Search This Blog

Showing posts with label data security. Show all posts

IT Services Remain Disrupted At Two Colleges Of Ireland After Ransomware Attacks

 

Two IT universities of Ireland the National College of Ireland (NCI) and the Technological University of Dublin have been hit by a cyber attack. 

Recently, both the aforementioned universities have reported ransomware attacks on their system. Currently, the National College of Ireland is working 24 hours to restore its IT services after suffering a massive cyber attack. Consequently, the institution is forced to go with an offline IT system. 

"NCI is currently experiencing a significant disruption to IT services that have impacted a number of college systems, including Moodle, the Library service, and the current students’ MyDetails service," the college reported on Saturday. 

An advisory that has been released by some press institutions said that two third-level institutions that are experiencing cyber-attacks, particularly ransomware attacks – in their regard, there is no definite timeline for when the IT services will be fully restored. 

In the wake of the attack, the two institutions have immediately notified the students, staff, and other employees, about the cyber attacks. Subsequently, NCI’s IT suspended access to the systems and the campus building was also shut down for staff as well as the students until the IT services are fully recovered from the attacks. 

NCI has also notified the important inquiries pertaining to the attack, to the authorities including the national police service of the Republic of Ireland and the Data Protection Commissioner. 

"Please note that all classes, assessments, and induction sessions planned from today Tuesday 6th until this Thursday 8th April inclusive have been postponed and will be rescheduled for a later date," NCI added in a statement issued today. 

"…The College will issue a further update on Thursday afternoon in relation to classes and other events for Friday and beyond. As well as, Students with assignments due this week were told that "no late penalties will be applied while the outage remains in place." 

Meanwhile, students were also told not to access any system of the campus until Monday, April 12. They were also advised to avoid contacting the IT staff that is at present working on restoring attacked IT systems.

Facebook Data Breach: How To Check If Your Details Were Leaked

 

By now you must have heard that the social network giant ‘Facebook’ has witnessed a very large-scale user data breach that has affected more than 533 million users from 100 plus states. 

Cybercriminals leaked the credentials on online serves that included Facebook IDs, addresses, photos, and other details and in certain cases email addresses. Ironically, it has been seen that the personal data of Facebook’s founder and CEO-Mark Zuckerberg, was also leaked in that breach. 

This article will guide you to check whether your personal data has been breached or not, as a part of the breach. Additionally, you also can check recent leaks or other past leaks in the post. 

The first step is to just go and visit Have I Been Pwned, it will ask for your account details such as your email address or logged-in phone number. If your email address (and the associated account) has been compromised, it will let you know, moreover, not only in regard to the recent breach but it will also give you an account of any other breaches in which your personal data may have been compromised.

"Have I Been Pwned" has been created by a security researcher named Troy Hunt, who was initially skeptical of adding a phone number option while searching breaches due to certain privacy risks, but ended up adding the feature. 

Another tool is a site called The News Each Day, wherein you can just enter your phone number, and then technical information will appear on your screen informing whether your data has been compromised or not. 

Additionally, all the users are advised to change the passwords of the compromised sites alongside, looking out for the best endpoint protection tools that are out there. Users are also recommended to verify the security of sites and apps around to keep their identity safe and secure, for which they are advised to rely on the best identity theft protection.

Man Indicted In Kansas Water Facility Breach

 

Today the US Department of Justice charged a Kansas man for breaching a public water system and trying to shut down the water functioning process with the intention of damaging the local community. 

The official statement has been posted on Wednesday by the Department of Justice (DOJ); The 22-year-old man named Wyatt A. Travnichek, accused of hacking into the computer system of the local water utility is a native of Ellsworth County, Kan. He was well aware of the public damage that could be caused by getting access to the Ellsworth County Rural Water District's (also known as Post Rock Rural Water District) computer system with illegal means. He tried to sabotage the water running system, according to the sources. 

The episode first appeared on 27 March 2019, when Post Rock experienced an uncertified remote trespass the facility system and successfully shut down the whole functioning operations. 
Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas said that “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community…”

“…EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.” 

Nevertheless, the court’s documents had not mentioned whether Travnichek’s operation was successful or not. Additionally, the court did not explain how the operation was detected. In this regard, the officials stated that Travnichek was an employee of the Post Rock Rural Water District from January 2018 to January 2019 until he resigned from the facility in January 2019. 

