Customer

now browsing by tag

 
 

When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company

When hackers get hacked” should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device’s microphone.

It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.

advertisement:

nso-pegasusRELATEDControversial Israeli Spyware Firm Robbed by Its Own Employee Who Tried Selling Code for $50 Million!

“These spy apps should be out of market, most people spy on girls and [their] data image […] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. “No one have rights to do that and same these apps and provider making money by doing this.”

While SpyHuman sells its spyware as a tool to monitor children and employees, it’s mostly used to illegally spy on partners and spouses without their consent. “Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as ‘know if your partner is cheating on you,’ and suggests monitoring your husband’s texts in case he is having an affair,” the publication reports.

The company gave the following (non)explanation when asked about how it makes sure its software isn’t being used for illegal surveillance:

staff-surveillance-2RELATEDMicrosoft Exposes FinFisher Gov Spyware – Says Windows Defender ATP Can Now Detect the Notorious Spyware

“As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”

As is apparent, since its users can always select a child or an employee – which in itself raises several questions – they don’t necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.

– If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.

The post When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Engineer says #Emirates is #virtually #handing #customer data to #hackers

Source: National Cyber Security News

A data security engineer has come out with the claim that Emirates is virtually handing customers’ sensitive information to hackers and marketers.

Konark Modi says he was booking tickets for his family on the Emirates website when he noticed a few things. Namely, that there were around 300 data points related to his booking and that the information was being shared with “approximately 14 different third-party trackers like Crazy egg, Boxever, Coremetrics, Google, and Facebook among others.”

While this kind of behavior on its own isn’t unusual, the URL included in Modi’s email used the HTTP protocol, which is notoriously insecure compared to HTTPS and can effectively make webpages that are supposed to be private easily accessible to hackers and other adversaries.

Anyone with access to these link can not only read but also edit the user and booking information. That includes stealing your identification details like email address, phone number and passport information, and changing or cancelling the flight.

Following the allegations from Modi, web security company High-Tech Bridge decided to check out the Emirates website with its free SSL/TSL Security Test. The results found that the majority of Emirates.com subdomains (including reservations) have very weak encryption or for some none at all.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Duke #Energy #Vendor’s #Hack May Mean #Stolen Customer #Bank Info

Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.

The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.

Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.

The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.

TIO Networks is sending letters to notify those affected.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.

 

Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to #Solve the 3 Biggest #Challenges in #Cybersecurity Customer Success

Source: National Cyber Security – Produced By Gregory Evans

How to #Solve the 3 Biggest #Challenges in #Cybersecurity Customer Success

If you’re waiting for the next major cybersecurity breach, history has shown us time and again that you just have to give it a minute. Yahoo. Equifax. Target. Home Depot. Chase. Sony. OPM. These high profile breaches happen seemingly every few weeks, but the reality is that thousands of cyberattacks are happening every day. It’s no wonder that security is one of the fastest growing sectors in tech.

Even during my time at Symantec a decade ago, it was clear that security was only going to get more important over time. Now, years later, every single one of us has been personally affected by a breach, hack, or cyberattack of some kind. This isn’t going away and it’s not going to stop.  Because of this, security software is by far one of the fastest growing parts of the enterprise IT market.

You can imagine that it’s therefore a great time to be a cybersecurity vendor.

At the same time, it’s not all smooth sailing in security land. Because customers are buying so many overlapping solutions, adoption of security technology is a huge challenge. And clients, faced with a growing amount of spend, are asking vendors about the outcomes they are achieving.

As such, security is one of the fastest growing sub-sectors in Customer Success. At Gainsight, we’ve been fortunate to partner with several established, leading, and emerging vendors on their Customer Success strategy—including Cisco, Okta and RiskIQ.

My former boss, Enrique Salem (former CEO of Symantec and now partner at Bain Capital Ventures) and I hosted a dinner with Customer Success leaders at top security companies to discuss what’s unique about the convergence between CS and Security:

The way the attendees saw it, there are three main reasons why cybersecurity is an ideal fit for Customer Success principles and practices—and those same reasons make implementing those principles and practices uniquely difficult, though rewarding.

1. Adoption is complex→Make health scores about “currency”

Security tools tend to be different from most softwares in two fundamental ways:

Users don’t “use” the software.
“Success” often involves being invisible
In other words, when your security solution is working optimally, you don’t notice it. These companies go to great lengths to make sure their tools are as lightweight and invisible as possible. When you log off at the end of the day and nothing bad happened, that’s a huge win. But from your perspective, it’s just another day.

From a Customer Success Management perspective, that makes tracking health a conundrum. How do you track usage when your product is constantly running in the background? How do you understand satisfaction when your password management app has 100% adoption at a client?

