Author Archives: Nandita Jha (noreply@blogger.com)

E Hacking News – Latest Hacker News and IT Security News: Google and Apple removes TikTok from App Stores in India




Google and Apple has removed the Chinese video app Tiktok from their App Stores, a day after Indian Government urged the companies to do so. 

India’s Ministry of Electronics and Information Technology (MeitY) requested the companies to block the app after the  state court ordered to ban access of the app as questions regarding its usage were raised. It was noted that people were using it for pornographic purposes and exploiting children.

According to  analytics firm Sensor Tower, TikTok had the highest number of users in India, and 75% of them were women. It has been downloaded more than 230 million times. 

However, a TikTok representative said that he “faith in the Indian judicial system.” The company hopes that they would be able to lift the ban and would come stronger than before, “We are optimistic about an outcome that would be well received by over 120 million monthly active users in India.”

The app has already banned in Bangladesh and had faced largest ever fine in the United States for illegaly collecting informations on children. 

TikTok users in India who had previously downloaded the app on their phones were still able to use the service on Wednesday.

TikTok's official statement: ’’At TikTok, we have faith in the Indian Judicial system and the stipulations afforded to social media platforms by the Information Technology (Intermediaries Guidelines) Rules, 2011. We are committed to continuously enhancing our existing measures and introducing additional technical and moderation processes as part of our ongoing commitment to our users in India.’’

‘’In line with this, we have been stepping up efforts to take down objectionable content. To date, we have removed over 6 million videos that violated our Terms of Use and Community Guidelines, following an exhaustive review of content generated by our users in India."






E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Indian Government asks Apple and Google to remove TikTok from App Stores







The government of India has asked Google and Apple to remove the Chinese short-video sharing application TikTok from their app stores.

India’s Ministry of Electronics and Information Technology (MeitY) reportedly asked the companies to do so after the Supreme Court of India, refused to stay an order by the Madras High Court to ban the app. 

The bench was headed by the Chief Justice Ranjan Gogoi, and the matter was posted till April 22, as the Madras High Court is expected to hear the case on April 16. 

TikTok's official statement: ’’As per the proceedings in the Supreme Court today, the Madras High Court will hear the matter on ex party ad interim order. The Supreme Court has listed the matter again for April 22, 2019, to be apprised of the outcome of the hearing on the April 16th, 2019 before the Madurai Bench of Madras High Court.’’

‘’At TikTok, we have faith in the Indian Judicial system and the stipulations afforded to social media platforms by the Information Technology (Intermediaries Guidelines) Rules, 2011. We are committed to continuously enhancing our existing measures and introducing additional technical and moderation processes as part of our ongoing commitment to our users in India.’’

‘’In line with this, we have been stepping up efforts to take down objectionable content. To date, we have removed over 6 million videos that violated our Terms of Use and Community Guidelines, following an exhaustive review of content generated by our users in India."






E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Instagram bug showed stories of strangers






A bug on Instagram has affected the story tray which shows stories from people the users’ follow, but this bug has violated the privacy policy for some of the users’ by displaying the stories from people whom they don’t even follow. 

The Facebook owned company confirmed the existence of the technical glitch to TechCrunch, in the meantime they claimed that the glitch was resolved in a few hours.

According to the company, the bug "caused a small number of people's Instagram Stories trays to show accounts they don't follow." 

It did not displayed the full stories if the accounts were private, but it showed the whole stories if the accounts were public. 

The company believes that only small portion of the users’ were impacted by this glitch. However, there are nearly 500 million users’, and even the small fraction of affected users’ could have a great impact. 

A Twitter @internetryan drew everyone’s attention when he first reported the problem on the social tweeting about the bug,  'Hey @Instagram/@facebook, people who I don't follow (with private accounts) are showing up in my Stories.’




E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Microsoft’s email services hacked




Microsoft has confirmed a data breach by unknown hackers who might have been successful in accessing a ‘’limited’’ number of Microsoft customer’s Email.

According to the company, hackers breached the Microsoft network between January 1 and March 28 and compromised the Microsoft support agent’s credentials.

Microsoft sent an email notification to all their customer via stating, “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments”

The company has confirmed the incident to TechCrunch that account of users of services like @msn.com and @hotmail.com had been compromised in the recent breach, but the exact number of victims is not known. 

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.

Microsoft is urging all its affected users to change their passwords immediately. 