Post Rock provides water facilities around eight Kansas counties. Part of Travnichek's job was to log in to the Post Rock computer system to monitor the plant after hours, but he ended up exploiting the system by illicitly accessing it. 

"He logged in remotely to Post Rock Rural Water District's computer system and performed activities that shut down processes at the facility which affect the facility's cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1," the document further reads.

US Telemarketing Company Leaks Data of 114,000 Consumers In a Cloud Storage Error

In a recent cybersecurity incident, a US telemarketing firm leaked sensitive data of tens of thousands of customers after a misconfiguration of a cloud storage bucket happened. VpnMentor team's Noem Rotem identified the malicious AWS S3 bucket last year on 24 December. The finding was traced back to CallX, a Californian business, and its clients use the analytics service to strengthen their inbound marketing and media buying. As per the website, the company lends marketplace Lending tree, security provider Vivint and Liberty Mutual Insurance to its customers. 

Rotem discovered around 1,14,000 files that were dumped openly in the leaky bucket. Most of the files were the audio recordings of call logs between customers and CallX clients, these were traced through the company's software. Besides this, 2000 text transcripts of conversations were also accessible. The files' PII (Personally Identifiable information) include user names, contact no, residential address, and much more. 

"If cybercriminals needed additional information, they could hijack calls logged by CallX and do fake ‘follow up’ phone calls or emails posing as a representative of the relevant CallX client company. Using the transcripts, it would be easy to establish trust and legitimacy with targets in such schemes," reports VpnMentor. As the people exposed have no apparent relationship to one another, by the time the fraud was discovered, it may be too late, it says. VpnMentor alarmed that hackers could launch phishing attacks using the leaked data. CallX can also fall under regulatory scrutiny, being in the purview of the new CCPA (Californian privacy law). Sadly, the bucket is still open to date. 

VpnMentor in its research team reported (https://www.vpnmentor.com/blog/report-callx-breach/) "our team discovered CallX’s S3 bucket and was able to view it due to insufficient security. We found an image of the company’s logo amongst the files stored on the S3 bucket and, upon further investigation, confirmed the company as its owner. We immediately contacted CallX to notify it of the vulnerability and provide guidance on securing an S3 bucket. It’s unclear how many people were aware that somebody recorded their conversations. As a result, the people exposed in this data breach may never know their private data was exposed publicly."

Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed

 

Zee5, an Indian Leading giant over-the-top (OTT) platform has witnessed a data breach. According to the information, the data breach has exposed sensitive credentials of the 9 Million customers of the network. Screenshots of the stolen database which were accessed by Inc42 have disclosed that hacked information contained the names of the clients, IP addresses, phone numbers, email addresses, and their usernames of the Zee5 accounts. 

At first, the incident has been reported to the Inc42 by an independent Cybersecurity researcher ‘Rajshekhar Rajaharia’. Additionally, it has also been confirmed that the leaked data of at least a few clients were genuine and that of Zee5 customers. 

An unidentified threat actor had uploaded a sample of the full stolen database that included descriptive information of 1 Million customers of Zee5 on an AnonFiles link. Whilst the leaked data has not directly compromised the accounts of victims, but there's a high likeability in the future that the details of contact that are contained in the database could be used for large-scale phishing attacks and for various scams in cyberattacks such as taking advantage of the stolen database to try to find similarities on other vulnerable platforms. 

A Zee5 spokesperson responded to Inc42, “We have noted some reports claiming about the data breach at Zee5’s end and we are investigating it further. We would like to confirm that all the sensitive information of our subscriber user base has not been compromised and is fully secured.” 

In July 2020, cyber attackers had affirmed to have stolen a 150 GB sized database that they had planned to sell online privately. 

However, at that time, the organization had responded to the public regarding an attack in negative, even though the intelligence warned that the information is being sold on the dark web. 

As of December 2020, the Zee5 had confirmed that the network has a monthly 65.9 Million active users (MAUs) and 5.4 Million daily active users (DAUs). 

Meanwhile, in June 2020, a Sensor Tower had revealed in its report that the Zee5 OTT platform was the ninth most downloaded streaming app worldwide with 4.16 Million downloads in the month of July itself.  Active users are from India, Pakistan, and the United Arab Emirates; they constitute 96% of the userbase for the platform. 

