Private

now browsing by tag

 
 

In Kupwara, private school teacher detained under PSA | #teacher | #children | #kids | #parenting | #parenting | #kids

Photograph by Vikar Syed for The Kashmir Walla A private school teacher and a former activist of banned outfit Jamaat-e-Islami J-K from north Kashmir’s Kupwara district was booked under Public […] View full post on National Cyber Security

#cybersecurity | #infosec | Webex flaw allowed anyone to join private online meetings

Source: National Cyber Security – Produced By Gregory Evans Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password. The vulnerability, which was rated as high severity by Cisco in a […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Police in states across India are relying on private firms and consultants to solve cybercrime cases

Source: National Cyber Security – Produced By Gregory Evans Cyber forensics firms, such as Volon and AVS Labs, are increasingly being asked to crack cases of cybercrime, even as law enforcers build their own teams of cyber intelligence experts. Take this recent instance. A businessman was accused of deceit in a deal, and a court […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK

Source: National Cyber Security – Produced By Gregory Evans

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.

CNBC says that amongst the offending Android apps are the photo-editing tools Giant Square and Photofy. Presently there is no indication that iOS users are affected by the issue.

According to an advisory published by Twitter, data extracted from accounts via the use of the oneAudience SDK (which it describes as “malicious”) in a smartphone app could be used to take control of a Twitter account, although it has seen no evidence that this has occurred.

Twitter was keen to emphasise that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” and says it will be notifying users of the Twitter for Android app who may have been affected.

Furthermore, Twitter says it has “informed Google and Apple about the malicious SDK so they can take further action if needed.” I presume what they mean by that is that so Google and Apple can kick any offending apps out of their respective app stores.

In response, oneAudience has issued a statement claiming the “data was never intended to be collected, never added to [its] database and never used.”

According to the company, it “proactively” updated its SDK in mid-November so user data could not be collected, and asked developer partners to update to the new version. However, it has now announced it is shutting down the offending SDK.

Facebook meanwhile has issued a statement saying that it is taking action against not only the oneAudience SDK, but also an SDK from marketing company MobiBurn:

“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.”

“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

On its website, MobiBurn describes how it helps app developers generate revenue – not by placing more ads within an app, but through the “monetization of your applications’ valuable data in a safe and confidential way.”

However, in light of the revelations and action taken by Facebook and Twitter, MobiBurn says it has “stopped all its activities” until investigations are complete.

mobiburn statement

This is all very well and good, but what are users supposed to do to protect themselves?

When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.

All you can realistically do is exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK appeared first on National Cyber Security.

View full post on National Cyber Security

Facebook #secretly deleted #some of Mark Zuckerberg’s private #messages over fears the #company could be #hacked

Want to delete that embarrassing message you just sent? WhatsApp will let you, and so will Instagram — but if you’re using Facebook, then you’re out of luck.

Unless you’re Mark Zuckerberg, the CEO and cofounder of Facebook.

TechCrunch reported Thursday that some old messages sent by Zuckerberg and senior executives have disappeared from recipients’ Facebook Messenger inboxes, proven by the original email receipts sent at the time.

The company appeared to confirm the unique arrangement, telling TechCrunch the change was made in response to an uptick in hacking.

“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages,” the company said.

The Sony hack targeted the emails of Sony film executives, which revealed a side of Hollywood rarely seen by outsiders, and the decision to name the event as a catalyst for Facebook’s message purge indicates how troubling the incident was in Silicon Valley — and that Facebook was concerned about being hacked.

The company also raised the idea of a “retention period,” though there is no such thing for normal users. If a user long presses a private message on Facebook a “Delete Message” pop up confirms that the function will “delete your copy of the message,” and the recipients’ copy will remain.

Facebook-owned Instagram has long had the option to “unsend” direct messages, while Facebook-owned WhatsApp recently launched a deletion function where unread messages can be deleted “for everyone.” A message is then displayed to all participants that content has been deleted.