E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: WikiLeaks‘ founder Assange arrested after seven years hide out inside Ecuador embassy







British police has finally arrested the WikiLeaks founder Julian Assange from the Ecuadorian embassy in London after Ecuador government withdrew asylum citing his bad behavior. 

The arrest has closed the seven year long dramatic stint which could end up in landing in a United States prison as he is facing  a hacking conspiracy charge.

According to an indictment Assange conspired with former Army intelligence analyst Chelsea Manning to steal, and publish classified documents. 

Soon after his arrest, Assange appeared before Westminster Magistrates’ Court, where District Judge Michael Snow found  him guilty for breaching his bail conditions, flatly rejecting his assertion that he had not had a fair hearing and a reasonable excuse for not appearing.

“Mr. Assange’s behavior is that of a narcissist who cannot get beyond his own selfish interests,” Snow said. “He hasn’t come close to establishing ‘reasonable excuse.’”

While, Assange waved to the public from the gallery as he was taken to the cells. His next appearance would be on May 2 via prison video-link for his extradition case.

Whereas his attorney, Jennifer Robinson, said he will fight any extradition to the U.S.

“This sets a dangerous precedent for all journalist and media organizations in Europe and around the world,” she said. “This precedent means that any journalist can be extradited for prosecution in the United States for having published truthful information about the United States.”



E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: WhatsApp launches fact-check service ahead of General Elections in India





WhatsApp on Tuesday launched a new service called Checkpoint Tipline, for Indians to combat the fake news ahead of General elections beginning this month. 

The Facebook-owned company was working with a local startup PROTO, which aimed at creating a database of false, misleading or disputed. 

The initiative is funded by the WhatsApp to study misinformation spread ahead of the upcoming elections for Checkpoint

The company has set up a verification centre, which would verify posts that are in the form of pictures, video links or text. This center will cover four regional languages - Hindi, Telugu, Bengali and Malayalam, apart from English. 

"The goal of this project is to study the misinformation phenomenon at scale," Proto's founders Ritvvij Parrikh and Nasr ul Hadi said in a statement. "As more data flows in, we will be able to identify the most susceptible or affected issues, locations, languages, regions and more."

In a statement released by the WhatsApp said the start up Proto would be helped by two other organisations who have prior experience working on misinformation-related projects.

"The challenge of viral misinformation requires more collaborative efforts and cannot be solved by any one organisation alone," WhatsApp said.







E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Hundreds of millions of Facebook users data exposed on Amazon cloud servers




Security researchers have found a large data trove exposed  to public on Amazon's cloud computing servers.

The security experts at a cybersecurity firm, UpGuard found two separate sets of Facebook user data on public Amazon cloud servers, the firm wrote a detail blogpost. 

One of the dataset that was exposed belonged to the Mexican media company Cultura Colectiva, which contained more than 540m records, including likes, comments, reactions, Facebook IDs, account names, etc. While, the other set belonged to a defunct Facebook app named ‘At the Pool’, which was significantly smaller, but contained plaintext passwords for 22,000 users.


‘’The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,’’ the blogpost.

‘’Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,’’ it further added.

However, Facebook has launched an investigation into the matter, but they do not the nature of the data, how it was collected or why it was stored on public servers. The company said it will inform users once they will find evidence that the data was misused.





E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Saudi Arabia behind Jeff Bezos’ phone hac




The investigators of Amazon chief’s release of intimate images believes that Saudi Arabian authorities were behind it.

According to the security officer of Amazon boss Jeff Bezos 
the Saudi Arabian authorities hacked into his phone, and obtained private data from it. 

Gavin De Becker, a longtime security consultant, launched the investigation after the National Enquirer published intimate texts between Bezos and his mistress, a television anchor Lauren Sanchez.

Last month, Bezos accused the newspaper’s owner of trying to blackmail him with the threat of publishing 'intimate photos' he allegedly sent to Sanchez unless he said in public that the tabloid’s reporting on him was not politically motivated.

"Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos' phone, and gained private information," de Becker wrote on The Daily Beast website.

Last month,  the incident came into light when Mr Bezos acccused the owner of the tabloid of threatening him to publishing the ”intimate photos" that he allegedly sent to Ms Sanchez unless he did not publicly state that the tabloid's coverage of him was not politically motivated.






E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Personal data of almost a billion people are hacked








Personal data of nearly one billion people have been hacked by a caliginous company that is untraceable since the incident has happened. 