Malaysia Airlines hit by ‘Data Security Incident’

 

Malaysia Airlines has educated Enrich frequent flyer individuals of a “data security incident” via a third-party IT service provider, demanding the breach avoided the national carrier’s core IT infrastructure and systems. The airline had conveyed an emailer to Enrich members this week, expressing it was informed of a "data security incident" at the third-party IT supplier. The breach included "some personal data" and happened sometime between March 2010 and June 2019, it said, adding that these details incorporated members name, date of birth, contact data, and different frequent flyer information like number, status, and tier level. 

Travel information like schedules, reservations, ticketing, and ID card, just as payment details were not compromised, as indicated by Malaysia Airlines. Its own IT infrastructure or systems likewise were not influenced, the carrier said. It noticed that there was "no proof" that any personal information had been abused and the breach didn't uncover any account passwords, however, it encouraged Enrich members to change their passwords as a safety measure. The airline likewise guided clients to pose any questions they may have directly via email to its data privacy officer. 

At press time, Malaysia Airlines presently couldn't seem to make a public statement on the security breach or post a notice on its website. It did, in any case, seem to affirm the incident on Twitter in its answers to clients. In one of a few such responses, the national carrier said: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines' computer systems. However, the airline is monitoring any suspicious activity concerning its members' accounts and in constant contact with the affected IT service provider to secure Enrich members' data and investigate the incident's scope and causes." 

 The announcement comes less than a month after revelations that software utilized by Singtel was “illegally attacked by unidentified hackers”, accessing file-sharing system FTA via third-party vendor Accellion. As per the telecommunications giant, the breach affected a “standalone system” which is utilized to share data internally as well as with external stakeholders. 

 “This is an isolated incident involving a standalone third-party system,” a statement from Singtel read at the time. “Our core operations remain unaffected and sound.”

Russian Hackers Sabotaging Critical U.S Infrastructure

Among every state-sponsored hacking group that has attacked the U.S power grid, and went beyond to compromise American Electric Utilities, only Sandworm, a Russian Espionage group, has been bold enough to activate real blackouts, compelling lights shutdown in Ukraine in 2015 and 2016. A firm that emphasizes grid security has issued a warning that a criminal group that has links to Sandworm's highly sophisticated hackers has been successfully attacking US energy systems and it's been years.

Wired reports, "Dragos ties Kamacite to electric grid intrusions not just in the US, but also to European targets well beyond the well-publicized attacks in Ukraine. That includes a hacking campaign against Germany's electric sector in 2017." Recently, Dragos, an industrial cybersecurity firm issued its yearly report on the current state of industrial controls systems security. The report has identified four new foreign criminal groups which target these critical infrastructure systems. Three of these four groups have attacked US industrial control systems. 

However, the most notorious group is Kamacite, according to Dragos. The group, says Dragos, may have worked with Gru's Sandworm. In the past, Kamacite has worked as Sandworm's access team. Experts believe it emphasized getting a stronghold in the victim network before giving access to other Sandworm hacking groups. These groups, in turn, have performed the cyberattacks. As per cybersecurity agencies, Kamacite has targeted US electric utilities, gas and oil, and other organizations on various occasions. These attacks date back to 2017.  Experts believe that the group is continuously attacking the US electric utility sector to maintain a presence of a threat. 

In few incidents over the years, the group has successfully managed to breach US target networks, which allowed them to gain access to the utilities. Sergio Caltagirone, Dragos vice president of threat intelligence and former NSA analyst says that "if you see Kamacite in an industrial network or targeting industrial entities, you clearly can't be confident they're just gathering information. You have to assume something else follows. Kamacite is dangerous to industrial control facilities because when they attack them, they have a connection to entities who know how to do destructive operations."  

Data of 14 Million Amazon and eBay Accounts Leaked on Hacking Websites

 

An anonymous user offered 14 million data from Amazon and eBay accounts on a prominent hacking website for dissemination. The details seem to have been obtained from customers of Amazon or eBay having accounts from 18 countries between 2014-2021.

In Seattle, USA- focused on e-commerce, cloud computing, internet streaming, and artificial intelligence, Amazon.com Inc. is an international corporation based in Washington. Founded in 1994, the business was named "one of the most influential economic and cultural forces in the world" as well as the most valuable brand in the world. Whereas eBay Inc. is also a U.S. international e-commerce company headquartered in San Jose, California that allows transactions and sales to customers and companies through its website. eBay was founded in 1995 by Pierre Omidyar and became a remarkable success story for the dot-com bubble. 

