Author Archives: Nandita Jha (noreply@blogger.com)

E Hacking News – Latest Hacker News and IT Security News: Parenting website Mumsnet hit by data breach after glitch in software





A London-based parenting advice website Mumsnet has been hit by a data breach that allowed thousands of its users to see other's account personal information.

The company posted a notice on its website, it said the problem was first detected at  2pm on   5 February and the second time at 9am on 7 February. They have reported the matter to the UK's data protection authority, the Information Commissioner’s Office.

“During this time, any two users logging into their accounts at precisely the same time may have had their account info switched”, it said.

According to the company's website, around 46 users data were breached, but there was no record of password breach.

"You've every right to expect your Mumsnet account to be secure and private," wrote Ms. Justine Roberts, Mumsnet founder. "We are working urgently to discover exactly how this breach happened and to learn and improve our processes."

The data breach includes email addresses, account details, posting history, and personal message.

The breach was a result of a technical fault in the software. The company has now reversed the software update and has forced every user to again sign into their accounts in order to stop users lurking in someone's else account.

"We are working urgently to discover exactly how this breach happened and to learn and improve our processes," Ms. Roberts said.



E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Amazon, Microsoft calls for Regulation on Face Recognition




Amazon is batting in favor of regulating and legislating the use of facial recognition technology and has written a  long, detailed blog post detailing its stand on the issue.

In the blog post written by the Vice-President of Global Public Policy at Amazon Web Services (AWS),  Michael Punke, the company revealed its "proposed guidelines" for the use of the technology by the companies, so that it cannot be used to discriminate. 

Punke wrote that the company “supports the creation of a national legislative framework covering facial recognition through video and photographic monitoring on public or commercial premises.”

Amazon has faced criticism after tests by civil rights groups and ACLU found out that Amazon's face Rekognition functions are less accurate for black people. In January, two researchers reported an Amazon Web  Services that determine the gender of the people in photos is also less accurate in the case of black women. 

However, Amazon refuted the claims of the studies saying that the Rekognition was “not used properly"  by the researchers.
Amazon wants legislation “that protects individual civil rights and ensures that governments are transparent in their use of facial recognition technology,” Punke wrote. 
The blog post is seen as the move to counter the facial recognition backlash.


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Bye Google Plus! Download all your data before April 2





Google has confirmed that they will finally shut down its social networking site, Google Plus on  April 2, 2019, after discovering a security flaw which compromised the personal data of more than  52.5 million users.

The company has stated  "other challenges" likes low usage and high maintenance cost that forced the tech giant to take such a huge step.


 It will allow all users to download their data from the networking site like videos and photos before they start deleting content from the user's accounts. The users will not be able to create new Google+ profile or other new pages on the website from February 4.

“The process of deleting content from consumer Google+ accounts, Google+ Pages, and Album Archive will take a few months, and content may remain through this time. For example, users may still see parts of their Google+ account via activity log and some consumer Google+ content may remain visible to G Suite users until consumer Google+ is deleted,” Google+ said in its support page.

The company has advised all its users to download and save all their photos and videos before April 2. However, the photos and videos in Google Photos won't be deleted.

The data for Google+ community owners and moderators would be available to download from an early week of March.

Here are the steps how you can download all your data safely:
1) Log in to your Google Plus Account, Click on to the option ‘Download Your Data’ page.
2) Click Select specific data, and untick the data that you don't want to download.
3) And then click OK.
5)Select the type of file, and delivery method of the archieved data.
6) Click on create archieve 


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Karma, a iPhone spy tool by UAE government

  

A team of former U.S  government intelligence agency has recently developed a spy tool known as “Karma” that allowed the United Arab Emirates government to remotely hack the iPhones of activists, diplomats and Foreign leaders that can retrieve photos, emails, text messages and location data from the iPhones of the user.

The tool cool is activated by simply loading the phone number or the email of the intended target, the target need not click on any link. Most of the spy tools work by fooling users to click on malicious link hence gathering their device’s sensitive information.

According to the Reuters report, through the spy tool, UAE government was able to access emails, text messages, photos, location, passwords of the users which can be used further for other attacks. They said “A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma […]
The […] operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone”

There was no specific information available on how this tool worked but it was iPhone-specific and the UAE government paid to develop Karma to the agency.

