A massive security breach has been confirmed with almost one in two French citizens affected, involving two service providers for medical insurance companies.

The third-party payment portals involved were Viamedis and Almerys, due to the former experiencing a sophisticated phishing attack that compromised its systems late last month. Almerys did not elaborate on the cause of its loss, but it is thought to be a similar incident.

The French Data Protection Authority (NCIL) detailed the full incident, with around 33 million customers’ data stolen. The leaked data includes personal information such as birth dates, marital status, social security numbers, and insurance details. NCIL moved to allay further fears by stating no banking credentials, medical data, or contact numbers were lost but the scale of the cyber attack is clear.

Yann Padova, a digital data protection lawyer and former secretary general at CNIL commented on the seriousness of the data breach, “This is the first time that there has been a violation of this magnitude (in France),” further adding it was suspected to be the biggest ever leak of its kind, in France.

Investigation underway

The attackers used credentials stolen from healthcare professionals, in a targeted raid, to access the systems at the two companies.

CNIL is now working with Viamedis and Almerys to contact all those impacted, as bound by the European Union’s General Data Protection Regulation. However, given the sheer number of customers involved it will take some time to complete the task.

As a result of this attack, the “tiers payant” system in which patients do not need to contribute the full cost of medical services in advance may be unavailable for providers for some time, but users will still have access.

The French data authority has sent out a renewed warning, to be wary of phishing attacks, given the volume of compromised data now in the wrong hands whilst a full investigation is underwater to ascertain exactly how the massive breach happened and if Viamedis or Almerys are culpable.

Image: Tima Miroshnichenko/Pexels

The post Massive data breach in France affects 33 million citizens appeared first on ReadWrite.

Ransomware hackers extorted $1bn across 2023, according to data insights company and blockchain platform.

The company published a report showing the extent of malicious hacking and developing trends affecting entities across the last year.

Chainanalysis provides data, software, services, and research to government agencies and companies across seventy countries.

”Our data powers investigation, compliance, and market intelligence software that has been used to solve some of the world’s most high-profile criminal cases and grow consumer access to cryptocurrency safely,” says the company site.

The report details a staggering increase of $433 million in ransom taken from victims compared to 2022, growing to the highest-ever rate of $1bn in 2023.

Report shows biggest ransomware attack of 2023

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory (CSA) in June of last year highlighting the MOVEit vulnerability, carried out by the CL0P Ransomware Gang.

This would be one of the biggest reported ransomware attacks recorded and was the spike point of 2023’s issue with ‘Zero-Day’ exploits.

What is a Zero-Day?

The report details this as a ‘Zero-Day’ vulnerability that compromised multiple institutions simultaneously. The attack is given this name as it gives the developers zero days to respond to it as it exploits an existing crack in the defenses they were unaware of.

The MOVEit hack was like finding all the keys to multiple company lockboxes in one big digital bank vault.

The hack hit several established institutions and exploited a vulnerability in the file transfer system. The software owner would announce that the service had been compromised with sensitive data, including personal details, and in some cases, banking information was in the hands of hackers.

Sony, the BBC, and Flagstar Bank were a few of those affected. The Maine Attorney General documented that 837,390 users had their data violated, with the report stating, “Information Acquired — Name or other personal identifiers in combination with Social Security Number.”

The Japanese tech giant, Sony, would also send letters to those affected stating that the company wanted to “provide you with information about a cybersecurity event related to one of our IT vendors, Progress Software, that involved some of your personal information.”

“This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems.”

This would extort massive amounts of data and considerably damage Progress Software’s reputation.

U.S. Federal forces and companies across the globe will be hoping that the number of attacks and the amount extorted will fall across 2024.

The post U.S. insights company shows ransomware hackers drew in $1bn across 2023 appeared first on ReadWrite.

An underground website known as OnlyFake is causing cybersecurity concerns due to the sophistication of its hyper-realistic fake IDs, with photos included.

An investigative report from 404Media dubbed the operation an “instant fake ID factory” that “threatens to streamline everything from bank fraud to money laundering and has implications for cybersecurity writ large.”

Using what it describes as neural networks to produce counterfeit documents for just $15, this enterprise threatens to significantly disrupt the market for forgeries with an obvious knock-on effect on identity verification procedures online.

404Media tested the service with the procurement of a California driver’s license, made up with whatever name, characteristics and signature as required. They claim to have used another fake document from the same source to successfully navigate the identity verification process on OKX, the world’s second-biggest crypto exchange by trading volume.

Enduring challenge

OnlyFake does not provide a physical, hard-copy ID, avoiding the need for any extra production or waiting on the mail. What you get is an instant document (we’re talking minutes) that appears genuine to allow verification of various forms of access that would be otherwise off-limits.

OnlyFake’s Telegram account states, “The era of rendering documents using Photoshop is coming to an end,” including other information claiming their service can create up to 20,000 documents per day using “generators”, whilst the owner using the name John Wick, told 404 they could produce hundreds of fake IDs simultaneously using data from an Excel table.