The database acquired by the hacker was sold for 800 dollars where the accounts were divided through each country. The details leaked contain the entire customer name, mailing code, shipping address and store name, and a telephone number list of 1.6 million users. Although two copies had already been sold, the blog publisher has now closed the deal. 

The way the blog-publisher has acquired data is at present- unclear. Though the firm researching this incidence did not independently check or validate that Amazon or eBay data were certainly from the 2014-2021 period. A representative of Amazon said that the allegations had been reviewed with no evidence of any data violation. 

Also, it is more probable that Amazon or eBay have not experienced any infringements. Instead, a common form of password spraying was presumably used by the threat actor to get the passwords. Spraying passwords is an attack attempting to enter a wide number of accounts with a few popular passwords (usernames). Standard attacks by brute forces seek to enter a single account by guessing the password.

Fortunately, highly confidential material, including billing records, national ID numbers, or even e-mail addresses, does not exist on the server. However, the data being sold at this time is also potentially vulnerable and can be used for a range of reasons, such as doxing users by public dissemination of private data (e.g. sensitive things that nobody needs to hear about). The data may also be exploited by cybercriminals for purposes of creating a spam list or business intelligence.

Comcast Data Breach Compromised with 1.5 Billion Data Records

 

American cable and Internet giant Comcast was struck by a data breach few days back. An unprotected developer database with 1.5 billion data records and other internal information was available via the Internet to third parties during this data breach. 

Comcast Corporation is the largest cable operator network and, after the AT&T it is the second largest internet service provider as well as the third largest telephonic company in the US after the AT&T and Verizon Communications. 

Recently the research team of WebsitePlanet in collaboration with the security researcher, Jeremiah Fowler, identified a non-password-protected database with a total size of 478 GB of 1.5 billion records. The database of Comcast featured dashboard permissions, logging, client IPs, @comcast e-mail addresses and hashed passwords in publicly accessible domain. By this breach, a description of the internal functionality, logging and general network structure is established with the IP addresses contained in the database. The server also revealed the Comcast Development Team's email addresses and hashed passwords. Further the database also provided the error reports, warning and the task or job scheduling information, cluster names, device names, and internal rules marked by the tag “Privileged=True.” Middleware also was detected in error logs and can often be used for ransomware or other bugs as a secondary way. 

However the measures to control the access to the data were taken around in an hour, as the malicious actors could have easily accessed and retrieved the confidential information until the data was secured. The researchers relying on Comcast's data immediately submitted a notice of disclosure and affirmed their observations to their Security Defect Reporting team. 

Fowler also said that, this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. 

A representative for Comcast stated that, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.” 

Naturally, it is unavoidable to deal with errors which reveal data as long as people are engaged in configurations. However, Comcast's size does cause these mistakes to be very disruptive and can affect many subscribers and business customers. That's the reason why these firms would follow those security lists, double-check additional teams, and do whatever they can to reduce chance of publicity. Though in this incident the action was taken in time.

Security Firm Stormshield Discloses Data Breach, Theft of Source Code


Stormshield is a French based leading cyber-security firm that provides network security services and security equipment to the government. Recently the firm discovered that malicious actors have used one of its customer support portals and stole sensitive credentials of some of its customers. While reporting the same to the press, the firm also said that hackers successfully managed to steal parts of the source code for the Stromshield Network Security (SNS) firewall, a product certified for use in sensitive government networks, as part of infiltration. 

The organization told that its team is investigating the attack and assessing the impact of the breach on government systems with the French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information). 

"As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised," Stormshield said in a message posted earlier today on its website. 

The cybersecurity department of the French government is taking this cyberattack as a major data breach. The French cyber-security agency ANSSI noted in its own press release that "Stormshield SNS and SNI products have been 'under observation' for the duration of the investigation." 

Additionally, Stromshield has informed that its department is reviewing the SNS source code and has also taken some major steps to prevent further attacks on the firm. The Company has also replaced the digital certificates which were used to sign SNS software updates. 

"New updates have been made available to customers and partners so that their products can work with this new certificate, all the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers," Stormshield spokesperson said. 

“Only about 2% of customer’s accounts were affected in the breach, which is "around 200 accounts out of more than 10,000." He added. 