What I learned at this event is that adoption is largely about “currency,” and I don’t mean money. As cybersecurity is about constantly reacting to and preempting threats, how current your version is (in terms of updates and patches) is a huge indicator of how successful you’ll be with the product. In other words, if your customer isn’t up-to-date, they aren’t secure and therefore aren’t getting value.

Customer Success leaders at top security companies have created dynamic health scores that include version currency, breadth of deployment, and other custom factors.

2. Outcomes are difficult to measure→Design end-to-end success plans

As I mentioned before, the customer’s desired outcome with their security solution is (typically) that nothing bad happens and they aren’t disrupted in their day-to-day workflow. To phrase it differently, their objective is a negative, or an absence. For most software products, the goal is much more concrete—and much more positive. For instance, the goal with Gainsight might be a 5x increase in product adoption, or an 8% increase in gross renewals, etc.

With security, how feasible is it to define success as a 0% increase in data breaches? Or to become 10x “more secure.” How do you define that—and more importantly—how do you benchmark that?

Even more challenging is finding the differential impact. If a breach was blocked, which vendor and technology gets credit? If a threat is missed, who takes the blame?

The leaders I talked to see a huge opportunity to better define their customers’ end-to-end success around things like time to detect, time to respond, and the type of threat detected. Building milestones in the customer journey at each stage from pre-sale to Services to Support and Customer Success is critical.

3. Clients are technical→You need technical resources in CSM

At the end of the dinner, we discussed our teams. In every category of Customer Success, companies struggle with the “unicorn” problem. We’d all love CSMs that can do it all—be technical, understand best practices, have walked in the client’s shoes, be firefighters, be strategic, be excellent communicators—and drop some sick karaoke while they’re at it!

In Security, this problem is turbocharged since security buyers are extremely technical.

In the CSM industry broadly, we have witnessed the emergence of a parallel technical partner to the CSM—CS Architect, CS Engineer, Technical Account Manager, etc. And in Security, many companies are leveraging their existing advanced technical resources (e.g., Premium Support Engineers) in this capacity

There’s more at stake than ARR

At the risk of getting melodramatic, I want to end by underscoring the importance of Customer Success beyond the basic economic value proposition that we (understandably) tend to focus on in B2B software. We know that when customers are successful, vendors are successful—it’s the founding premise of my company. But when it comes to Security, we don’t need that conditional statement to understand just how critical an industry it is.

When Security customers are successful, their data is safe. My data is safe. My kids’ data. That’s a heavy burden for companies that so often tend to themselves “run in the background” in the public consciousness. If you’re reading this and you’re in Security, my deepest thanks for what you do. Here’s to keeping all of us successful—and safe.

The post How to #Solve the 3 Biggest #Challenges in #Cybersecurity Customer Success appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Safeguarding SMB Customer against Sophisticated Cyberattacks

Source: National Cyber Security – Produced By Gregory Evans

Cybercrime or cyberattacks has become a major concern for the economies across borders, ranging from states, corporates giants, small and medium industries, and even individuals at home. The driving force behind frequent and sophisticated cyberattacks at all levels of organizations, pertains to the idea–what cyber criminals gain? The primary focus…

The post Safeguarding SMB Customer against Sophisticated Cyberattacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cowboys Casino hackers dump hundreds of documents with customer payouts, personal information

Source: National Cyber Security – Produced By Gregory Evans

Cowboys Casino hackers dump hundreds of documents with customer payouts, personal information

Personal information along with the gambling habits and payouts of hundreds of patrons of Calgary’s Cowboys Casino have been dumped online by hackers, a year after a massive cyber attack. On Sunday, thousands of files purportedly containing the personal information of patrons, customer payouts, tracking of gambling habits and the…

The post Cowboys Casino hackers dump hundreds of documents with customer payouts, personal information appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers hold Sydney start-up’s customer database for ransom

Source: National Cyber Security – Produced By Gregory Evans

Hackers hold Sydney start-up’s customer database for ransom

Small Sydney tech company Qnect is in damage control after its customer data was reportedly stolen and held for ransom. The attack comes just weeks after ransomware known as WannaCry disabled over 300,000 computers and essential services worldwide. The hackers, calling themselves RavenCrew, threatened to publish the data – including…

The post Hackers hold Sydney start-up’s customer database for ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

DocuSign says hackers accessed customer email database

Source: National Cyber Security – Produced By Gregory Evans

DocuSign says hackers accessed customer email database

Electronic signature service DocuSign said on Tuesday hackers had temporarily gained access to a database containing customer emails following a surge in phishing emails sent to its users. The company, which has about 200 million users, said the emails imitated the DocuSign brand to trick recipients into opening a Microsoft Word document containing malicious software. The breach comes amid heightened …

The post DocuSign says hackers accessed customer email database appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures