The influencer-VPN provider relationship is good for business, but not for security.

Rise in VPN Sales Raises Concerns Over Security

Sanjay PatilJune 2, 23internet, Security, VPN

No matter what kind of content you’ve been watching on YouTube lately, whether it’s gaming, politics, or lengthy video essays, chances are you’ve come across an advertisement for virtual private network (VPN) services. These ads are often promoted by influencers who claim that their VPN offers military-grade encryption and the ability to stream content from anywhere, as long as you use their special code at checkout. This allows them to receive a commission from the sale. VPN ads aren’t just everywhere on YouTube. Since the beginning of 2016, VPN companies…

Amazon agreed to pay $25 million to settle allegations it violated children's privacy rights when it failed to delete Alexa recordings at the request of parents

News

Amazon Pays $30 Million for Alexa & Doorbell Camera Privacy Breach

Jim HendlerJune 1, 23Alexa, Amazon, Privacy, Security

Amazon.com and one of its subsidiaries reached separate multimillion-dollar settlements with the U.S. Federal Trade Commission on Wednesday over violations of children’s privacy using its Alexa voice assistant and its Ring camera in a doorbell. Amazon has agreed to pay $25 million to settle allegations that it violated children’s privacy by failing to delete Alexa recordings at parents’ request and keeping them longer than necessary, according to a filing in federal court in Seattle. “While we disagree with the FTC’s allegations against both Alexa and Ring and deny any violation…

The attack on MCNA is the largest health breach this year.

News

Ransomware attack exposes sensitive information of nearly 9 million dental patients

Febin MathewJune 1, 23internet, Privacy, ransomware, Security

A recently disclosed ransomware attack compromised some particularly sensitive medical data. Dental insurer Managed Care of North America (MCNA) said the intruder accessed patients and took copies of patient information between February 26 and March 7, including addresses, social security numbers, driver’s licenses and insurance information. MCNA says some of the information is for parents, guardians and guarantors (people who pay bills on behalf of others). A filing provided by the Maine Attorney General indicates that more than 8.9 million people have been affected. The company has not identified the…

Indian researchers have come across a new malware called DogeRAT (Remote Access Trojan)—which is targeting users through the distribution of fake Android apps masquerading as legitimate apps. Here's what we know.

News

A new malware called DogeRAT is spreading through fake Android apps

Sanjay PatilMay 31, 23Android, cyber security, DogeRAT, malware, Privacy, Security

A new malware called DogeRAT (Remote Access Trojan) targets users by distributing fake Android apps. The apps containing the malware are said to be sent to users via Telegram and other social media apps. Discovered by CloudSEK’s TRIAD team, DogeRAT is an open-source Android malware that can steal important information such as bank passwords and government credentials, leaving victims vulnerable. It targets users in a variety of industries, including banking, e-commerce, and entertainment. DogeRAT is a malware that disguises itself as popular apps, and once it infects a victim’s device…

Authorities said the virus is also capable of "bypassing anti-virus programs and deploying ransomware on the targeted devices"

News

“Daam” virus steals call logs and reads history from Android phones

Sanjay PatilMay 27, 23Daam, hacking, Privacy, Security, Virus

The National Cyber Security Agency said in its latest alert that an Android malware called “booster” infects mobile phones and compromises sensitive data such as call logs, contacts, history and camera. India’s Computer Emergency Response Team, or CERT-In, said the virus is also capable of “bypassing antivirus software and spreading ransomware on target devices.” The agency is the federal technology division that combats cyberattacks and protects cyberspace from phishing, hacking, and similar cyberattacks. The agency said botnets are distributed through third-party websites or apps downloaded from untrusted/unknown sources. Once installed…

Play Store continues to harbour malicious apps that Google is finding to trace and remove before it causes damage.

News

Screen Recorder App recorded thousands of users without consent

Febin MathewMay 26, 23Android, Privacy, Security

Android apps have a notorious track record of circumventing privacy, either by acting maliciously or by using your phone to steal data or track it. Now, a new kind of problem has emerged in Android apps, where one of the apps available through the Play Store started recording users without their permission to use the microphone. That’s not all, the app even sent the data via an encrypted link to the app developer’s server. According to a report by Ars Technica, an app called iRecorder Screen Recorder was the guilty…

The tech giant uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the US.

