China TikTok violated Children’s privacy policy in United States

Cybersecurity Insiders

It is already a known fact that the US Government is planning to impose a ban on the Video Sharing and Social Networking app TikTok because of National Security concerns. But fresh reports have emerged in media that a probe carried out by the Federal Trade Commission and the US Justice Department have found that the business subsidiary of Chinese Company ByteDance has failed to adhere to the 2019 planned rules by United States aimed to protect Children’s privacy and so is likely to face harsh punishment from the data watchdog.

Henceforth, the company popular among teens for its short videos, has witnessed a latest bump in its American business as a tough scrutiny has been ordered by the National Security focused Committee on TikTok’s Investment in the United States.

Going deep into the allegations, in the next few days FTC will probe into the facts on whether TikTok has failed to delete videos and sensitive information related to children below 13 and younger living in United States- as it was required as per the agreement made in 2019 with FTC.

TikTok has denied all these allegations and stated that it has and will adhere to the rules meant to safeguard the privacy of its users and will take extra safety and privacy precautions for audiences of younger age.

Full article

Bluetooth security risks explained

Cybersecurity Insiders

What would we do without Bluetooth these days? Our earbuds and headphones would have to use annoying wires. We would have one less way to transfer files between your laptop and your phone. And how would you connect your phone to your car?

But as a wireless data transfer standard, of course Bluetooth has some associated cybersecurity risks. You don’t want unauthorized parties to access the data you’re transferring via Bluetooth, nor do you want them to have access to your Bluetooth-enabled devices. It helps to know what the security risks with Bluetooth are so you can enjoy all of the convenience of the widespread wireless technology while mitigating its risks.

Full article

Google faces $5 Billion lawsuits for foxing users through Incognito mode

Cybersecurity Insiders

A class-action lawsuit was filed in San Jose, California against internet juggernaut Google for foxing users through Incognito mode. The lawsuit defines clearly that the web search giant was fooling its users by keeping a track of their online activities even in the private mode of the browser which is against the rules.

In general, the Private mode of browsing or Incognito mode of browsing is being offered by the Alphabet Inc’s subsidiary for those who want to keep their browsing activities anonymous.

But as per the complaint launched by an individual against the company, it is keeping a data track of its user’s online browsing even in Incognito mode and has so far managed to gather sensitive information such as what a user likes to eat, where he/she likes to shop and what they are likely to purchase, their movies watch, their favorite vacation destinations, the color of choice, and the most intimate and embarrassing things a user browses in the private mode of the chrome browser.

Full article

Israel Cyber Attack on Iran Port and Texas Transport Ransomware Attack

Cybersecurity Insiders

On May 9th of this year, computer systems at Iran’s Port of Shahid Rajaee were cyber-attacked disrupting the operations of the port for hours blocking down vessels and creating a traffic jam on the way to the port as thousands of goods delivery trucks were stranded in confusion.

At that time, the Foreign Ministry of Iran said that the digital invasion was caused by a hacking group funded by a foreign nation, but did not name the country in specific.

Now, after 10 days, a statement released by Mohammad Rastad, Managing Director of the Ports and Maritime Organizations says that Israel could have launched the attack in retaliation to Iran’s cyberattack launched on the water distribution and utilities of Israel on April 24th, 2020.

Meanwhile, the Texas Department of Transportation (TxDOT) has stated that a ransomware cyberattack has disrupted its systems on a partial note at the end of last week. And it took place just after a week since the Texas State Judiciary system suffered a file-encrypting malware attack.

Full article

NHS rejects Google and Apple Coronavirus tracking app due to data security fears

Cybersecurity Insiders

Last week, Apple and Google came forward to offer a Corona Virus tracking app to NHS which will be in lines with India’s Aarogya Setu Mobile app.

However, UK’s government-funded healthcare service provider had rejected the plea due to data security concerns as the tech giants said that the App developed by them on a collective note will be running on a central database which will be in full control of them- creating a blueprint for unethical mass surveillance after the Wuhan Virus spread ends in UK & Europe.

Therefore, the NHS decided to build its app which runs on a centralized information collecting system and will be ready to be used by Britain’s population in two or three weeks.

