expert-profile | Information Security Buzz

Privacy Advocatefeature_status*/ ?>

Comments Dotted : 93

January 21, 2021

A Chinese Hacking Group Is Stealing Airline Passenger Details

The fact that Chimera's activity went undiscovered for up to three months shows just how dangerous state-sponsored hackers can be.

State-sponsored hackers tend to use more sophisticated attacks to target high-value persons of interest, whereas a typical private hacking group would just go for low hanging fruit. Chimera's ability to steal PNR records from the RAM of flight booking servers is much more advanced than your standard data breach, and wouldn't have much direct financial value to the hackers. The fact that Chimera's activity went undiscovered for up to three months shows just how dangerous state-sponsored hackers

Read Less

January 12, 2021

Experts Insight On UN’s Environmental Program Breach-100K+ Employee Records Leaked

Developers need to scan their code for credentials before committing it to Github.

Exposing credentials in public Github repositories is a common developer oversight, and cybercriminals routinely scan Github for exposed credentials to steal. Last year, our research team set up a honeypot Github repos containing access credentials to some dummy AWS servers. It took hackers just one minute to find the credentials and break into our honeypot servers. So it's very likely that cybercriminals accessed the UNEP data before researchers. Developers need to scan their code for credentials before committing it to Github. For additional security, they can avoid creating an access key for the root user, use temporary security credentials instead of long-term access keys, properly configure IAM users, rotate keys periodically, and remove unused keys.

UN staff should be on the lookout for targteted phishing and scam messages from fraudsters posing as UNEP employees or administrators. Always verify the sender of an email or other message before responding. Never click on links or attachments in unsolicited emails and messages.

Read Less

January 08, 2021

Experts Reacted On Hackney Council Leaked Documents

Victims should be on the lookout for phishing emails and other messages impersonating Hackney Council or some other authority.

Although it's not clear exactly what information was contained in the stolen data, much of it appears to be scans or copies of identification, such as passports. Those documents contain sensitive information that cybercriminals could use to target people whose data was stolen. Victims should be on the lookout for phishing emails and other messages impersonating Hackney Council or some other authority. Never click on links or attachments in an unsolicited email, and always verify the sender's

Passports scans and other photo ID can also be used as part of an identity fraud scheme. Such scans can be used to open financial accounts for money mules and bank drop scams, for example. Additionally, multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites. These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access.

Read Less

December 21, 2020

Experts Insight On People’s Energy Data Breach

Every data breach is cause for concern, but we should be particularly worried about attacks on critical infrastructure.

Every data breach is cause for concern, but we should be particularly worried about attacks on critical infrastructure. In the coming days, I hope the attacker can be identified so we know whether this was a nation-state threat actor or just an independent hacker looking for low-hanging fruit. Thankfully, People's Energy's actual service infrastructure was unaffected, and the vast majority of victims had none of their financial information stolen.

People's Energy customers should be on the

People's Energy customers should be on the lookout for targeted phishing messages from fraudsters posing as People's Energy or a related company. They will use the personal information stored in the database to customize messages and make them more convincing. Never click on links or attachments in unsolicited emails, and always verify the sender's identity before responding.

Read Less

December 14, 2020

Experts Reaction On 4 Major Browsers Are Getting Hit In Widespread Malware Attacks

Microsoft mentions that infections occur through "drive by downloads", which is not very specific.

Microsoft didn't specify what interactions are required for Adrozek infections to occur, so it's difficult to give practical advice on how to prevent it. Microsoft mentions that infections occur through "drive by downloads", which is not very specific. That being said, a lot of drive-by downloads occur through malicious scripts, so a script blocker extension like NoScript could help protect your browser. Don't click on links or attachments in unsolicited emails, messages, or advertisements. Although Adrozek is mainly used for adware, its sophisticated capabilities mean it could be modified for much more serious attacks. If you think you're infected, uninstall and reinstall your web browser and run an antivirus scan. Uninstall the malicious programs or perform a system restore. If you're using Firefox, you should also change all the passwords stored in your browser. Read Less

December 09, 2020

Expert Comments On Encrypted Messaging Puts Children At Risk, Commissioner Warns

Banning end-to-end encryption to stop child pornography is like banning safes because they can be used to hide drugs.

Child pornography is frequently used as an argument to shut down and shame supporters of end-to-end encryption. Yes, end-to-end encryption can prevent law enforcement from scanning or accessing child abuse images sent and received between users. But banning end-to-end encryption or creating backdoors will have much broader negative consequences for cybersecurity and individual privacy. And it won't do much to stop the distribution of child porn. Banning end-to-end encryption to stop child pornography is like banning safes because they can be used to hide drugs. Breaking end-to-end encryption gives governments the power to access anyone's private communication by forcing tech companies to allow law enforcement access. In the hands of a corrupt regime, such access could be extremely dangerous. Breaking E2EE also creates more opportunities for malicious hackers to steal our messages. Furthermore, banning end-to-end encryption is not really feasible. End-to-end encryption is not some sophisticated feat of genius only available to billion-dollar tech companies. The tools needed to set up end-to-end encryption are free and open-source, so a government regulation will not magically make all end-to-end encrypted apps and services disappear. E2EE will still be easily available to those who want it, while everyone else just ends up with less privacy and worse security. Read Less

December 03, 2020

Experts Reaction On Dua Lipa And Other Spotify Artists’ Pages Hacked By Taylor Swift ‘Fan’

Defacement is a popular sort of sport among a niche community of hackers.

The big question about the attack on Spotify is whether it occurred through the artists' portal where they can claim and manage their own pages, or through some other internal Spotify system. Both would be concerning but the latter much more so, as it would require compromising Spotify's security and not just the login information of a few artists. Defacement is a popular sort of sport among a niche community of hackers, though it usually occurs on websites rather than apps.

November 25, 2020

Experts Insight On User Data Of Event Management App Peatix Hacked

Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company.

Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same password. Every account should use a unique password to prevent hackers from attempting credential stuffing attacks. Credential stuffing is an automated process that attempts logins on dozens of online accounts using known email and password combinations. Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company. The personal details from the database can be used to personalize phishing messages and make them more convincing. Do not click on links or attachments in unsolicited emails and always verify the sender's identity before responding. Read Less

November 18, 2020

Privacy Experts On API Bug On Dating Site Bumble Exposed Personal Information Of 100M Users

Dating app users tend to publicly share far more information about themselves than they would on a typical social media app.

The vulnerabilities that Sarda found in Bumble could open users up to harassment, stalking, fraud, and other dangers. An attacker could triangulate a user's location and filter searches of the entire Bumble database by distance, interests, the type of people they are interested in, education, online status, height, and pretty much any other personal detail that a user enters into the app. Dating app users tend to publicly share far more information about themselves than they would on a typical social media app, so trust is key. Dating apps that want to retain users need to ensure their data is safe and private. Bumble was thankfully on HackerOne, so the vulnerabilities were probably discovered by Sarda before any malicious parties, but the company took far too long to respond and remediate the issues. Read Less

November 02, 2020

Experts Reacted On Wisconsin Republican Party Says Hackers Stole $2.3 Million

The use of a fake invoice means that all it took was a convincing impersonation and an email attachment.

Scams and phishing attacks on political parties in the US are very common, but are usually easily spotted and discarded. This attack demonstrates that although only a small fraction of scams actually work, they can be quite lucrative when they do. Scams and phishing attacks---fake invoices in particular---are an easy attack to pull off, cheap to operate, and difficult to trace. The use of a fake invoice means that all it took was a convincing impersonation and an email attachment.