For.Your.Information

Home
United States
New York, NY
For.Your.Information

Get information about everything under the sun! Technology, Music, Public Events, Trending Topics, and much more.

Operating as usual

12/04/2017

!?! Attention PayPal Has Been Hacked User Beware !?!

Global e-commerce business PayPal has disclosed a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year.

PayPal Holdings Inc. said Friday that a review of its recently acquired company TIO Networks showed evidence of unauthorized access to the company's network, including some confidential parts where the personal information of TIO's customers and customers of TIO billers stored.

Acquired by PayPal for US$233 Million in July 2017, TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America.

PayPal did not clear when or how the data breach incident took place, neither it revealed details about the types of information being stolen by the hackers, but the company did confirm that its platform and systems were not affected by the incident.

"The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal's customers' data remains secure," PayPal said in its press release [PDF].

The data breach in TIO Networks was discovered as part of an ongoing investigation for identifying security vulnerabilities in the payment processing platform.

As soon as PayPal identified an unauthorized access to the TIO's network, PayPal took action by "initiating an internal investigation of TIO and bringing in additional third-party cybersecurity expertise to review TIO's bill payment platform," PayPal press release [PDF] reads.

The company has begun working with companies it services to notify potentially affected customers.

Besides notifying, the company is also working with a consumer credit reporting agency, Experian, to provide free credit monitoring memberships for fraud and identity theft to those who are affected by the breach.

To protect its customers, TIO has also suspended its services until a full-scale investigation into the incident is completed.

"At this point, TIO cannot provide a timeline for restoring bill pay services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills," TIO's Consumer FAQ reads.

"We sincerely apologize for any inconvenience caused to you by the disruption of TIO's service."

Since the investigation is ongoing, PayPal will communicate with TIO customers and merchant partners directly as soon as the company has more details on the incident. Also, the affected customers will be directly contacted by the company.

11/29/2017

!?! BLUETOOTH CREATES BACKDOOR ON SMART HOME DEVICES !?!

A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.

As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.

BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.

What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be able to detect the attack.

What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.

These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure.

However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.

20 Million Amazon Echo & Google Home Devices Vulnerable to BlueBorne Attacks

IoT security firm Armis, who initially discovered this issue, has now disclosed that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities.

If I split, around 15 million Amazon Echo and 5 million Google Home devices sold across the world are potentially at risk from BlueBorne.

Amazon Echo is affected by the following two vulnerabilities:
A remote code execution vulnerability in the Linux kernel (CVE-2017-1000251)An information disclosure flaw in the SDP server (CVE-2017-1000250)Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android.

Whereas, Google Home devices are affected by one vulnerability:
Information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785)This Android flaw can also be exploited to cause a denial-of-service (DoS) condition.

Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack.

Armis has also published a proof-of-concept (PoC) video showing how they were able to hack and manipulate an Amazon Echo device.

The security firm notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.

Amazon Echo customers should confirm that their device is running v591448720 or later, while Google has not made any information regarding its version yet.

11/29/2017

!?! HACKERS WANTS YOUR VOTE IN OVER 30 COUNTRIES !?!

Elections in 18 separate nations were influenced by online disinformation campaigns last year, suggests research.

Independent watchdog Freedom House looked at how online discourse was influenced by governments, bots and paid opinion formers.

In total, 30 governments were actively engaged in using social media to stifle dissent, said the report.

Educating users to spot fake news and making tech firms police their networks could combat the manipulation, it said.

Devastating impact

The annual report studied the state of internet freedom across 65 nations - covering about 87% of the world's net-using population.

For the seventh year running, it said, net freedom had declined as governments stepped up efforts to control what citizens said, did and shared online.

The different tactics used to influence online speech included:

automated bots that echoed official messagesarmies of paid commentators that swamped discussions with pro-government viewsfalse news sites that spread misleading informationtrolling that soaked up critics' time with personal attacks

Used alongside more overt technical controls such as firewalls, content filters and blocks on technical tools such as virtual private networks, the manipulation of social media had become a key tool for repressive regimes, it said.

"Not only is this manipulation difficult to detect, it is more difficult to combat than other types of censorship, such as website blocking, because it's dispersed and because of the sheer number of people and bots deployed to do it," said Sanja Kelly, head of the Freedom on the Net research project.

Ms Kelly said China and Russia had pioneered widespread net controls but the techniques had now gone "global".

Many other nations, including Turkey, the Philippines, Syria and Ethiopia, now employed them extensively, she said.

"The effects of these rapidly spreading techniques on democracy and civic activism are potentially devastating," added Ms Kelly.

Official efforts to control debate were most obvious during elections, said the Freedom House report - which were held in 18 of the countries researchers examined.

Usually the activity was contained within one nation, but increasingly governments were looking to social media to subvert debate beyond their own borders.

Russia, in particular, said the report, had made significant efforts to influence the US presidential election.

It said less than 25% of the world's net users lived in nations where net access could be considered free, meaning:

no significant obstacles to getting onlinefew restrictions on what could be shared or viewedsurveillance was limitedno significant repercussions for those exercising free speech

The report said net freedom could be aided by:

large-scale programmes that showed people how to spot fake newsputting tight controls on political advertsmaking social media giants do more to remove bots and tune algorithms to be more objective

11/29/2017

!?! THIEVES STEAL YOUR UBER CREDITS WHILE COMPANY LOOKS THE OTHER WAY !?!

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

“None of this should have happened, and I will not make excuses for it.”

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

After Uber’s disclosure Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, his spokeswoman Amy Spitalnick said. The company was also sued for negligence over the breach by a customer seeking class-action status.

Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

Uber has earned a reputation for flouting regulations in areas where it has operated since its founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits. London and other governments have taken steps toward banning the service, citing what they say is reckless behavior by Uber.

In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

Khosrowshahi said in his emailed statement: “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

Kalanick was ousted as CEO in June under pressure from investors, who said he put the company at legal risk. He remains on the board and recently filled two seats he controlled.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

11/29/2017

!?! GOOGLE STARTS CYBER WARFARE FIGHT WITH RUSSIA !?!

Google and several leading Russian search engines have completely wiped 786 'pirate' sites from their search results. That's according to telecoms watch Rozcomnadzor, which reports that the search providers delisted the sites after ISPs were ordered by a Moscow court to permanently block them.

Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them.

Rozcomnadzor is required to contact the operators of such services with a request for them to block banned resources. If they do not, then they themselves will become blocked. In addition, search engines are also required to remove blocked resources from their search results, in order to discourage people from accessing them.

Removing entire domains from search results is a controversial practice and something which search providers have long protested against. They argue that it’s not their job to act as censors and in any event, content remains online, whether it’s indexed by search or not.

Nevertheless, on October 1 the new law (“On Information, Information Technologies and Information Protection”) came into effect and it appears that Russia’s major search engines have been very busy in its wake.

According to a report from Rozcomnadzor, search providers Google, Yandex, Mail.ru, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court.

“To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights,” the watchdog reports.

The domains aren’t being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.

The news comes in the wake of reports earlier this month that Russia is considering a rapid site blocking mechanism that could see domains rendered inaccessible within 24 hours, without any parties having to attend a court hearing.

While it’s now extremely clear that Russia has one of the most aggressive site-blocking regimes in the world, with both ISPs and search engines required to prevent access to infringing sites, it’s uncertain whether these measures will be enough to tackle rampant online piracy.

New research published in October by Group-IB revealed that despite thousands of domains being blocked, last year the market for pirate video in Russia more than doubled.

Address

1 Main Street
New York, NY
10307

Alerts

Be the first to know and let us send you an email when For.Your.Information posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.