Truecaller is used to identifying unknown callers and also provide options to red-flags spammers. The app was developed by True Software Scandinavia AB, a private company in Stockholm, Sweden.
Recently it was observed by Cyble’s researcher that unprotected Amazon S3 buckets contain data from major websites.
Truecaller Data Breach
Today it was identified that an anonymous individual selling 47.5 Million users personal data associated with caller ID app Truecaller on the dark web.
Cyble noted that data contains information categorized as a state, cities, telecom carriers, and personal data.
A dark web ad published states that 47.5 Million Indians Truecaller records are up for sales and it costs only $1000. The data found to be from 2019.
“We were also taken off by surprise with such a low price point (in our opinion)”, reads Cyble blog post.
Researchers able to validate the data, “As part of our preliminary analysis, we noticed that the information was quite well organized such by state, cities, and carrier.”
The threat actor has organized the data in the following way
The data has “over 47.5 million records, and it includes interesting information such as Phone Number, Carrier, Name, Gender, City, Email, Facebook ID, and others.”
If you are a Truecaller you might have a thing to worry about as the personal information has been exposed. Threat actors may use personal details to launch sophisticated attacks targeting individuals.
“It’s easy for bad actors to compile multiple phone number databases and put a Truecaller stamp on it. By doing that, it lends some credibility to the data and makes it easier for them to sell. We urge the public and users not to fall prey to such bad actors whose primary motive is to swindle the people of their money,” said Truecaller spokesperson said.
In 2019, TrueCaller fixed a Flaw Let Hackers Access User Data, System and Location Information.
Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
CVE-2020-1425 could allow attackers to obtain information to further compromise the user’s system, and CVE-2020-1457 would allow them to execute arbitrary code, all by tricking users into opening an image file.
“To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image file, like a JPG or TIFF or PNG, and convince the targeted victim to open the file. Data hidden within the image would then be processed by the image rendering program, executing arbitrary code on the endpoint. This code could be used to install a backdoor, allowing an attacker to modify user credentials, execute more code, or navigate laterally through the corporate network,” Richard Melick, Senior Technical Product Manager, Automox, explained.
The vulnerabilities were discovered by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative and they are not being actively exploited in the wild.
What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
Affected customers also didn’t have to do anything to receive the update, as they were automatically updated by (the consumer) Microsoft Store. Enterprise customers using Store for Business received the update in the same manner.
Microsoft has noted, though, that users who have turned off automatic updating for Microsoft Store apps should check for them with the Microsoft Store App or risk going without them.
What is Malware?
It is everywhere, and there is a consensus that we need to be vigilant to defend ourselves from it. Anybody who has ever used a computer has heard the term “malware.” But what’s the definition of malware? What’s that, and why are people afraid of it?
When it comes to malware description, the first thing you need to know is that it’s software, much like any other program on your computer. However, it is intended to inhibit, damage or disable your computer system without your knowledge. It’s malicious software, so it’s the term.
Malware attacks are still growing today. They have become more frequent, and the definition of malware has become more sophisticated. The detection and resolution of these issues have become more and more complicated as time goes on. There seems to be two new malware out there with every new defence. And if you go into your device, your computer can steal property data and cause severe damage before it is even detected.
Defending against attacks on malware
Now that you know the definition of malware, the next stage is to protect yourself from it. This is particularly true of organizations such as schools and businesses where these programs can steal sensitive information. The first thing to do is to warn people about possible threats and vulnerabilities. Everyone should take a proactive approach to defend ourself against these threats.
Everybody will immediately install security updates and patches from known sources when available. These updates provide you with more ways to identify new malware definitions and threats. Updating is particularly important in programs that are commonly used.
Avoid Suspicious Websites
Websites without security protocols are the breeding grounds for malware. Try to avoid these sites as much as you can. Malware definition shows that your computer may become infected immediately upon entering such websites.
Avoid and Report Suspicious Emails
When receiving emails from unknown sources, do not click on any attachment, file, or link that is in it. They might contain malware. Instead, report this to your IT staff so that they can adequately investigate whether this is a secure email or an attempted attack.
If you accidentally click on a link or file, report it to your IT or security personnel immediately so that they can track, analyze and attempt to mitigate the attack.