Furthermore, the French security firm said “it also reset passwords for its tech support portal, which the attackers breached, and the Stormshield Institute portal, used for customer training courses, which weren’t breached, but the company decided to reset passwords as a preventive measure”.

Cyber Criminals Leak Hackney Council Files on the Darknet Website

 

Cybercriminal group recognized as Pysa/Mespinoza has leaked the sensitive information stolen from the Hackney Council on the Darknet website. The group of attackers claimed that the stolen documents are from Hackney Council in a ransomware attack last year. The council in East London stated that they are collaborating with the Ministry of Housing and the UK’s National Cyber Security Centre (NCSC) to scrutinize and perceive the impact of the incident.

The stolen data published on the ‘dark web contains the personal information of council staff and residents; the files include critical information regarding the PhotoID, staff data, passports dump’. Cybercriminal group is utilizing the stolen data as their leverage to extort payment from the Hackney Council.

Cybersecurity expert, Brett Callow stated that “It’s an increasingly common place for ransomware groups to steal data and use the threat of its release as additional leverage to extort payment. Organizations in this position are without good option. Whether they pay or not, they’ve had a data breach and the criminals have their information. The most they can hope for is a pinky-promise that it will be destroyed”.

In this regard, the National Cyber Security Centre (NCSC) guidelines announced that there is no assurance that organizations, companies, or councils will get access to their stolen data even if the ransom demand from extorters is fulfilled. Hence law enforcement ‘does not encourage, endorse, nor condone the payment of ransom demands’.

Hackney council spokesperson asserted that in their initial investigation there are no indications that the majority of the critical and personal information of our residents have been published or affected. There are also not any signs of this critical information visible via search engines on the Internet.

He further asserted that necessary precautionary measures have been taken and they are closely monitoring the whole incident. They have collaborated with the local authorities including the Information Commissioner’s Office, Metropolitan Police, and National Crime Agency to investigate the whole incident.

MyOffice, the Russian alternative to Office 365 gains momentum in Africa

The MyOffice platform, the Russian equivalent of Microsoft Office 365, is conquering Africa. The Russian software developer has signed deals for the licensing of the MyOffice package with the governments of Cameroon, Burundi, and the Congo. In the future, the Russian company plans to enter the markets of 23 more African countries.

An important advantage of the information product for customers was the absence of the need to store data on foreign servers.

"We can be sure that government secrets will be protected from hackers or any third parties," said Minister of Education of Cameroon Laurent Etundi.

Dmitry Komissarov, founder and CEO of MyOffice, said that sales in Africa can make up 15% of the company's total revenue. "We were very surprised by the growth of the project in Africa,” added he.

"MyOffice is a small company. It is expected that this year its total income will be $26 million. However, the company is supported by Kaspersky Lab, which had sales of almost $700 million last year. The administration of President Vladimir Putin also helped promote the company in Africa.

Years of declining oil revenues have pushed Putin to find other ways to expand trade, including with Africa. Some MyOffice agreements are a consequence of a summit held last year in Sochi to promote trade with Africa. A representative of the Russian Ministry of Telecom and Mass Communications was present at the signing of the agreement between the company and Congo.

Millions of people in Africa are only now beginning to access the Internet. According to the GSMA, more than 300 million devices will be connected to the Internet in sub-Saharan Africa by 2026.

Jupyter Trojan Steals Chrome Firefox Data and Opens Backdoor

Researchers at Morphisec has recently discovered a trojan malware campaign targeted at stealing information from businesses and higher education. Reportedly, the malware named Jupyter has been used by Russian speaking hackers to gather data from various software. 

Primarily targeting Google Chrome, Mozilla Firefox, and Chromium code in itself, Jupyter's attack chain, delivery, and loader demonstrate additional capabilities such as a C2 client, execution of PowerShell scripts and commands, hollowing shellcode into legitimate windows configuration applications, for full backdoor functionality. 

The infostealer's attack begins with a zip file containing an installer which typically impersonates legitimate software like Docx2Rtf. When the installer is executed, a .NET C2 client is inserted into memory. Jupyter loader has a well-defined protocol, persistence modules, and versioning matrix, it furthers with downloading the next stage, a PowerShell command to execute the Jupyter injected in memory earlier. Now using the commonalities between both the .Net components an end-to-end framework is developed for the implementation of the Jupyter infostealer as both have similar code, obfuscation, and unique UID implementation. 
 