This appears to be another leg of the cat-and-mouse race between big tech and bad actors caused by the rapid advances in AI, and a very concerning one given the implications for security systems. Microsoft can attest to the vulnerability of technology after its property was used to create explicit deepfake images of Taylor Swift.

This race will be an enduring marathon instead of a quick sprint because once one deepfake scam is toppled, another is very likely to emerge.

Lou Steinberg, founder and managing partner at CTM Insights warned we’re only at the beginning of AI created fakes.

“AI will help both attackers and defenders in the fake ID space, but help attackers more,” he said.

“It’s increasingly easy to generate hyper-realistic images, and even print them with high quality printers. That’s one reason passports now contain holograms and RFID chips, which are harder for most people to embed at home.

“As more accounts are opened online, the need for a physical copy of a document is vanishing. That means we can’t rely on things like embedded RFID chips and holograms to verify an ID.”

Image: Dom J/Pexels

The post OnlyFake, the deepfake site churning out sophisticated fake IDs appeared first on ReadWrite.

The fake LastPass password manager found on Apple’s App Store has now been pulled. It is currently unknown whether Apple or the bogus software developer uninstalled the phony program — which disguised itself as the LastPass password manager on the Apple App Store. Apple has not responded to inquiries about the removal, though Apple is quite vigilant about these types of issues and relentlessly guards its app store.

Christofer Hoff, Chief Secure Technology Officer for LastPass, in a statement to TechCrunch, said, “Upon seeing the fake ‘LassPass’ app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed.” Hoff continues, “Our threat intelligence team posted a blog yesterday to raise awareness and help inform the public and our customers of the situation. We are in direct contact with representatives from Apple, and they have confirmed receipt of our complaints, and we are working through the process to have the fraudulent app removed.”

To mislead consumers, the fraudster app mimicked LastPass’s branding and user interface

In an effort to mislead consumers, the fraudster app mimicked LastPass’s branding and user interface and was distributed under the identity of a single developer, Parvati Patel. The phony program included several typos, which should always give one pause and hints that something may be a fake. In addition to being released by a separate developer who was not LogMeIn — the company that owns LastPass.

It’s not really good for Apple Inc., which has been fighting against so many regulations recently — like the EU’s Digital Markets Act (DMA)- that such an apparently fraudulent app made it through Apple’s generally rigorous App Review process.

Appfigures, an app analytics company, reported that the phone app was released on January 21st, giving it a few weeks to get users’ attention. Appfigures saw that the users themselves appeared to have realized that the app was phony because every one of the Apple App Store reviews warned others about the bogus nature of this app. The fake app even leveraged keywords to rank in search.

The fake app may have succeeded in tricking some users, even though it probably didn’t fake-out too many. The worst for the LastPass Company is that it was forced to alert its real users in a public forum about the fraudulent app in the store — even though it should have never been released in the first place. The app wasn’t taken down from the App Store until the day after LastPass’s blog post was published.

Featured Image Credit: WeStartMoney; Pexels

The post A fake LastPass password manager was found on Apple’s App Store appeared first on ReadWrite.

Commerce Secretary Gina Raimondo announced the U.S. AI Safety Institute Consortium (AISIC). Raimondo said in a statement to Reuters, “The U.S. government has a significant role to play in setting the standards and developing the tools we need to mitigate the risks and harness the immense potential of artificial intelligence.”

The consortium members

Reuters published the list of consortium members, which includes BP (BP.L),  Cisco Systems (CSCO.O), IBM (IBM.N), Hewlett Packard (HPE.N), Northop Grumman (NOC.N), Mastercard (MA.N), Qualcomm (QCOM.O), Visa (V.N), and major academic institutions and government agencies, that will be housed under the U.S. AI Safety Institute (USAISI).

This group prioritizes the actions and guidelines listed in President Biden’s executive order:  “including developing guidelines for red-teaming (meaning identify new risks), capability evaluations, risk management, safety and security, and watermarking synthetic content.”

The executive order from U.S. President Joe Biden

Additionally, the Oct 30, 2023 executive order from U.S. President Joe Biden said that he “is seeking to reduce the risks that AI poses to consumers, workers, minority groups, and national security” with a new executive order. As per the Defense Production Act, creators of AI systems that endanger the national security, economics, health, or safety of the United States must notify the government of the United States of the findings of their safety texts before their public release.

In addition, agencies are instructed to establish guidelines for such testing and handle associated risks connected to cybersecurity, radiological, chemical, and biological hazards by the order Biden has signed at the White House. “To realize the promise of AI and avoid the risk, we need to govern this technology,” Biden said. “In the wrong hands, AI can make it easier for hackers to exploit software vulnerabilities that make our society run.”

The Commerce Department said in December 2023 that it was already taking the first steps toward “writing the key standards and guidance for the safe deployment and testing of AI.” The consortium also represents the biggest group of test and evaluation teams  who can now create a foundation for a “new measurement science in AI safety.”

Currently, generative AI has sparked both enthusiasm and concerns with its ability to produce text, images, and videos in response to open-ended cues, that it can eventually replace human labor in some occupations, disrupt elections, and have disastrous consequences.

The Biden administration is working to implement safeguards, but despite multiple high-level conferences, Congress has not passed laws addressing AI.

Featured Image Credit: Photo by Michelangelo Buonarroti; Pexels

The post Address risks: leading AI companies join safety consortium appeared first on ReadWrite.

A WordPress crypto widget used by thousands could contain a security vulnerability that could leak data to potential attackers.

Cyber Security Agency (CSA) Singapore has released a security bulletin detailing a critical vulnerability in ‘Cryptocurrency Widgets – Price Ticker & Coins List’, leaving it potentially vulnerable to exposing user data. The security warning applies to versions 2.0 to 2.6.5 and, according to the CSA, centers around “insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query”.

Essentially, this means that there is an issue with how user input is handled within a software application or database, going against standard security best practices. The CSA warns that this WordPress widget could potentially allow unauthorized users to add extra SQL queries, with the risk of extracting sensitive information from a website’s database.

Considering the widget is centered around cryptocurrency, this could leave users’ wallets, finances, or other personal information vulnerable to attack. The plug-in itself has over 10,000 downloads, with no word yet on how many people could be affected.

This wouldn’t be the first time that hackers have used such security vulnerabilities to extract everything from partial payouts to smart contracts. Dangerous scripts can often go unnoticed for periods, leaving agencies like CSA Singapore to warn of potential vulnerabilities like this one.

What is ‘Cryptocurrency Widgets’?

Cryptocurrency Widgets is used to display coins price lists, tables, multi-currency tabs, and price labels on websites, lending itself well to crypto trading websites that offer overviews of the market. It updates regularly 24 hours a day to provide continual coverage for Bitcoin, Ethereum, and other popular cryptocurrencies.

At the time of writing, CoolPlugins (the creator of the widget) has not publicly commented on the issue. There is also currently an update for version 2.6.6, which should be protected against the security vulnerability.

Featured image: Pexels

The post Cyber security agency warns this WordPress widget might leak data appeared first on ReadWrite.

The Cybersecurity & Infrastructure Security Agency, National Security Agency, and the Federal Bureau of Investigation released a joint advisory this week stating that China-backed hackers Volt Typhoon have maintained persistent access to some critical USA infrastructure for “at least five years.”

The advisory states that cybersecurity hackers backed by the People’s Republic of China (PRC) are positioning themselves on the IT networks of American infrastructure systems so they can launch “disruptive or destructive” cyberattacks if the USA faces any major crisis or conflict.

In the advisory, it is stated that Volt Typhoon are state-sponsored and backed by the Chinese government. They are known to exploit vulnerabilities in critical infrastructure such as routers, firewalls, and VPNs, targeting key industries such as water, communications, transport, and energy. The exploitations have been found across the continental and non-continental United States, including Guam.

According to the advisory, Volt Typhoon’s activities differ significantly from traditional cyber espionage or intelligence-gathering activity. The agencies behind the advisory believe they are positioning themselves ready for a lateral move into disruptive activities.

Volt Typhoon’s methods have relied heavily on stolen administrator passwords and insufficiently secure front-end security. It has enabled them to take control of some camera surveillance systems to gain a further upper hand. They have been known to use “living off the land” attacks to hide their activities.

What are “living off the land” attacks?

“Living off the land” (LOTL) attacks help cyber attackers go unnoticed. Whereas many attacks use files and leave traces behind, LOTL attacks use legitimate tools on the target system to conduct malicious activities. This makes it very hard to detect using traditional security measures which look for scripts and files as the signature of attacks.

Cybersecurity is constantly evolving and it’s vital to keep systems updated with the latest security measures. Research into the benefits of artificial intelligence (AI) in cybersecurity is ongoing but AI will likely have more success against techniques such as LOTL due to their enhanced analytical powers.

Featured image credit: Pixabay via Pexels

The post Chinese hackers Volt Typhoon had critical US infrastructure access for 5 years appeared first on ReadWrite.

It’s called “Cyber Wargaming 2024,” and it’s being conducted under the supervision of the Central Bank of the UAE and the UAE Government’s Cyber Security Council. Cyber Wargaming was a big success for the second games in 2022 in the Middle East — the UAE Banks Federation (UBF) organized the third edition of Cyber Wargaming this year. The event has specially designed simulated cyberattacks to learn about the security of UBF member banks. These games reveal the security, risks, strengths, and gaps in security. The cybersecurity exercises improve the procedures that protect the banks along with the varied knowledge, techniques, and methods used to protect the banks.

Abdulla Matar Al Muhairi, Head of the Banking Supervision Department at the Central Bank of the UAE, spoke of the vital importance and the role of strengthening the resilience of the financial infrastructure in the banking sector. The banking sector must have a preparedness to defend against cyberattacks.

The Cyber Wargaming 2024 event will focus on developing capabilities to protect the digital infrastructure of banking.

