company.

“They warned we're never going to send you an email with wire instructions, it'll be an encrypted email. We’ll call you with wire instructions. They're putting all the red flags out there that they can possibly think of,” said Cole. “I was looking at it more like the terms of use when you want to download an app and you just skip through the thing and you click accept.”

While explaining the unfortunate incident and the state of mind which followed, the Oregon Husband and father of two said: "It was the worst feeling."

"And then having to go home and tell my wife that I just gave away all the money. She could tell right when I walked in the house and just sat down, and I just couldn't come up with the words to tell her." He added.

Referencing from the statements given by Gabriel Gundersen, an FBI supervisory special agent with the Oregon Cyber Task Force, "The emails have gotten well-crafted and quite detailed. They're highly tailored to that particular victim."

"It's a social engineering piece, where they're coercing a victim to do something based on an artificial agenda or an artificial timeline." He added.

Earlier the attempts made by attackers to dupe people were uncoordinated and clumsily executed due to which individuals had a scope of making distorted sense of anything which strikes them as strange and makes them feel uncomfortable, however now these cyber traps are set sophisticatedly making it difficult for individuals to locate the red flags.

Security officers are in a constant race with the attackers, ensuring they are not lacking behind with the fixes for every new approach slammed in by con men. However, the overall impact is still staggering as crucial systems are bypassed, disrupting the entire functioning of vital medical and banking networks.

xHelper: A Non-Destructive Malware that has Affected 45,000 Android Devices


A new Android trojan tension has become a headliner after darting upon the detector of several cyber-security firms and disturbing the smartphone users, because of its re-installing peculiarity that has become a headache. The malware was located in March for the first time but it gradually developed to affect the android phones.


Hot as xHelper, it is a unique malware that has been detected by antivirus corporations. xHelper is quite dangerous as it has a self re-install origin, a process that makes it very difficult to eliminate from Android gadgets. The Trojan is said to have corrupted around 45,000 devices. "Every day, 131 different devices are corrupted, whereas, 2,400 devices are being affected every month," says Symantec, a cybersecurity company. Eliminating the xHelper assistance from your Android device is useless as the malware re-establishes itself despite the user completing a factory reset.

In the conclusion of a story, the Trojan provides for popup ads on devices simultaneously beside spams. These popup notices make profits for the bodies responsible for the deed. Also, the trojan-infected android devices are required to install various apps from the Google Play Store, once the damage has been done. The malware secures profit in the scheme of pay-per-download payments, once the application is installed on the android phone.

But it appears that the Trojan does not perform any lethal actions on the device. "xHelper is only confined to interfering popup ads and spams, it doesn't possess any severe threat to the device" claims the reports of Symantec and Malwarebytes. Besides, excluding the xHelper assistance from the Android OS devices won't do any relief as the malware re-fixes itself despite the user restoring the phone to factory reset settings. The matter of concern, though, is the point that android device users have been notified that while xHelper is momentarily only confined to popups, spams, and ads, it can, however, install different applications, which could extend a secondary degree trojan threat that can steal sensitive data such as personal information and banking credentials of the users.

Pos Malaysia: Malware Attack Disrupts Internal Systems and Online Services



IT infrastructure of Pos Malaysia, postal delivery service in Malaysia, took a major hit from ransomware which rendered some of its online services inaccessible. After detecting the attack on Sunday, the company took immediate measures to shut down internal systems and parts of its online systems; they also lodged a police report with Royal Malaysia Police for attempted malware attack and reached out to concerned authorities to ensure the safety of their systems and database.

The website of the company was displaying an error message during the downtime, which said, “Sorry, we are under maintenance.” It was discovered during a system update on October 20 and since then, the company released three statements insisting on the safety of customers’ personal data and sensitive information. It assured that no user data was compromised and the issues are being rectified. Gradually, several of Pos Malaysia’s online services have been made accessible while over the counter services remain available at the company’s branches nationwide. However, the officials refrained from providing a specific timeline for the entire restoration of the halted services.

Seemingly, it was a major attempt that caused disruption in the company’s internal systems and online services for the past few days and subsequently affected the overall company’s operations.

In a statement on Facebook, Pos Malaysia told, “Our team has managed to rectify and restore several of the system and online services. We assure our customers that their data and personal information are safe.”

“We extend our apologies for the inconvenience caused and thank our customers for their kind understanding, patience and support during this period. We will provide regular updates from time to time,” it added.

Announcing that the services will be restored and made fully accessible gradually, a spokesperson told The Star, "Customers and business partners may now gradually access our services. Over the counter services at all branches remain available.”

"Currently, proactive steps are being taken by our IT recovery team to ensure minimal impact to our customers and business partners. While contingency plans are being considered to rectify and restore online operations, the majority of our services at all Pos Malaysia branches are still available," he added.

People who have made shipments via Pos Malaysia or have pending shipments and it required them to share any sensitive data with the postal delivery company, odds are it would have been compromised in the attempted malware attack, therefore, they are advised to check their private credentials where necessary.