Primarily targeting Google Chrome, Mozilla Firefox, and Chromium code in itself, Jupyter's attack chain, delivery, and loader demonstrate additional capabilities such as a C2 client, execution of PowerShell scripts and commands, hollowing shellcode into legitimate windows configuration applications, for full backdoor functionality. 

The infostealer's attack begins with a zip file containing an installer which typically impersonates legitimate software like Docx2Rtf. When the installer is executed, a .NET C2 client is inserted into memory. Jupyter loader has a well-defined protocol, persistence modules, and versioning matrix, it furthers with downloading the next stage, a PowerShell command to execute the Jupyter injected in memory earlier. Now using the commonalities between both the .Net components an end-to-end framework is developed for the implementation of the Jupyter infostealer as both have similar code, obfuscation, and unique UID implementation. 

 

As per the analysis published by Morphisec, "Jupyter is an infostealer that primarily targets Chromium, Firefox, and Chrome browser data. However, its attack chain, delivery, and loader demonstrate additional capabilities for full backdoor functionality.” 

 

"Morphisec has monitored a steady stream of forensic data to trace multiple versions of Jupyter starting in May 2020. While many of the C2s are no longer active, they consistently mapped to Russia when we were able to identify them," read the report. 

Multiple versions of Jupyter were traced back to Russia and the planet name was noticeably misspelled from Russian to English, as per the Morphisec researchers who also found out the same image on Russian-language forums upon running a reverse Google Image search of the C2 admin panel image, concluding that the attack has Russian origins. 

 

"This is the first version seen in the wild of the infostealer stealing information (autocomplete, cookies, and passwords) only from Chrome browsers," said researchers. 

"This version added Firefox information stealing (cookies, logins, certificates, and form history). This version uses the same technique of copying the stolen information before accessing it to evade detection." The researchers further added.

Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

The travel details and email addresses of around 10,000 commuters who used free wi-fi provided at UK railway stations were exposed online, as per the confirmations given by UK-based Network Rail. The unfortunate event affected a number of railway stations including London Bridge, Norwich, Harlow Mill, Chelmsford, Colchester, Waltham Cross, and Burnham.

The incident came into light when a security researcher Jeremiah Fowler, from Security Discovery, discovered an unprotected database online consisting of 146 million records, it included personal information of travelers such as their contact details and DOBs. The confirmation on the incident followed after three days by the Network Rail and the service provider C3UK who took immediate measures to protect the leaked database, a backup copy containing around 10,000 email addresses of the commuters.

On 14 February, Fowler tried to contact C3UK and sent two emails over six days for which he did not receive any feedback. Reportedly, the data was not misused or stolen by any third party, therefore C3UK chose not to notify the data regulator, the Information Commissioner's Office (ICO).

Network Rail strongly recommended the service provider C3UK to report the vulnerability and informed media that they will have their data protection team reach out to ICO and explain its stance on the matter.

While providing assurance and explaining its position on the matter, C3UK said, "To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available."

"Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability," it added.

Meanwhile, the ICO also confirmed to BBC that it hadn't been notified, "When a data incident occurs, we would expect an organization to consider whether it is appropriate to contact the people affected and to consider whether there are steps that can be taken to protect them from any potential adverse effects," it said.

In the wake of the incident, Greater Anglia, a Great Britain based train operating company, which manages some of the affected railway stations told that it stopped employing C3UK to provide its station wi-fi. Meanwhile, the provider for London Bridge station assured the corresponding Network Rail that it was an issue of low-risk and that "the integrity of people's information remains fully secure."

On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Bengaluru: Kamin Prajapathi (40), a senior accountant manager in a multinational software company was arrested by the police on Sunday for data theft.

The accused, a resident of Concorde Napa Valley and Kanakapura Road and Bihar stole the data of nearly 300 employees working in the same company, transferring their bank details, credit card details and bank account details to his personal mail.

Prajapathi started working in the company from August 2017 and quit his job in April 2019 though the police said that before resigning he transferred the stolen data to his personal mail with plans to hand the data to another company for a senior-level position. He told the company, he had surplus confidential data that they could use to their advantage and build their business.

KS Santosh, founder of a cybersecurity solutions firm 'Group Cyber ID', says these type of data theft are pretty common, “These frauds occur in startups, where former employees steal data from the startup and begin their own firm using the data. Many companies have filed data theft complaints against individuals,” (Sc Indiatimes.com)

Likewise, Prajapathi allegedly hacked into the website of the company where he worked and is suspected that he had been stealing data since 2017 and selling it to other companies. Aside from the bank details of employees and clients, he also collected pivotal data of the company's clients.

The managers from the private firm, where he previously worked lodged a complaint at the cyber-crime police station, and after a probe the police nabbed Prajapathi confiscating his laptop, CPU and mobile phone. The cyber-crime officials also found an account created by Prajapathi on a web-based email service as solid evidence against him.

There has been a significant rise in data theft cases in the last few years as reliance on digital platforms increase. In the city itself, there have been cases where the miscreants hacked into the system using simple hacking techniques, and thus it is crucial to install effective data security solutions to protect the privacy and curtail cybercrime.

A high school senior in Lexington, Massachusetts discovered two vulnerabilities in software programs employed by his school which could have potentially affected the student data of around 5 million students.

Billi Demikarpi is a teen hacker who developed a penchant for hacking when he was in the freshman year and subsequently uncovered serious security flaws in two education programs, Aspen and Blackboard.

Reportedly, the probable consequences of these vulnerabilities would have been more disastrous than those San Diego Unified School District faced after the massive data breach that put to risk the data of more than 500,000 students along with the staff of the school.

The information that could have been exposed via the Aspen vulnerability includes details of bus routes, birthplaces, special education status, number of reduced or free lunches and suspensions.

It could have been exploited by the hacker to gain access to the data on the website after entering his own script as the Aspen website lacked the filters which other websites usually contain in order to reject hacker requests.

According to the statements given by both the companies, no one has exploited the security flaws besides Billi, who only accessed the information about himself and of a friend's whom he took consent from before doing so.

While sharing  his experience, Demirkapi said, “These companies say they're secure, that they do audits, but don't take the necessary steps to protect themselves from threats.”

Around 10,000 customers of Aegon Life Insurance, a joint venture between the Netherlands-based Aegon and India's Times Group, fall prey to a data leak which was caused through website's support channels, which clients used to communicate with the insurer regarding their grievances.

Reportedly, the data compromised included all the details ranging from the very basic demographic ones like name, gender, age to more specific ones such as health policy problems and annual income. It occurred due to a security vulnerability in the company's website.

Renie Ravin, Indian web developer and co-founder of the independent blogging platform, 'IndiBlogger', discovered the vulnerability which led to the data leak and reported it to the company in July 2019.

However, there is no evidence of the exposed data being illegally accessed or misused.

Referencing from the statements given by the company, "Aegon Life Insurance, India announces that a vulnerability on their website exposed information of some Indian customers who had used web forms to get in touch with Aegon Life."

"Aegon Life immediately fixed the vulnerability and have since informed all customers of this exposure. Aegon Life estimates that up to 10,000 customers were possibly affected."

"We will initiate an outreach program in the coming days to offer guidance to affected customers and to let them know what information was exposed. At Aegon Life, data security and customer privacy are of utmost importance and we will continue to be transparent with customers as we investigate further," the company added.