According to the Reuters report, Karma was more effective in 2016 and 2017. “It isn’t clear whether the Karma hack remains in use. The former operatives said that by the end of 2017, security updates to Apple Inc’s iPhone software had made Karma far less effective”, it further added “Tools like Karma, which can exploit hundreds of iPhones simultaneously, capturing their location data, photos, and messages, are particularly sought-after, veterans of cyberwarfare say. Only about 10 nations, such as Russia, China, and the United States and its closest allies, are thought to be capable of developing such weapons, said Michael Daniel, a former White House cybersecurity czar under President Obama.”

Both UAE government and Apple refused to comment.










E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Google services down for some users in Europe and India





A number of Google services, including massively popular email service Gmail were down for
some of the users. Google confirmed about the affected services on their website.

Various Google services have been down since 5:20 PM IST. The affected sites include Gmail, Google Calendar, Google Drive, Google Docs, Sheets, Slides, Google Groups, Hangouts, Hangouts Chat, Hangouts Meet, Google Vault, Google+, and Google Forms. The affected users were receiving the 404 pages not found the error code. For most of the users, the services were restored by 5:47 PM.

Services were restored at 6:09 PM IST, Google says “ The problem with Gmail should be resolved. We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google and we are making continuous improvements to make our systems better.”

The exact geographical details for the disruption is not available but it was noted that the affected areas were Europe and India. The first report of the disrupted Google services first came at around 5:00 PM and it was confirmed on the G Suite Service Dashboard by Google itself.

Google wrote for Gmail in the dashboard, “We are aware of a problem with Gmail affecting a significant subset of users. The affected users are unable to access Gmail.

We will provide an update by 1/29/19, 6:20 PM detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change. Users are getting 404s when signing-in,” The company has not given exact time frame by when all the services will be restored.


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Over 95000 data violation cases in EU


The European Commission on Friday said that eight months after the adoption of a landmark EU privacy law, More than 95000 complaints have been received by Europe's data protection regulators regarding data breaches.

Privacy enforcers have received new powers from the General Data Protection Regulation(GDPR) that enables them to impose fines of up to 4% of company's global revenue or EUR 20 million($23 million), whichever is higher.

Google, an Alphabet owned unit was fined 50 million EUR by French data protection regulator for failing to obtain the user's consent for personalized ads, which falls under the largest sanction under GDPR new regulations.


Private regulators have opened 225 investigation cases till date and the majority of the complaints focused on telemarketing, promotional emails and video surveillance by closed-circuit televisions and more penalties could come in the way as European Union is becoming more aware of their privacy rights.

In a joint statement made by  EU digital chief Andrus Ansip, European Commission Vice President Frans Timmermans, EU justice chief Vera Jourova and EU digital economy commissioner Mariya Gabriel,  said "What is at stake is not only the protection of our privacy, but also the protection of our democracies and ensuring the sustainability of our data-driven economies,"





E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: FBI investigation records, and other confidential files exposed in Oklahoma Government data leak



Security researchers have disclosed an open server at the Oklahoma Securities Commission that has a huge trove of data containing confidential government files and documents related to FBI investigation. 

The Oklahoma Department of Securities (ODS) has acknowledged the breach after a  Silicon Valley-based security firm, UpGuard's, security researchers  Chris Vickery and Greg Pollock reported how they discovered a wide-open server belonging to the agency. 

"The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services (OMES), allowing any user from any IP address to download all the files stored on the server," says Pollock.

The researchers found a three TB of data, and files include spreadsheets,  Life insurance information, names of AIDS patient, interviews with witnesses, social security number,  bank records, and emails and letters from agents, witnesses, and subjects. 

The companies which were badly affected by this breach are AT&T, Goldman Sachs, and Lehman Brothers.

“It represents a compromise of the entire integrity of the Oklahoma Department of securities’ network,” UpGuard’s head of research Chris Vickery told Forbes. “It affects an entire state level agency… It’s massively noteworthy.”

Meanwhile, ODS has said that the open server was immediately secured after the exposure was discovered. 

"A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them," the department added. "The ODS is also exploring remedial actions and notifications for anyone whose information may have been exposed.


E Hacking News - Latest Hacker News and IT Security News