Mr. Jamal Saleh, Director General of UBF, said: “At UBF, we continue our efforts to ensure safe and smooth banking operations in the face of rapid developments in the use of advanced technologies in the banking and financial sector. The organization of these cyber security workshops confirms our commitment to prioritize the security of the banking system and information security. We do this under the direct supervision of the Central Bank of the UAE, which is keen to develop the necessary regulatory frameworks and technologies to keep up with the latest developments and provide customers with the best services in a reliable banking environment.”

The Director General added: “Following the great success of the exercises we organized in October 2022; many entities and institutions have recognized the importance of this event in identifying and preparing banking cadres for potential cyberattacks and threats and to be prepared in the face of the acceleration of digital transformation in the financial sector by the development of digital security systems. The large turnout at this event also reflects the commitment of member banks and financial institutions to create a secure environment through events and training programs conducted by our member banks, which provide banking and financial sector employees with the opportunity to learn about the aspects that require further development to enhance cyber security, which is a key pillar in consolidating the UAE’s position as a leading banking and financial center in the region.”

The recent Threatcasting Event focused on credit card risks

The Cyber Wargaming 2024 event will focus on developing capabilities to protect the digital infrastructure of banking. The emergence of fraud and various cyber threats has made such events a way to secure the banking environment. This Cyber Wargaming event will spread much-needed awareness about the risks of fraud and one’s need to stay vigilant and protect accounts.

This group of forward-thinking individuals recently held an event called Threatcasting Event in collaboration with MasterCard that focused on potential future threats from advanced technologies such as quantum computing and AI, as well as how to deal effectively with these threats.

Featured Image Credit: ExpectBest; Pexels

The post Cyber Wargaming — how the UAE Banks Federation protects against cyberattack appeared first on ReadWrite.

Security researcher Stacksmashing showed how hackers may use a $4 Raspberry Pi Pico to retrieve the  BitLocker encryption key from Windows PCs in just 43 seconds, in a YouTube video. The researcher claims that specific attacks can get beyond BitLocker’s encryption by directly accessing the hardware and retrieving the encryption keys kept in the computer’s Trusted Platform Module (TPM) viz the LPC bus.

It has been shown that the encryption key requires physical access to the device and some extended know-how or expertise — so this is not an extended threat across the internet. Of course, BitLocker’s reliance on a TPM for security may be its own downfall in this particular experiment.

The dedicated Trusted Module, or TPM has a design flaw that the YouTuber took advantage of. In specific setups, Bitlocker depends on an external TPM to store vital data, including the Volume Master Key and Platform Configuration Registers (which are included in certain CPUs). When using an external TPM, the CPU and TPM communicate over an LPC bus to send the encryption keys needed to unlock the data on the disk. So the security hacker, Stacksmashing (YouTube), found the communication lanes (LPC bus) between the external TPM and the CPU are completely unencrypted on boot-up. This allowed the hacker to find critical data when it moved between the two units — and he was able to hack the encryption keys.

Keep in mind that the hacker used an old laptop that had BitLocker encryption — even though the same type of attack can be used on newer motherboards that use an external TPM. Also, the newer motherboards require more work and legwork to intercept the bus traffic. Security researcher Stacksmashing made it clear that the Windows BitLocker and external TPMs aren’t as foolproof as many individuals and companies think.

If your CPU has a built-in TPM, like the ones found in modern AMD and Intel CPUs, you should be safe from this security flaw since all TPM communication occurs within the CPU.

Featured Image Credit: Photo by George Becker; Pexels

The post Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico appeared first on ReadWrite.

Microsoft’s Threat Analysis Center (MTAC) has shed light on Iran’s evolving cyber operations, suggesting that the country may employ sophisticated techniques to target the 2024 U.S. presidential elections, according to a recent report by The Register. Drawing from Iran’s recent anti-Israel cyber activities, MTAC’s analysis indicates a potential threat to U.S. electoral integrity, mirroring tactics observed in the 2020 elections.

The analysis highlights the diversification of pro-Iran and Iran-linked groups engaging in cyberattacks, particularly since the Israel-Hamas conflict began. This expansion complicates the cybersecurity landscape, with MTAC noting, “Defenders can no longer take solace in tracking a few groups.”

The growing complexity of cyber threats

Iran’s cyber efforts have consistently targeted the U.S. and Israel, raising concerns about the forthcoming U.S. elections. Particularly alarming are Iran’s influence operations, which have effectively reached Western audiences with anti-Israel propaganda. Such tactics could be repurposed to influence the U.S. electoral process.

Microsoft observed a significant traffic spike to Iranian state-affiliated news sites during the Israel-Hamas war, indicating the effectiveness of Iran’s influence campaigns. Using AI in these operations, including the hijacking of a streaming TV channel with an AI-generated newsreader, marks a new frontier in Iran’s cyber capabilities.

Reflecting on Iran’s actions during the 2020 elections, the U.S. Director of National Intelligence reported Iran’s intent to undermine then-President Trump’s reelection prospects. The campaign focused on sowing division and exacerbating social tensions, without direct tampering with voting systems.

The U.S. has responded to Iran’s cyber threats with indictments against individuals involved in voter intimidation and misinformation campaigns. These efforts underscore the ongoing challenge of securing electoral integrity against foreign interference.