NHSX, a digital arm of NHS will be building the app which will not only help the users in tracking COVID 19 patients but will also share insights on the spread of the pandemic, the mitigation measures are taken by the government to stop the spread, several people who are being infected, recovered and dead and also some precautionary measures to be taken by the users to help flatten the curve of the Coronavirus Infection spread.

Full article

Ransomware attack on US Pharma Company ExecuPharm

Cybersecurity Insiders

ExecuPharm, a US-based pharmaceutical company is reported to have become a victim of a Ransomware attack on March 13th of 2020. And as per a letter sent by the company to the Attorney General, Vermont details such as social security numbers, financial info, driving license details, passport numbers, and other sensitive data might have been accessed and stolen by hackers.

News is out that the hackers belonging to the CLOP ransomware group have posted a vast cache of data including email records, financial data, and accounting records along with user docs and data backups on the dark web.

Full article

Apple iPhones are vulnerable to Email hacks

Cybersecurity Insiders

Apple iPhones are vulnerable to email hackers says a Cybersecurity startup from San Francisco named ZecOps. The firm confirmed that a few Apple iPhone customers were targeted by cyber-attacks via emails in summer last year where hackers were found triggering hacks leveraging unknown vulnerabilities.

A source from Apple Inc confirmed the susceptibility and assured that a security patch will be issued to the email vulnerability in the upcoming release of Apple’s iOS 13.

Releasing a statement to Motherboard, Zuk Avraham, the founder of ZecOps confirmed that the flaw can be exploited using the iPhone’s Default Mail app and said that hackers might use it against VIPs, executives across multiple industries and owners running Fortune 500 companies as all these tech geeks are fond of Apple devices.

What’s interesting in this whole attack saga is that the hackers tried to cover their attack tracks by deleting the emails which triggered the hack via Zero- Click definition.

Full article

Ransomware Attack on Canada Accounting Firm MNP

Cybersecurity Insiders

MNP LLP, a leading accounting firm in Canada has admitted that it became a victim of a Ransomware cyber-attack which it identified on April 5th, 2020, forcing the officials to shut down the systems to contain the malware spread.

All MNP employees have been asked via mobile text messages to bring their own computing devices and get them secured by the IT staff before reconnecting to the servers.

A third-party security firm has been hired to investigate the incident and around 80 offices related to MNP will remain closed until the data access is restored to normalcy.

Bleeping Computer which first reported the incident says that the Canadian accounting firm follows a typical work hour schedule of 37.5 hours a week. And any employee working more than the prescribed hours will be rewarded with the ability to take time off depending on the extra hours he/she worked in the previous week.

Full article

Data Breach at San Francisco International Airport

Cybersecurity Insiders

A hacking group that infiltrated into the network of San Francisco’s International Airport in March 2020 is reported to have access login credentials used by employees on two of its websites – SFOConnect.com and SFOConstruction.com. And the interesting part in this hacking story is that the threat actors were not interested in seeking the data from the website, but were rather interested in knowing the login credentials of those accessing the websites from their respective windows devices and IE browsers.

Authorities from the 7th busiest airport’s in North America are urging users to change their email and windows device passwords accordingly and said that an email alert in this regard will be posted to the victims by this weekend.

Cybersecurity Insiders has learned that the breach took place when hackers maliciously injected code into the said 2 websites to steal the user credentials. Both the websites were pulled down as soon as the incident was identified. But SFOConnect has been restored last week and SFOConstruction will be restored by the end of this week.

Full article

Zoom App hires Facebook Security Chief after ban from Google and Amazon

Cybersecurity Insiders

After Google, Amazon, and Microsoft announced to the workforce to not use the video conferencing app for any business purposes, Zoom has appointed Ex-Facebook Security Chief Office Alex Stamos as an adviser to improve security and privacy quotient on the rapidly growing communication amid stiff backlash.

Alex will be taking control of his office from early this week and will be helping Zoom in rebuilding a security program that can be trusted by its users across the world.

During the Coronavirus pandemic and lockdown, millions of users took the help of the Zoom app to quench their work from home communication needs. For instance, many schools and educational institutes in North America starting using the app as a platform to host online classes.

However, things turned negative when Patrick Wardle, a former NSA hacker discovered several vulnerabilities in the remote working app which made hackers take control of the webcam and the microphone of users.

This triggered panic among users who then started to look for alternatives such as Microsoft Teams and Cisco’s WebEx due to privacy concerns.

Full article