But Zuckerberg’s deleted messages didn’t leave behind any such message, probably because they had already been read, many years ago.

The messages were originally sent to former employees and people outside of Facebook. According to TechCrunch, the recipients of the now-deleted messages were not informed at any stage that correspondence they received had been erased.

Zuckerberg may be the CEO of Facebook, but it’s unclear how the decision to remove senior executives’ messages would be allowed under the company’s terms of service. The terms only allow Facebook to remove content if the company believes “that it violates this Statement or our policies” or for infringing copyright.

Deleting messages quietly, and selectively, also appears to fly in the face of Facebook’s campaign to “make the world more open and transparent.” Its own policies say that the company “should publicly make available information about its purpose, plans, policies, and operations.”

Facebook appears to have not followed these policies in this instance, and it raises questions about the recipient’s right to privacy.

The news comes just weeks after the Cambridge Analytica scandal which has seen Zuckerberg admit that tens of millions of users probably had their data scraped.

advertisement:

The post Facebook #secretly deleted #some of Mark Zuckerberg’s private #messages over fears the #company could be #hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Private #Equity Giants Buy #Cybersecurity #Firm for $400 #Million

Source: National Cyber Security News

The trend of private equity firms snapping up cybersecurity businesses continues.

BlackRock and Pamplona Capital Management have jointly acquired PhishMe, a cybersecurity company based in Leesburg, Va., in a deal that valued the firm at $400 million.

Pamplona has purchased a two-thirds stake in the business, while BlackRock has bought the remainder, a person familiar with the terms of the deal told Fortune.

In addition to the change in ownership, PhishMe on Monday rebranded itself as “Cofense.” The new name derives from a combination of “collaborative” (or “collective”) and “defense.”

Rohyt Belani, CEO and cofounder of the company now called Cofense, said the executive team decided to sell the business to allow “early investors to cash out, and for employees and common stock holders to partake in the spoils.” The company was last privately valued at roughly $200 million after its most recent fundraising round in July 2016, according to Pitchbook, a database that tracks venture capital deals.

The cybersecurity industry benefited from a flurry of VC activity as big data breaches made headlines over the past few years. A recent pullback in funding, however, has left a glut of companies struggling to find new means of financing.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Hackers threaten to send Android users’ private photos and messages to all their friends and family

Source: National Cyber Security – Produced By Gregory Evans

Thousands of Android users are being held to ransom by a new strain of malware known as LeakerLocker. The so-called ransomware is being used by hackers to extort victims by threatening to leak their personal information to all their contacts unless a ransom is paid. This information could potentially include…

The post Hackers threaten to send Android users’ private photos and messages to all their friends and family appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Private sector urged to focus on cyber security defense

Source: National Cyber Security – Produced By Gregory Evans

The private sector will come under increased focus to serve as the first line of defense for cyber security, a former general counsel for the U.S. National Security Agency said Wednesday. Rajesh De, now a partner at Mayer Brown’s Washington …

The post Private sector urged to focus on cyber security defense appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers take on private engineering college after student suicide

Source: National Cyber Security – Produced By Gregory Evans

Hackers take on private engineering college after student suicide

Soon after threatening the management of a Kerala-based engineering college, where a student killed himself earlier this month, hackers have taken down the college website. A group of hackers claiming to be part of the hacker collective Anonymous has released …

The post Hackers take on private engineering college after student suicide appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Private Companies Shouldn’t Be The Ones Crying ‘State-Sponsored Hack!’

defense-large

Source: National Cyber Security – Produced By Gregory Evans

Private Companies Shouldn’t Be The Ones Crying ‘State-Sponsored Hack!’

If the U.S. government doesn’t start officially attributing cyberattacks, it risks losing control of the narrative and evolving legal norms.
In the presidential debate last week, Hillary Clinton cited Russia’s responsibility for the hack of the Democratic National Committee (DNC).

The post Private Companies Shouldn’t Be The Ones Crying ‘State-Sponsored Hack!’ appeared first on National Cyber Security.

View full post on National Cyber Security