Iran’s cyber capabilities extend beyond influence operations to include destructive cyberattacks, as seen in recent incidents targeting Israeli and allied infrastructure. These attacks demonstrate Iran’s willingness to support its geopolitical objectives through cyber means, including ransomware attacks and infrastructure disruptions.

As the 2024 U.S. presidential elections approach, Microsoft warns of the potential for simultaneous interference attempts from multiple authoritarian states, including Iran, Russia, and China. This unprecedented scenario underscores the need for heightened vigilance and robust cybersecurity measures to protect the integrity of U.S. elections.

The post Microsoft warns of Iran’s advanced cyber operations targeting US elections appeared first on ReadWrite.

Spyware is a flourishing business and runs under the government’s radar despite efforts to crack down on the very lucrative and invasive digital surveillance economy.

Google’s Threat Analysis Group (TAG) published a report on Tuesday (6 Feb) with a series of insights on commercial surveillance vendors (CSVs).

CSVs the focus of U.S. and Google sights

These CSVs exacerbate the effect of cyber-crime when their tools tumble into the wrong hands, or in some cases land in the wrong ones for the right price.

The search engine giant keeps tabs on forty of these surveillance tools that offer their spyware to government clients. At the base of the published report each known CSV is accompanied by a detailed list of their actions and pay-to-access software.

The TAG report found that almost half of the ‘0-Day’ exploits that hit Google and Android devices are software designed by entities that develop spyware.

A ‘0-Day’ exploit is a vulnerability in a system not detected and it essentially gives the developers of that system zero days to fix the metaphorical hole in the defenses.

TAG unearthed that 25 0-days happened across the last year, with 20 of those being caused by software developed by a CSV.

According to the TAG report, Google believes “it is time for government, industry and civil society to come together to change the incentive structure which has allowed these technologies to spread.”

Last year the White House released an Executive Order (E.O.) prohibiting the use of commercial spyware that poses risks to the nations security.

In March of 2023 a joint statement was released by eleven nations as a shot across the bow to commercial spyware developers internationally.

”The misuse of these tools presents significant and growing risks to our national security, including to the safety and security of our government personnel, information, and information systems,” the joint statement read.

In a further strengthening of policy, the U.S. Secretary of State Anthony Blinken announced this week that visa restrictions would be applied to any individuals involved in the misuse of commercial spyware.

”The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses,” said the release.

Blinken’s approach as Secretary of State mirrors that of Google, saying the U.S. “stands on the side of human rights and fundamental freedoms and will continue to promote accountability for individuals involved in commercial spyware misuse.”

Both the U.S. and the technology powerhouse have a dedicated approach to limit the impact CSVs can have on both the citizens United States and users globally, but it remains to be seen if spyware continues to be a presence in the background.

Featured image: Dall-E

The post Spyware on the rise despite U.S. and Google efforts appeared first on ReadWrite.

A new threat to Roblox players comes in the form of a malicious impersonator of official Noblox.js and Noblox.js open-source downloads.

Noblox.js is an open-source Roblox API wrapper written in JavaScript that interacts with the game’s website.

Seeing 1,642 weekly downloads, this is one of Roblox’s most popular third-party node packet manager (NPM) downloads.

Alert to #Roblox developers: The Socket research team took a deep dive into a malicious npm package we flagged, which is masquerading as Noblox.js. It targets Roblox users for data theft. Read our full analysis on the blog: https://t.co/IDn60Nwv3r

— Socket (@SocketSecurity) February 6, 2024

How has this unsafe NPM tricked Roblox users?

NPN is the world’s largest software registry and the popular route for developers to share and install software relating to Java Script Object Notation (JSON), a lightweight format for storing and transporting data.

As reported by the Socket, the malicious NPM package is named noblox.js-proxy-server. Similar in name to the legitimate open-source Noblox.js.

According to the Socket Research Team, three techniques were used to make the malware seem legitimate: brandjacking, typosquatting, and starjacking.

Although these terms may seem overcomplicated, they are terminology used to identify how a malicious digital entity can present itself competently.

Brandjacking — A super simple term that impersonates a brand to gain legitimacy, hoping those not casting a keen eye will be duped.

Typosquatting — This is the space in between where a malicious entity benefits from that half-attempted search or typo, bringing the user into a place that looks legitimate enough but is, in fact a trap for unsuspecting users.

Starjacking — A slightly more elaborate way of linking an existing brand or models reviews and star-ratings without having anything to do with the product. Think about someone stealing all your positive eBay reviews or as a clone of a well-rated Instagram account.

The Socket Team uncovered that the evil NPM is designed to retrieve data, such as the Roblox username, and repeatedly scans files with specific extensions and adds them to a zip archive.

This zip file is then uploaded to a server on a specified URL. It sends a webhook to a Discord server with information on the uploaded file, prompting the same process to be repeated every 4,000 milliseconds.

Thanks to the Socket Team, awareness has been brought about this vindictive digital threat to the 70.2 million daily users and 216 million monthly active gamers on Roblox.