News

China-sponsored hackers targeting critical US infrastructure: Microsoft

Adriana MaraisMay 26, 23China, hacking, Microsoft, Privacy, Security

Microsoft has revealed that a state-sponsored Chinese hacker group called Volt Typhoon, which typically focuses on espionage and data collection, has targeted US critical infrastructure. The tech giant revealed a stealthy and targeted malicious activity focused on post-breach access and network discovery targeting critical infrastructure organizations in the United States. “The strike was carried out by Volt Typhoon, a state-sponsored actor in China. This campaign aims to develop capabilities that can disrupt critical communications infrastructure between the US and Asia during future crises,” the company said in a blog post…

News

73% of Indian companies victims of ransomware; Chennai, Bengaluru, Kolkata Top Picks for Hackers

Adarsh V.KMay 25, 23hacking, India, Ransomeware, Security

Ransomware cases are on the rise in the country, with 73 percent of Indian organizations reporting being victims of such attacks in 2022. A new study by a UK-based firm found that Chennai, Bengaluru and Kolkata faced the highest number of ransomware attacks, followed by Delhi and Mumbai. Cyber security company Sophos released the latest report after conducting a survey between January and March involving 14 countries, including India. The team received responses from 3,000 IT or cybersecurity leaders at mid-sized organizations, including 300 respondents from India. “Nearly three-quarters of…

Phone Link has been around for a long time, and it allows users to connect their Android phone to their PC via a Wi-Fi connection.

News

Cyberstalkers Using Windows 11 Phone Link Feature to Monitor iPhone

Jim HendlerMay 22, 23Cyber, iPhone, Privacy, Security, Windows, Windows 11

Microsoft’s recently released Phone Link feature for Windows 11 users, which allows iPhone owners to view notifications on their Windows PCs, could pose a significant security risk. According to app developer Certo Software, the inclusion of the new Windows 11 feature raises concerns about potential security vulnerabilities that cyberstalkers can exploit against iPhone users. Phone Link has been around for a long time, and it allows users to connect an Android phone to a computer over Wi-Fi. Last month, Microsoft released the Phone Link feature for iOS to all Windows…

While the Dark Web only comprises an estimated 5 per cent of the entire internet, it has an alarming 2.7 million daily users (as of April) and the volume of illegal activities being executed is alarming.

News

Daily visitors to the Dark Web are exploding with over 2.7 million users; Illegal activity on the rise

Nitin MisraMay 20, 23Dark Web, Illegal, Security

Although the Dark Web covers only an estimated 5 percent of the entire Internet, it has an alarming 2.7 million daily users (as of April) and an alarming amount of illegal activity, the report warns. While it’s supposed to give people access to a censorship-free Internet where governments or other parties can’t track them, data obtained by niche news publisher BanklessTimes.com revealed that 56.8 percent of Dark Web activity is actually illegal in some way. “Therefore, it is estimated that more than half of the 2.5 million daily visitors to…

Apple removed 1,474 apps from its App Store as per requests from various governments to take down such apps in 2022, including a massive 1,435 from mainland China and just 14 from India.

News

Apple removed 1,474 apps from App Store in 2022 after governments requested removal

Adriana MaraisMay 20, 23App Store, Apple, Apps, Government, Security

Apple removed 1,474 apps from its App Store following requests from various governments to remove those apps in 2022, including a whopping 1,435 from mainland China and just 14 from India. According to the company’s “2022 App Store Transparency Report,” the Pakistani government requested the removal of 10 apps, while Russia requested seven apps that violated various laws in the country. There were a total of 18,412 app removal complaints from various agencies around the world (again China led with 5,484), including 709 from India. Apple recalled 24 apps in…

Apple has joined the growing list of conglomerates that have asked their employees to stop using generative AI-based chatbots—including OpenAI's ChatGPT.

News

Apple bans employees from using ChatGPT over data leak

Adriana MaraisMay 19, 23Apple, ChatGPT, Privacy, Security

After Samsung, Apple has joined a growing number of groups asking their employees to stop using creative AI-powered chatbots — including OpenAI’s ChatGPT — to prevent the leak of confidential information about internal company matters. According to a report by The Wall Street Journal, Apple has stated that generative artificial intelligence cannot be used for work purposes. They’ve even banned other AI-based platforms like Github Copilot, which happens to be owned by Microsoft, which allows users to automate writing code. By default, ChatGPT records user conversations, which are later used…

Engaging with these callers can have serious consequences, such as identity theft, financial loss, or unauthorized access to your accounts.

News

How to block unknown calls on iPhone and Android smartphones: a step-by-step guide

Sanjay PatilMay 17, 23Android, iPhone, Security, smartphone

Scam calls from international numbers are on the rise. These fraudulent calls are coming from different countries. Many users have reported falling victim to this new scam, which is causing privacy and security issues. When it comes to scam calls from international numbers, callers/hackers often use different tricks to trick you into sharing personal information or participating in scams. The goal is to gain access to your personal information, financial information or other confidential information. Contacting these callers can have serious consequences, such as identity theft, financial loss, or unauthorized…

The government of India is set to roll out a nationwide CEIR tracking system, called the Sanchar Saathi portal, on May 17.