Using the firewall
Computer networks will also have firewalls that build a barrier against attacks like this. Make sure yours is always turned on so that you have a safety blanket.
Use Anti-virus/Anti-malware software.
If there are malicious programs, there are also anti-malicious ones. These are designed to identify and protect any malware definitions. It scans all your files to detect and resolve them, especially areas that are most commonly infected. These programs also help to prevent malicious attacks on your computer.
Limit application privileges
When malware successfully enters your computer, it needs full access to run correctly. With that malware definition in mind, what you can do is use account controls to limit what programs can do without your permission. This will notify you whenever an application attempts to make changes to your computer, and you can stop it right then and there.
By following these simple practices with your knowledge of malware definition, you and your staff can help mitigate the risk of malware infection. This should become a habit for everyone, so it is recommended that these practices be applied to every user on the network. The organization can only be safe from cyber-attacks by creating a layered defence.
Costliest Ransomware Attacks of 2020
According to a research conducted by Cybersecurity firm Emsisoft, businesses around the world which became victims of ransomware attacks reportedly spent at least $144.2 million on mitigating the repercussions of the attack and this includes network rebuilding costs, investigation expenses and backed up data restoration.
And some of the costliest ransomware attacks which took place in 2020 are lined up below-
ISS World, a demark based company announced in March this year that the ransomware attack that impacted its email servers in February 2020 leaving hundreds of employees without access to their systems and email had cost it $74 million which includes regaining control of the affected IT systems and re-launching critical business systems.
Cognizant ransomware attack that occurred in April 2020 is said to have cost the company anything between $50 million to $73 million and this includes the legal and consultation costs, data recovery costs along with the financial loss expected to be reflected in the earnings of the second quarter in 2020.
The February 8th, 2020 ransomware attack that took place on UK’s Redcar and Cleveland Council is said to have disrupted the company’s network, tablets, computers, and mobile devices for 3 full weeks. In March 2020, the council released a press statement that it could take months for the recovery and might cost it anywhere between $14 million to $21 million.
On the 2020 New Years’ Eve, renowned money exchange firm Travelex stated that a file-encrypting malware attack has shut its internal networks, website, and few of the apps for several weeks. And in April this year, The Wall Street Journal stated that it paid $2.3 million in the form of 285 BTC to hackers to free up its locked data.
The ransomware attack that was launched at the University of California San Francisco (UCSF) is said to have impacted students who were trying to access the servers storing research and academia related information of the School of Medicine. While the hackers demanded $3 million in BTC, the authorities negotiated it and paid the cyber crooks $1.14 million approx in exchange for the decryption key.
A phishing attack launched on the network of the California based firm Communications & Power Industries (CPI) is said to have locked the data storing servers from access. And authorities of the said company reportedly paid $500,000 to obtain a decryption key that was used to unlock the data stored on the servers- mostly related to US Military and Aegis, a company related to Lockheed Martin.
On Feb 23rd of this year, La Salle County government servers were infected by a file-encrypting malware disrupting the access to email accounts and access to sensitive documents. As the authorities did not want to bow down to the ransom demands of hackers, they chose to recover data by other means and is expected to cost more than $500,000. However, the good news is that the county was covered by a cyber insurance policy and so most of the costs- say 85%- are expected to be paid by the insurance company.
Grubman Shire Meiselas & Sacks which offers legal consultation services to some of the reputed celebrities around the world were infected by file-encrypting malware developed by the REvil also known as Sodinokibi ransomware group which stole around 765GB of data and threatened the company to sell it online. After the firm decided to pay $365,000 to receive the stolen documents the hackers started to demand $42 million to free up the data. From then on the company kept silent on what it has paid or will pay giving raise to several media speculations.
In a ransomware attack that took place on January 22nd of 2020, Tillamook County witnessed the disruption of its email network, websites, and phone systems along with 280 county’s workstations. Since the recovery costs were well going over the demanded sum of $300,000, the county officials chose to pay the ransom to REvil ransomware group that was behind the incident.
On May 6th of 2020, a ransomware gang targeted the windows 10 servers at Florence, Ala prompting the mayor to pay $291,000 in BTC after several negotiations.