In related Roblox news, the game announced a development on the artificial intelligence (AI) front with a real-time text translation tool for users.

Image: photo by Sora Shimazaki; Pexels

The post Malicious NPM package disguises itself to steal Roblox data appeared first on ReadWrite.

Mozilla, the organization behind the popular Firefox browser, is stepping up its privacy game with the introduction of Monitor Plus, a subscription service designed to help users reclaim their personal data from the clutches of data brokers. Announced in a press release today, this new service expands on Mozilla Monitor, initially a free tool that alerts users to data breaches involving their email addresses.

Data brokers, companies that collect and sell personal information, often operate in the shadows of the internet, trading in data like phone numbers, email addresses, home addresses, and more. The process of removing personal information from these sites is notoriously complex, leaving many unaware of how to protect their privacy effectively.

Monitor Plus aims to simplify this process by proactively scanning over 190 data broker sites for users’ personal information. If it finds data such as names, locations, and birthdates, Mozilla will handle the removal process, which can range from a day to a month. This feature is part of the Monitor Plus subscription, priced at $13.99 per month, with a discounted annual rate of $8.99 per month ($107.88/year).

For those not ready to subscribe, Mozilla Monitor will continue offering a one-time free scan, guiding users through the manual removal process. This approach not only educates users about data brokers but also highlights the convenience of the subscription service for those seeking a more hands-off solution.

Both free and paid users will receive alerts about data breaches, with additional tools provided to address high-risk exposures. “When we launched Monitor, our goal was to help people discover where their personal info may have been exposed. Now, with Monitor Plus, we’ll help people take back their exposed data from data broker sites that are trying to sell it,” said Tony Amaral-Cinotto, Product Manager of Mozilla Monitor.

To use the service, users must provide Mozilla with basic personal information, which is encrypted and handled according to Mozilla’s privacy policy. Currently, Monitor Plus is only available to U.S. users. The company emphasizes the importance of such a tool, noting that 233 million people were affected by data breaches in 2023 alone.

The post Mozilla introduces Monitor Plus to safeguard personal data from data brokers appeared first on ReadWrite.

To mark Safer Internet Day, Minecraft Education has released a new title to the CyberSafe collection of Minecraft adventures.

CyberSafe: Good Game is an inclusive challenge for young people, designed to help them feel safe, happy and content online. The story-based game assists players in adapting to the virtual world, teaching children about the responsibilities and responses required for appropriate interactions online.

Safer Internet Day is an initiative from the UK Safer Internet Centre (UKSIC) to promote the importance of online safety for children and young people, held on 6 February with this year’s event carrying the theme: ‘Inspiring change? Making a difference, managing influence and navigating change online’.

Learning through play

As detailed by Xbox Wire, Minecraft Education has cleverly weaved together an online safety narrative in CyberSafe: Good Game as part of the challenge.

The setting is just before summer break, as a group of friends discuss how to level up in their favorite game but one of their friends is excluded, they cannot play because their controller was broken after experiencing difficulties with online bullies.

From here the challenge is set with players required to create a Good Game Guide. This resource will enable learning as well as developing strategies in young people to deal with problem situations online whilst promoting a positive gaming experience.

Game scenarios include unwanted actions from bullies, inappropriate screen names and repeated distractions from the in-game chat. For every task, users will be presented with tools to take the right course of action with the ability to ignore, correct, mute, or report certain behaviors they experience.

CyberSafe: Good Game then allows a period of reflection after every challenge faced, to add a new entry to the Good Game Guide, with the guidebook acting as a reference point for online gaming in the future.

Carlos Figueiredo, Director of Player Safety on Minecraft, commented on the value of encouraging responsibility and respect at all times online:

“Good Game is the latest learning adventure in the CyberSafe series where players are given the tools to be agents on their safety journey. In a world that deeply needs more collaboration and dialogue, what could be more important than sparking a cultural shift to foster healthy and respectful communities.”

Image: Minecraft Education

The post Minecraft Education launches new title for Safer Internet Day appeared first on ReadWrite.

Safer Internet Day is an internationally-observed event designed to promote safer and more responsible internet use among young people. It’s observed every year on February 6 and has been around since 2004.

The theme for 2024’s Safer Internet Day is “inspiring change, making a difference, managing influence, and navigating change online.”

Why does it matter?

This year’s Safer Internet Day comes at a critical time for internet safety around the world.

The UK’s Online Safety Act, which puts the onus on tech companies to protect children from inappropriate legal content, became a law in October 2023 — but there are concerns that it doesn’t go far enough.

Scarlett Jenkinson and Eddie Ratcliffe were recently convicted of the murder of Brianna Ghey, a young transgender teen. Both 15 at the time, the killers were able to access torture content on the dark web. This led to Esther Ghey, Brianna’s mother, launching a petition to ban social media apps from minors’ phones, as well as making mobile companies more legally responsible for children’s online welfare.

Simultaneous to this, over in the US, the Senate held a hearing with a number of the Big Tech CEOs regarding children’s online safety.

During the emotionally charged hearing, the CEOs of platforms like TikTok, Snap, X, Discord, and we won’t soon forget the dressing-down of Mark Zuckerberg (Meta), who was told he has “blood on [his/their] hands” because of their purported inaction in the face of the exploitation, bullying, grooming, and other harmful content young people are exposed to online.

This hearing was part of ongoing conversations about the Kids Online Safety Act (KOSA) and tougher laws around internet safety in general. In short, the proposed law purports to protect young people from ads and other content that promote eating disorders, self-harm, violence, and suicide.

Featured Image: Photo by Thomas Park on Unsplash

The post Safer Internet Day: Why it matters now more than ever appeared first on ReadWrite.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Iranian officials linked to cyber activities against critical infrastructure in the United States and other countries.

The six individuals in question were part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), an Iranian government organization.

All individuals have been added to the Specially Designated Nationals And Blocked Persons List (SDN) and their properties and financial assets have been held by the OFAC as part of the counterterrorism authority Executive Order (E.O.).

According to the note published by the OFAC, Hamid Reza Lashgarian, head of the IRGC-CEC and a commander in the IRGC-Qods Force, has been a part of IRGC cyber and intelligence operations in the past.

The other six persons are all senior officials of the IRGC; Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian.

Treasury sanctioned six officials in the IRGC’s Cyber-Electronic Command. Today’s sanctions reinforce our commitment to protecting America’s critical infrastructure from foreign adversaries like Iran. https://t.co/SvxCPntSJW

— Treasury Department (@USTreasury) February 2, 2024

Sensitive targets

The accused are reported to have hacked portable logic controllers produced by Israeli company Unitronics.

The United States, with Private Sector companies and the countries impacted, worked to minimize the damage to critical water systems that had been compromised.

Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson said that “the deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act.”

The public services that had been hacked received minimum impact, but it has left the United States concerned that these infrastructure services have been targeted.

“The United States will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account,” Nelson concluded.

In other U.S. security news, the FBI has foiled an attempt by a Chinese hacker group known as Volt Typhoon. The hackers have targeted U.S. routers in homes and small businesses as part of a wider botnet.

Last week, Deputy Attorney General Lisa O. Monaco announced that “in wiping out the KV Botnet from hundreds of routers nationwide, the Department of Justice is using all its tools to disrupt national security threats – in real-time.”

Image credit: Pexels

The post Treasury’s Office of Foreign Assets Control sanctions six Iranian officials appeared first on ReadWrite.

A multinational company’s Hong Kong office was the victim of an elaborate scam using deepfake video technology to impersonate executives and scam the company out of HK$200 million ($25.6 million), local police reported on Sunday (Jan 4).

In what police described as the first scam of its kind in Hong Kong, scammers used deepfake technology to digitally recreate company executives and impersonate them on a video conference call. The technology allowed the scammers to generate fake but convincing representations of targeted individuals that replicated their voices and appearances.

The scam began in mid-January when an employee in the Hong Kong branch’s finance department received a phishing message, seemingly from the company’s UK-based chief financial officer, reports the South China Moring Post.  The message claimed a secret transaction had to be conducted. Although initially doubtful, the employee was convinced after being invited to a video call in which the CFO and other familiar employees appeared to be present.

Except, of course, it wasn’t actually the CFO on the call.

‘Everyone is fake’

According to Acting Senior Superintendent Baron Chan Shun-ching, not only did the virtual recreations of each participant look and sound like their real-life counterparts, they were even able to interact to some degree on the call by giving orders. However, if questioned more deeply, it’s believed their impersonations would have faltered.

“This time, in a multi-person video conference, it turns out that everyone you see is fake.” said Chan

He added: “They used deepfake technology to imitate the voice of their targets reading from a script”

The scam proceeded for about a week before the employee grew suspicious and checked with company headquarters. Police investigation revealed the meeting participants were digitally faked by scammers harvesting public footage of the executives and using deepfake technology to imitate their voices and likenesses reading from a script.

Local authorities did not reveal the name of the company caught in this scam.

To avoid falling victim to similar scams using deepfake technology, Supt. Chan advised asking the person to move their head or pose questions to check their authenticity. One should also immediately suspect foul play if money is requested during a call.

The sophistication of this nefarious technology is developing rapidly. Last week X was forced to block searches for popstar Taylor Swift after explicit AI-generated deepfake images of the pop star went viral.

Featured Image: Dall-E

The post Deepfake video call scam cons company out of $25 million appeared first on ReadWrite.

Part of the Pennsylvania Courts online system has fallen victim to a cyber attack.

The Chief Justice of the US State, Deborah Todd announced that that a denial of service attack (DDoS) had hit the Pennsylvania court website.

Integral court systems such as the PACFile, online docket sheets, PAePay, and the Guardianship Tracking System are affected.

Law enforcement agencies are now involved in diagnosing the extent of the attack.

“Our court information technology and executive team is working closely with law enforcement including the CISA, the U.S. Department of Homeland Security, and the F.B.I to investigate the incident.” The Chief Justice announced via the official statement.

pic.twitter.com/F0HQV0nxYm

— PA Courts (@PACourts) February 5, 2024

This cyber attack restricts litigants, lawyers and key court stakeholders who rely on the court’s online systems to prepare for legal proceedings.