News

CEIR Mobile Tracker: How This Government Website Helps You Track A Stolen Mobile Phone

Jim HendlerMay 17, 23CEIR, Security, smartphone

The Indian government plans to launch a nationwide CEIR monitoring system, called the Sanchar Saathi portal, on May 17. Also known as CEIR tracking, this portal allows smartphone users to block and track their lost or stolen mobile phones across India. . According to the report, Telecom Minister Ashwini Vaishnaw will officially launch the portal, which will be available nationwide and will cover all telecom circles. Initially, the CEIR portal will be active in Delhi, Maharashtra, Karnataka and the North East region, but will be rolled out across India this…

Twitter then responded at that time by deactivating all verified accounts and disabling the tweet feature in an attempt to target the hackers.

News

Hacker who took over Biden, Elon Musk’s Twitter accounts plead guilty

Jim HendlerMay 13, 23May 14, 23Elon Musk, hacking, Joe Biden, Security, Twitter

A UK national accused of hacking Twitter accounts as part of a Bitcoin scheme has pleaded guilty to cyber surveillance and computer hacking that targeted several high-profile social media accounts, including the July 2020 Twitter hack. Joseph James O’Connor, aka PlugwalkJoe, 23, was extradited from Spain to the United States last month, where he was awaiting trial on charges of harassing, threatening and extorting victims. According to Gizmodo, O’Connor was first arrested in 2021 for trying to control 130 Twitter accounts, including US President Joe Biden, American socialite and model…

The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs

News

The US Department of Transportation suffered a major data breach, 237,000 employee records compromised

Adriana MaraisMay 13, 23May 14, 23Cyber, Government, Privacy, Security

The personal information of 237,000 current and former federal employees was exposed in a data breach at the U.S. Department of Transportation (USDOT), sources briefed on the matter said Friday. Violation systems for processing TRANServe’s transit benefits, which compensate state employees for part of their commuting expenses. It was not clear whether the personal data was used for criminal purposes. USDOT said in a statement to Reuters that the breach did not affect the transportation security systems. It did not say who might be responsible for the hack. The department…

With security keys, even if someone has your Apple ID and password, they still cannot access your account without your physical security key.

News

Protecting your Apple ID with security keys: A step-by-step guide

Adriana MaraisMay 12, 23Apple, Apple ID, Privacy, Security

US tech giant Apple recently released a new security feature to help users protect their Apple ID account. The company introduced Security Keys, a physical device that can authenticate your Apple ID instead of a password. This new feature is considered the most secure way to protect your Apple ID. With the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple introduced support for security keys or physical devices that can verify your Apple ID instead of a password. To enable this feature, users need to configure it…

WhatsApp offers a host of features which needs access to your phone's mic, camera and storage. But that has raised concerns.

News

WhatsApp didn’t spy: Google confirms Android bug caused privacy breach

Jim HendlerMay 12, 23Google, Privacy, Security, WhatsApp

Earlier this week, WhatsApp was accused of using the phone’s microphone without the user’s permission. Many people criticized the messaging app, Elon Musk said that WhatsApp is not safe and some of you even wanted to take action against WhatsApp for this privacy breach. Meta, the company that owns WhatsApp, claimed in its defense that a bug in Android caused this problem, implying that the messaging app was not to blame for this behavior. Turns out they were right after all. Google has confirmed that there is a bug in…

Social media consultant Matt Navarra first spotted some of the ads, and posted them on Twitter.

News

Fake verified Facebook pages entice users to click on malicious links

Jim HendlerMay 8, 23Face Accounts, Facebook, Security, Spam

Hacked verified accounts on Facebook are now posing as meta, buying ads on the social network and tricking users into clicking on suspicious download links. A handful of verified Facebook pages were recently hacked and found to contain likely malware through ads accepted and purchased through the platform. But the accounts should be easy to catch — in some cases, they posed as Facebook itself. Social media consultant Matt Navarra first spotted some of the ads and posted them on Twitter. “How did this ad get accepted @Meta? Verified account…

Western Digital Corp said on Friday it had restored My Cloud services and expects customer access to its online store to be normalized in the week of May 15, more than a month after the data storage chip maker disclosed a security breach.

News

Western Digital Brings Services Back Online Soon After Breach: All the Details

Febin MathewMay 7, 23hacking, Privacy, Security, Western Digital

Western Digital Corp said Friday it has restored My Cloud services and expects customer access to its online store to return to normal in the week of May 15, more than a month after the storage chip maker disclosed a security breach. Western Digital said it was moving forward with the restoration process and most systems and services were operational. An “unauthorized party” obtained customers’ names, phone numbers and partial credit card numbers from their systems, Western Digital said in a statement. The company said it is communicating directly with…