As per the analysis published by Morphisec, "Jupyter is an infostealer that primarily targets Chromium, Firefox, and Chrome browser data. However, its attack chain, delivery, and loader demonstrate additional capabilities for full backdoor functionality.” 
 
"Morphisec has monitored a steady stream of forensic data to trace multiple versions of Jupyter starting in May 2020. While many of the C2s are no longer active, they consistently mapped to Russia when we were able to identify them," read the report. 

Over the last 6 months, these installers have given exceptional results at bypassing security scanning controls, some among these installers even maintained 0 detections in VirusTotal.

Multiple versions of Jupyter were traced back to Russia and the planet name was noticeably misspelled from Russian to English, as per the Morphisec researchers who also found out the same image on Russian-language forums upon running a reverse Google Image search of the C2 admin panel image, concluding that the attack has Russian origins. 
 
"This is the first version seen in the wild of the infostealer stealing information (autocomplete, cookies, and passwords) only from Chrome browsers," said researchers. 

"This version added Firefox information stealing (cookies, logins, certificates, and form history). This version uses the same technique of copying the stolen information before accessing it to evade detection." The researchers further added.

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

Australia: TikTok Undergoing Scrutiny Over Data Security Concerns


Chinese video-sharing social networking platform, TikTok is undergoing scrutinization in Australia over data security and privacy concerns, according to the government sources. 

TikTok is a free app where users can post a minute long videos of short dances, lip-sync, and comedy using a multitude of creative tools at their disposal. The platform differs from other social media platforms in ways where it allows navigation through videos by scrolling up and down instead of usual tapping or swiping. 

Recently, the Bytedance owned, TikTok became a hot topic of discussion in both the offices of Home Affairs as well as Attorney-General; reportedly, the issue of privacy concerns drew more attention in the wake of the video-sharing giant opening an office in Australia. 

Lately, the platform had been making headlines for 'national security concerns'  which was one of the major reasons for Prime Minister Scott Morrison to examine TikTok, he stated that if there will be a need to take more actions than what the government had already been taking, then they won't be shy about it. 

Meanwhile, the inquiries carried out by Labor Senator Jenny McAllister put forth a need to scrutinize the app further, given a total of 1.6 million Australians were on TikTok. 

In conversation with ABC radio, she told, "Some of these approaches to moderating content might be inconsistent with Australian values," 

"For example, removing material about Tiananmen Square, or deprioritizing material about Hong Kong protests," she added. 

In a letter to Australian politicians, Lee Hunter,  general manager for TikTok Australia said, it's "critical you understand that we are independent and not aligned with any government, political party or ideology."

UK-Based Network Rail Confirms Online Exposure of Wi-Fi User Data


The travel details and email addresses of around 10,000 commuters who used free wi-fi provided at UK railway stations were exposed online, as per the confirmations given by UK-based Network Rail. The unfortunate event affected a number of railway stations including London Bridge, Norwich, Harlow Mill, Chelmsford, Colchester, Waltham Cross, and Burnham.

The incident came into light when a security researcher Jeremiah Fowler, from Security Discovery, discovered an unprotected database online consisting of 146 million records, it included personal information of travelers such as their contact details and DOBs. The confirmation on the incident followed after three days by the Network Rail and the service provider C3UK who took immediate measures to protect the leaked database, a backup copy containing around 10,000 email addresses of the commuters.

On 14 February, Fowler tried to contact C3UK and sent two emails over six days for which he did not receive any feedback. Reportedly, the data was not misused or stolen by any third party, therefore C3UK chose not to notify the data regulator, the Information Commissioner's Office (ICO).

Network Rail strongly recommended the service provider C3UK to report the vulnerability and informed media that they will have their data protection team reach out to ICO and explain its stance on the matter.

While providing assurance and explaining its position on the matter, C3UK said, "To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available."

"Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability," it added.

Meanwhile, the ICO also confirmed to BBC that it hadn't been notified, "When a data incident occurs, we would expect an organization to consider whether it is appropriate to contact the people affected and to consider whether there are steps that can be taken to protect them from any potential adverse effects," it said.