“At this time, there is no indication that any court data was compromised, and our courts will remain open and accessible to the public,” said the Chief Justice.

The Pennsylvania courts will hope that all data remains secure and the investigating legal bodies can bring back the key functions that keep the wheels of the courthouse turning.

For updates on when the Pennsylvania Court website is back up, follow the organization’s X account.

What is a DDoS cyber attack?

A denial of service attack (DDoS) is a targeted attempt by a third party to cripple a digital system by undermining and removing core functions.

It is generally the precursor to information or a system being compromised and then a group will take responsibility for the attack, prompting further developments such as a ransom for extracted data or an official statement from those responsible.

Cyber attacks more than doubled across 2023. According to security firm Armis, in January, legacy systems were the cause of many breaches and assaults on digital security.

The FBI however managed to eradicate the Volt Typhoon bot net earlier this month after a series of routers were flagged as compromised. The coordinated strike operation prevented the reinfection of the routers and removed the malware that was deployed by the hackers.

FBI Director Christopher Wray said “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate.”

Image credit:  Pete Linforth from Pixabay

The post Pennsylvania Court website down in DDoS cyber attack appeared first on ReadWrite.

Malware disguised as a messaging app has been found on twelve applications, six of which were available on Google Play between April and September 2023. The malicious software, known as VarajSpy, is referred to as a remote access trojan. This means that the cyber-attacker is able to access your device remotely.

Those infected by VarajSpy became specifically vulnerable to cyberattacks like data theft (including phone contacts) and, depending on permissions granted, even recorded their phone calls.

While these malicious apps have been removed from Google Play, they remain on third-party app stores disguised as messaging and news apps. 

Researchers at the anti-virus software company ESET uncovered this campaign. According to them, these cyber-attackers are part of the Patchwork Advanced Persistent Threat (APT) group.

Bogus chat apps

Furthermore, according to Lukas Stefanko, an ESET researcher, these apps were downloaded 1,400 times on Google Play. They had innocent-sounding names like Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, and Chit Chat.

Unlike Google Play, it is difficult to track how many applications were downloaded from third-party app stores. Still, they did have similarly innocuous-sounding names like Hello Chat, YohooTalk, TikTalk, Nidus, GlowChat, and Wave Chat.

Analysis by ESET also found that the majority of these hacking victims were located in Pakistan, and that they were most likely tricked into installing these bogus chat apps as part of a wider romance scam.

In a statement to BleepingComputer, a spokesperson for Google said: “We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action.”

“Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behavior on Android devices with Google Play Services, even when those apps come from sources outside of Play.”

Featured Image: Photo by Jonas Leupe on Unsplash 

The post These chat apps are silently stealing your data appeared first on ReadWrite.

That tape over your webcam might not be enough — the hackers are watching; it might be the right time to install another privacy shutter.

In a report just published in Science Advances, researchers at the Massachusetts Institute of Technology (MIT) emphasized the risks to imaging privacy that ambient light sensors can offer. Users of devices worried about security may find solace in software permissions that limit webcam use and hardware solutions like shutters. Nonetheless, studies have demonstrated that one of the typical ambient light sensors used in a variety of devices can be used to collect visual data. These tiny sensors are normally permission-free on a device level and aren’t closed or deactivated by users.

MIT researchers utilized the Samsung Galaxy View 2 in their investigations. The ambient light sensor on this relatively dated and huge (17.3-inch) consumer tablet is located close to the front-facing (selfie) camera — which is still a pretty popular arrangement.

Manufacturers of devices classify ambient light sensors as low-risk since software (or malware) may frequently access them directly without requiring any authorization or privileges. However, prior research has demonstrated that in roughly 80% of cases — even a basic sensor can yield sufficient information to deduce keystrokes from a keyboard and steal a device’s authorizations and passwords. The latest study demonstrates the potential of an ambient light sensor in conjunction with the device’s screen, which serves as an active light source.

Some devices are more susceptible to these ambient light sensor espionage techniques.

Some devices will be more susceptible to this ambient light sensor espionage technique than others because every device has a different light sensor speed and measurement bit depth, screen brightness, and light sensor precision (see image above). As you can see from the source article numbers, some of the tablet device’s image captures took several minutes. However, ambient light sensor imaging spy technology is verifiably accurate and has room for improvement.

The MIT researchers pointed out that the light sensors are “quite useful,” and we need and want them. The MIT researchers said to adjust the following to stop your peeping-cyber-toms.

• Rethink ambient light sensor device permissions.
• Reduce sensor speed.
• Reposition the sensor so it doesn’t face the user.

Hopefully, when manufacturers become better aware of the ambient light sensor issues, they will implement a few changes to prevent the “snooping tech” from finding more victims.

Featured Image Credit:  Jan from Pixabay

The post Covering your webcam won’t be sufficient to prevent hackers from watching you appeared first on ReadWrite.