The pandemic has increased cybersecurity concerns globally, with data breaches getting reported every other day. Now is the time, more than ever before, that a person needs to stay abreast of phishing prevention measures and keep oneself safe from the malicious attacks of adversaries. Here are the latest cybersecurity updates from this past week.
Details Of 40K U.S. Citizens Put Up For Sale On Dark Web
Personal details of around 40,000 U.S. Citizens are up for sale on the dark web and found security researchers at Cyble. These details included the names, addresses, Social Security Numbers, and Dates of Birth of the victims.
Adopting phishing prevention best practices, Cyble procured the database from the concerned threat actor and indexed it on AmiBreached.com – their data breach monitoring and notification platform.
To protect yourself from phishing attacks, you should refrain from sharing your details on email or SMS, use strong passwords and timely update your system software.
Jackpotting Hits Argenta Bank, Belgium
The first of Belgium’s jackpotting attacks happened recently, with the Antwerp-based savings bank Argenta as its victim. The attack compelled the bank to shut down 143 of its cash machines with no certainty about installing new devices.
Belgium’s federal police are investigating the attack and using necessary phishing protection services. However, the bank hasn’t disclosed the amount of money stolen or whether the jackpotting attempt was successful.
Data Breach At Liveauctioneers, Data Being Sold Online
The auction site LiveAuctioneers recently notified of a data breach on one of its data processing partners, which took place on 19th June 2020. Now, the adversaries are selling the breached data of over 3.4 million users on the dark web.
The compromised database includes the names, usernames, phone numbers, email addresses, MD5 hashed passwords, addresses, I.P. addresses, and social media profiles of users and is selling for $2,500.
Users are advised to subscribe to anti-phishing services and change their passwords immediately to avoid attacks. Further, users must use strong and unique passwords for all their accounts online so that a breach of one account doesn’t compromise their other online profiles.
Google Meet Adds Zoom Bombing Protection
Since Zoom Bombing cases are rising, Google announced in one of its recent G Suite changelog entries that it will block anonymous users from joining Google Meet conferences organized by educational institutions. The announcement said the new update would come as a default feature for all organizations with a G Suite for Education license.
Google’s new anti-phishing protection feature shall prevent users without a Google account from joining a Google Meet conference of any educational institutions.
Welcome Chat Exposes User Data
Messaging app Welcome Chat which is available on Play Store for Android users, was found to be storing user data in an unprotected online forum. The app developers claim that the chat application provides a safe communication platform while that was not the case for its users whose details were compromised.
The app targeted users mainly from Arabic speaking nations and was interestingly never included in the official Android store. It seeks users’ permission to send and view SMS messages, access files, record audio, and access contacts and device locations. Welcome Chat then performs the malicious task of stealing the message, call log, gallery, and phone call details of its users.
Wells Fargo Bans Tiktok Among Employees
To ensure protection against phishing and other security breaches, Wells Fargo has instructed all its employees to uninstall TikTok from company devices. This move comes despite any concrete proof that TikTok shares its users’ data with the Chinese government.
Amazon, too, has recently circulated a similar notification but later confirmed that it went by mistake. Although TikTok has appealed to Wells Fargo to let its employees continue using the app, the chances of a global boycott of the Chinese app are more likely to happen.
Blogspot No Longer A Google Domain
In the latest lapse of registration, Google lost its Blogspot domain to Indian hosting provider domainming.com, the latter then put it up for sale on the Sedo domain marketplace for $5,999.
As a result, 4.4 million URLs stand at a risk of manipulation at the hand of attackers to launch malware and other cyberattacks on their visitors. These threats can come to life at a mere purchase of the Blogspot domain by cyber adversaries.
People using the Blogspot domain are advised to refrain from updating posts or sharing their blog links with acquaintances. They must also change their passwords and adopt other anti-phishing solutions for enhanced security.
Cyber Attacker’ Sheriff’ Sells Etoro Accounts
The Russian Hacker going by the paradoxical name of ‘Sheriff’ follows the recent trend among cyber attackers and put up the details belonging to 62,000 eToro Account holders for sale on the social trading platform. These details come from past attacks.
The eToro accounts belong to active users and include their login credentials, contact numbers, postal addresses, and balances. All of this information is being auctioned, with the starting price being $1,500.
Off late, Sheriff has been in the limelight because of his attacks that employ brute-forcing, credential-stealing malware, and Citrix remote desktop protocol (RDP) exploits. Affected users must be prepared for worst-case scenarios and ensure protection from phishing.
Wattpad User Details Compromised
A hacker(s) is allegedly giving out the Wattpad account credentials of millions of users. A database with records of 270 million Wattpad users, which was already sold for $100,000, is now being offered for free on hacker forums. The database includes the names, hashed passwords, email addresses, and location of users.
Insider information indicates that the hacker group Shiny Hunters is behind this new database leak; however, they have denied all allegations. Wattpad is taking all phishing attack prevention measures to investigate the potential breach. It has confirmed that no financial information, phone numbers, stories, or private messages were compromised in the breach.
South Korea Fines Tiktok For Data Breach
In yet another blow to the Chinese video-sharing platform TikTok, a South Korea regulator has fined it for sharing child data to third parties without the consent of their guardians. The fine amount is approximately $155,000, which makes up around 3% of the TikTok’s annual sale in South Korea.
TikTok has collected at least 6,007 child records from 31st May 2017 to 6th December 2019, without intimating users.