As San Miguel County of New Mexico was targeted by a ransomware group on February 6th of 2020, the authorities were forced to pay $250,000 in BTC for the recovery of data.
Ripple Price Analysis: Things Looking Grim for XRP as Bears Attempt To Push Below 1900 SAT
Tesla Stock Surpasses $1,200 — Now 30% Higher Than Bitcoin Market Cap
Fundamentally Strong: Bitcoin Hit These Highs Today Despite Stagnant Price Action
The No. 1-ranked tech analyst on Wall Street says these 6 stocks have potential for huge gains as they transform the sector
China warns the UK it will take ‘corresponding measures’ to stop millions of Hong Kong citizens taking refuge in Britain
Litecoin Price Analysis: Holding Above 36.8 Level That Can Hold
Blockchain Explorer to Educate Users With a Bitcoin Transaction Privacy Score
A 22-year market vet explains why stocks are headed for a ‘massive reset’ as the economy struggles to recover from COVID-19 — and outlines why that will put mega-cap tech companies in serious danger
PyTorch Multi-GPU Metrics Library and More in New PyTorch Lightning Release
The On-Chain Case for an Imminent Bitcoin Bull Market Just Gained Strength
Russia’s Blockchain Voting System Let Users Decrypt Results Before Count
Bitcoin and Ether Market Update July 2, 2020
3 snippets to begin your day: Bitcoin’s been busy, another crypto-ETP and more
Priveq closes SEK2.5bn Fund VI launched amid worst of coronavirus
GTA Online Is Bigger Than Ever, Let’s Review it in 2020
Evening Reading – July 1, 2020
Angelo Gordon surges to $1.5bn hard cap for third Europe RE fund, almost double size of Fund II
Cardano, IOTA, Dash Price Analysis: 02 July
U.S. Authorities Point Searchlight into Crypto’s Role in Trafficking
Analyst Expects Bitcoin Above $9.5K in Near-Term as Risk-On Sentiment Improves
Panavise Speedwheel #3DThursday #3DPrinting
Former NBA Star John Salley Joins Insurance Pro Daron Phillips To Offer Cannabis Coverage
Kennet Partners raises €223m for biggest ever fund in tie-up with Edmond de Rothschild
CA Media Report: Border Patrol Seizing Cash and Cannabis From Legal California Operators
Congressman Cohen Wishes To Investigate and Consider the Impeachment of Attorney General William P. Barr Includes Reference To “pretextual antitrust investigations against industries he disfavors”
One in six jobs to go as BBC cuts 450 staff from regional programmes
Spinwheel – fidget toy #3DThursday #3DPrinting
Tube Cutter with Peephole easy fit #3DThursday #3DPrinting
Is THC Most Important in Good Weed?
Mudslide at Myanmar jade mine kills more than 100 people
Blockchain Exec Says Decentralized Platforms Won’t Necessarily Replace YouTube
Binomo Is The Partner to Trust in Online Trading
Tracking the path of the coronavirus in the U.S. is going to get more difficult, strategist says
Companies around Europe preparing for a recession, Intrum CEO says
Backcast Partners passes $775m of assets under management thanks to debut private credit fund close
Sri Lanka Central Bank Selects Shortlist for Blockchain Proof-of-Concept
Samsung is selling a wireless charger that also sterilizes your phone
Bitcoin to reach ‘$14,000 much faster than people expect’
Bitcoin Fails at $9,300 as DeFi Altcoins Surge: Thursday’s Price Watch
Almost 70% Don’t Ever See Gold Price Flipping Bitcoin Price
New York Times1 week ago
Gen Z Will Not Save Us
Gaming1 week ago
All safe codes – The Last of Us Part 2
BBC1 week ago
Ron Jeremy: Adult star charged with rape and sexual assault
Gaming1 week ago
The Last of Us Part 2 voice actors and cast
New York Times1 week ago
The Boy Who Cried Fake News
Gaming1 week ago
Valorant update 1.02 Patch notes add ranked mode and surrender option
Blockchain1 week ago
New Class of Crypto Assets Will Outshine Bitcoin (BTC) in Next Crypto Craze, Says Polyient Games Executive
Quantum1 week ago
Optimal Detection of Rotations about Unknown Axes by Coherent and Anticoherent States