In the wake of the incident, Greater Anglia, a Great Britain based train operating company, which manages some of the affected railway stations told that it stopped employing C3UK to provide its station wi-fi. Meanwhile, the provider for London Bridge station assured the corresponding Network Rail that it was an issue of low-risk and that "the integrity of people's information remains fully secure."

Facebook Sues Data Analytics Firm for Improperly Harvesting User Data


On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Private Firm Employee arrested for Data Theft in Bengaluru



Bengaluru: Kamin Prajapathi (40), a senior accountant manager in a multinational software company was arrested by the police on Sunday for data theft.

The accused, a resident of Concorde Napa Valley and Kanakapura Road and Bihar stole the data of nearly 300 employees working in the same company, transferring their bank details, credit card details and bank account details to his personal mail.

Prajapathi started working in the company from August 2017 and quit his job in April 2019 though the police said that before resigning he transferred the stolen data to his personal mail with plans to hand the data to another company for a senior-level position. He told the company, he had surplus confidential data that they could use to their advantage and build their business.

KS Santosh, founder of a cybersecurity solutions firm 'Group Cyber ID', says these type of data theft are pretty common, “These frauds occur in startups, where former employees steal data from the startup and begin their own firm using the data. Many companies have filed data theft complaints against individuals,” (Sc Indiatimes.com)

Likewise, Prajapathi allegedly hacked into the website of the company where he worked and is suspected that he had been stealing data since 2017 and selling it to other companies. Aside from the bank details of employees and clients, he also collected pivotal data of the company's clients.

The managers from the private firm, where he previously worked lodged a complaint at the cyber-crime police station, and after a probe the police nabbed Prajapathi confiscating his laptop, CPU and mobile phone. The cyber-crime officials also found an account created by Prajapathi on a web-based email service as solid evidence against him.

There has been a significant rise in data theft cases in the last few years as reliance on digital platforms increase. In the city itself, there have been cases where the miscreants hacked into the system using simple hacking techniques, and thus it is crucial to install effective data security solutions to protect the privacy and curtail cybercrime.

Student Uncovers Flaw in Education Software Exposing Data of Students



A high school senior in Lexington, Massachusetts discovered two vulnerabilities in software programs employed by his school which could have potentially affected the student data of around 5 million students.

Billi Demikarpi is a teen hacker who developed a penchant for hacking when he was in the freshman year and subsequently uncovered serious security flaws in two education programs, Aspen and Blackboard.

Reportedly, the probable consequences of these vulnerabilities would have been more disastrous than those San Diego Unified School District faced after the massive data breach that put to risk the data of more than 500,000 students along with the staff of the school.

The information that could have been exposed via the Aspen vulnerability includes details of bus routes, birthplaces, special education status, number of reduced or free lunches and suspensions.

It could have been exploited by the hacker to gain access to the data on the website after entering his own script as the Aspen website lacked the filters which other websites usually contain in order to reject hacker requests.

According to the statements given by both the companies, no one has exploited the security flaws besides Billi, who only accessed the information about himself and of a friend's whom he took consent from before doing so.

While sharing  his experience, Demirkapi said, “These companies say they're secure, that they do audits, but don't take the necessary steps to protect themselves from threats.”


10,000 Clients Affected in Aegon Life Insurance Data Leak


Around 10,000 customers of Aegon Life Insurance, a joint venture between the Netherlands-based Aegon and India's Times Group, fall prey to a data leak which was caused through website's support channels, which clients used to communicate with the insurer regarding their grievances.

Reportedly, the data compromised included all the details ranging from the very basic demographic ones like name, gender, age to more specific ones such as health policy problems and annual income. It occurred due to a security vulnerability in the company's website.

Renie Ravin, Indian web developer and co-founder of the independent blogging platform, 'IndiBlogger', discovered the vulnerability which led to the data leak and reported it to the company in July 2019.

However, there is no evidence of the exposed data being illegally accessed or misused.

Referencing from the statements given by the company, "Aegon Life Insurance, India announces that a vulnerability on their website exposed information of some Indian customers who had used web forms to get in touch with Aegon Life."

"Aegon Life immediately fixed the vulnerability and have since informed all customers of this exposure. Aegon Life estimates that up to 10,000 customers were possibly affected."

"We will initiate an outreach program in the coming days to offer guidance to affected customers and to let them know what information was exposed. At Aegon Life, data security and customer privacy are of utmost importance and we will continue to be transparent with customers as we investigate further," the company added.