The database contains email addresses of around 982 million people. According to researchers, this could be the ‘biggest and most comprehensive email database' breaches ever.

The pieces of information that have been compromised includes names, gender, date of birth, employer, details of social media accounts and home addresses. 

The database was created by Verifications.io, and it did not have any kind of security measure. 

The firm was a marketing company, that offered a service of email validation to another marketing firm. The service includes authentication of email addresses. 

The company took down its website after the leak was uncovered and they have refused requests for a comment on the situation.

The motive behind the hack is not clear as the backers are maintaining their anonymity because of dubious tactics used by them to offer their service. 


Moreover, they have refused to comment on the situation.



E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: 99 Iranian websites used for hacking were seized by Microsoft

                    




According to a report by Associated Press, Microsoft has seized 99 Iranian websites that were supposedly stealing information and launching cyber attacks. The report also said that it had been tracking the group of hackers since 2013.

The hackers were targeting people in the middle east to steal sensitive information by using the malicious websites that were disguised as Microsoft, Linkedin, Outlook and Windows products. Microsoft confirmed in a court filing that this group was stealing information about reporters, activists, political people including “ protesting oppressive regimes”.

The hackers are from Iran but the Tehran government has denied any hacking activity from their end. In the past also Iran government has denied any hacking attempts from their end.

Allison Wikoff, a security researcher at Atlanta-based SecureWorks told Associated Press that according to her observation it is one of the “more active Iranian threat groups”. She further added that Microsoft analyze fake domains through analyzing traffics to protect against fake domains and the practice is popularly called as “sinkholing”.In the past also, Microsoft has used “sinkholing” to seize fake domains made by Russian hackers back in 2016.









E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Hackers won Tesla model 3 after hacking into their infotainment system



A group of hackers won $35000 and a Tesla model 3 car after they managed to crack into security systems at a hacking event held last week.

During the hacking competition Pwn2Own 2019 organized by  Trend Micro's "Zero Day Initiative (ZDI)", two hackers Amat Cama and Richard Zhu of team Fluoroacetate exposed a vulnerability in Tesla model 3.

According to a report by  Electrek on Saturday, the hackers attacked the infotainment system of the Tesla model 3 and exploited "JIT bug in the renderer" to take control of the system.
"Since launching our bug bounty programme in 2014, we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community," said David Lau, who is vice-president of vehicle software at Tesla.

So many bounty programs have been organized by the Tesla over the last four years to expose the vulnerabilities in the Tesla cars and have given thousands of dollars to hackers who have successfully found out the tweaks in the system.

David Lau, further added “We develop our cars with the highest standards of safety in every respect, and our work with the security research community is invaluable to us. Since launching our bug bounty program in 2014 – the first to include a connected consumer vehicle– we have continuously increased our investments into partnerships with security researchers to ensure that all Tesla owners constantly benefit from the brightest minds in the community. We look forward to learning about, and rewarding, great work in Pwn2Own so that we can continue to improve our products and our approach to designing inherently secure systems”








E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Hackers used ASUS Software Updates to Install malware on thousands of computers





Researchers at cybersecurity firm Kaspersky Lab found out that recent Asus’ software update system was hacked and used to distribute malware to millions of its customers.

The malware was masked as a  “critical” software update, which was distributed from the Asus’ servers. The malicious malware file was signed with legitimate ASUS digital certificates that made it look an authentic software update from the company, Kaspersky Lab says.

 The report of the hack was first reported by Motherboard, and Kaspersky Lab plans to release more details as soon as possible at an upcoming conference.

The intentions of hackers behind doing this is not clear. However, from the early investigation, it is reported that the hackers seem to target a bunch of specific Asus customers as it contains special instructions for 600 systems, which is identified by specific MAC addresses.

Till now, Asus has not contacted any of its affected customers or taken any step to stop the malware. In an email interview with the Verge, Asus said that they would issue an official statement on the malware tomorrow afternoon.

According to the Motherboard, Asus apparently denied that the malware had come from its servers.

“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware,” said Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team who led the research.





E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: 1,600 Motel Guests Were Secretly Streamed Live






South Korea has arrested four men accused of online streaming of the “intimate private activities” of 1600 hotel rooms.

The men allegedly installed mini cameras in TVs, hair-dryer holders, and sockets, to record all the private activities which were sold on online platforms for up to $6,200.

If the allegations proved right, then they could face jail up to 10 years and a  30m won ($26,571; £20,175) fine.

