Hacks

Cybercriminals continue to use the Coronavirus outbreak to launch various attacks such as malware, phishing, fraud, and disinformation campaigns. In the current situation, most of the organization has been closed and the employees are provided with options to work from home. So the RDP and the video communication platforms usage will be high. Attacks Targeting Zoom Recently  multiple vulnerabilities  detected with Zoom client that allows attackers to steal the Windows password and to escalate privileges with macOS. Researchers from IntSights  discovered  a shared database containing more than 2300 usernames and passwords to Zoom accounts. The database includes details of Zoom accounts such as email and password, others included meeting IDs, names and host keys. Along with Zoom credentials the database also includes data of “personal accounts, many corporate accounts were belonging to banks, consultancy companies, educational facilities, healthcare p...

Anti-virus software firm Avast reportedly spying hundreds of millions of Users browsing activities including, every click, every purchase you made online, and selling the collected data into various clients that include Home Depot, Google, Microsoft, Pepsi, and McKinsey and many other companies. Avast is one of the leading security firms with more than 435 million active users per month, and well known for offering Free Anti-Virus software. The report claims that Avast has collected data from hundreds of millions of users, and then gives that to Jumpshot, a subsidiary of Avast that’s been offering access to user traffic from 100 million devices, including PCs and phones. Once the collected data will be handover to the Jumpshot, it repackages the collected data into different products and sells it into various largest companies in the world. Credits :  Motherboard In return, these companies are paid millions of dollars for Jumpsuit products such as “All Clicks Feed,” wh...

     2019 is now almost over. Let's have a go through to the biggest data breaches of 2019.  SBI QUICK: India’s largest bank, the State Bank of India (SBI), left one of its servers unprotected which exposed the data of its 422 million customers. The server, situated in Mumbai, contained partial bank account numbers, bank balances and phones of individuals using the bank’s SBI Quick service. Techcrunch’s investigation revealed that the back-end text message system was left unprotected allowing anyone to track text messages coming in and going out in real-time. On a single day, SBI Quick sends out nearly three million text messages — and database archives had messages dating back to December 2018. The bank has denied all reports of a data breach and has since secured the server. Indian HealthCare Website FireEye spotted that a hacker by the name of ‘fallensky519’ stole the data of 6.8 million users from an Indian healthcare website in February. ...

What Is Airtel? Bharti Airtel Limited, also known as Airtel, is an Indian global telecommunications services company based in Delhi, India. It operates in 18 countries across South Asia and Africa, and also in the Channel Islands. Airtel provides GSM, 3G, 4G LTE, 4G+ mobile services, fixed line broadband and voice services depending upon the country of operation. It is the  third largest mobile network operator in India  with over  325.5  million subscribers . [ Ref :  TRAI – Telecom Subscription Data as on 30th September, 2019 – PAGE 14  ] And the second largest mobile network operator in the world with over 411.42 million subscribers. [ Ref :  Wikipedia  ] What Is The Flaw? The flaw existed in one of their API that allows you to fetch sensitive user information of any Airtel subscriber. It Revealed information like First & Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability informat...

MixCloud investigating a data breach that impacts more than 20 million registered users for the service. MixCloud is a popular music streaming service. The platform allows the listening and distribution of radio shows, DJ mixes, and podcasts which are uploaded by its users. The company said it has more than 17 million users. MixCloud  was found in the year 2008 and the company located in the United Kingdom and it falls under European data protection rules  GDPR  rules. MixCloud Data Breach A dark web seller knows bt the handle “A_W_S,” listed the data of MixCloud for sale on dark web forums from $4,000, to $5000 or about 0.5 bitcoin. According to Motherboard  analysis  of the data shared by the seller, the data breach found to happen in November and the data found to be authentic. Motherboard verified the data bu using an email sign-up feature, and they found those email addresses are already linked with the account. The following are the data...

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a  blog post  published a week before, Twitter revealed that an SDK developed by  OneAudience  contains a privacy-violating component which may have passed some of its users' personal data to the OneAudience servers. Following Twitter's disclosure, Facebook today released a statement revealing that an SDK from another company,  Mobiburn , is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms. Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users' behavioral data and then use it with advertisers for targeted marketing. In general, third-party software dev...