The men created a website in November, where they allowed users to pay for full videos or watch 30-second clips for free. They reportedly posted 803 videos and earned money from 97 paying members before the website was taken down.

"The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity," a spokesman for the Seoul Metropolitan Police Agency told the local newspaper the Korea Herald.

The recent incident has sparked a nationwide protest against the filming of sex and nudity as the number of such incidences have increased many folds.

"There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said.



E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Google to shut down Google+ and Inbox on April 2





After its social media website Google+, the company has announced that they are now shutting down its Inbox app.

Google will start notifying all its users about the closure of its Inbox from March 18th through a pop-up screen that will pop up every time users will be on the app.

The notification will also include a link to the Gmail app to ensure that it does not disappoint its users. Gmail has recently updated its app with new eye-catching features like Smart Reply, Smart Compose, and Follow-ups.

Now, it is really difficult to find Inbox by Gmail on the Google Play Stores.

The notification released by Google reads:
“This app will be going away in 13 days,” the alert reads. “You can find your favorite inbox features in the Google app. Your messages are already waiting for you.”

While on their official website Google said:

“Inbox is signing off. Find your favorite features in the new Gmail. We are saying goodbye to Inbox at the end of March 2019. While we were here, we found a new way to email with ideas like snooze, nudges, Smart Reply and more. That’s why we’ve brought your favorite features to Gmail to help you get more done. All your conversations are already waiting for you. See you there.”


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Google fined by EU for blocking its rivals advertisements



Google has been imposed fine of  $1.68 billion (1.49 billion euro/£1.28billion) by European Union regulators for blocking the advertisement of rival search engine companies.

This is the third time in the last two years when the company has been fined multi-billion dollar by the EU antitrust.

The EU's commissioner, Margrethe Vestager, notified the company about their decision at a news conference in Brussels on Wednesday.

'Today's decision is about how Google abused its dominance to stop websites using brokers other than the AdSense platform,' Vestager said.

According to the probe, the Google and its parent company, Alphabet,  violated the EU antitrust rules by limiting the contract clauses with other websites which uses AdSense, the clauses prevented websites from placing ads of Google rival companies.

The company 'prevented its rivals from having a chance to innovate and to compete in the market on their merits,' Vestager said.

'Advertisers and website owners, they had less choice and likely faced higher prices that would be passed on to consumers.'

Just after the announcement of fine, the company said that they have made several changes and will make a number of other changes to address EU antitrust regulators' concerns.

'We've always agreed that healthy, thriving markets are in everyone's interest,' Kent Walker, senior vice-president of global affairs, said in a statement.

'We've already made a wide range of changes to our products to address the Commission's concerns.

'Over the next few months, we'll be making further updates to give more visibility to rivals in Europe,' he continued.


E Hacking News - Latest Hacker News and IT Security News

E Hacking News – Latest Hacker News and IT Security News: Russian Hacking Trouble for the Cyber World



According to data analysis by computer security company CrowdStrike,Russian hacking attack team spares only 19 minutes to the victim to respond to the attack. The next fastest group were North-Koreans who took two hours to jump to the next server to spread the attack,the third on the list comes Chinese attackers who on average gives four hours to the victim to foil their target attack.

Statistically the calculated time is coined as  “dubbed time“ and is the time attacker takes to jump from one network to another to spread the attack. Introducing the concept, CrowdStrike wrote in its report “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker before sensitive data can be stolen or destroyed.”

According to the author, Pete Singer, the new analysis is eye-opening, "These stats are driven by a whole variety of factors, among them the skills and capability, the relative risk each is making in their likelihood of getting caught and the consequences. No matter how you look at it, an average of 18 minutes is quite amazing given the scale."

The Russians hackers have attacked many defense and military establishments throughout Europe and NATO since last year. Russian hackers were alleged to attack PyeongChang Winter Olympic Games in 2018.

Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told defenseone.com recently, “We are doubling down on election security in advance of the 2020 election. Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”

According to a research from Arizona state University, researchers revealed that the exploiting a known vulnerability depended greatly on the country of the attacker.For Instance, the researchers looked at the Dark Web chat rooms , If attackers were discussing  vulnerabilities in National Database and If the hackers discussing the bug were Chinese, the chances to exploit the vulnerability in question was nine percent, But if the conversation was between Russians, then the probability of exploiting vulnerability is forty percent.



E Hacking News - Latest Hacker News and IT Security News