One the face of it, it sounded like a good idea.
A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.
That was the idea behind the free Aspire News App, launched some years ago by When Georgia Smiled, a US non-profit founded by Robin McGraw and her husband US TV star “Dr Phil” to help victims of domestic violence and sexual assault.
To be honest, that still sounds like a good idea to me – if the app is coded well, and if any data it collects is properly secured.
But what isn’t a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Services (AWS) S3 bucket, allowing anyone with internet access to download them and listen if they so wish.
According to security researchers at VPN Mentor, who found the exposed data, over 4,000 voice recordings of emergency messages left by victims of domestic violence were available to access – no password required.
Some of the 230MB worth of recordings included personally identifiable information such as names, home addresses, as well as the identities of violent abusers.
Transcripts of just two of the recordings that were exposed reveal the seriousness of the situation:
“[Full Name] is threatening or hurting me. Please send help now. [Full address]”
“Please call the police right away and have them come to [Full Address]. I am in great danger. I need you to send the police right away, please…”
Potentially, if the information fell into the wrong hands it could not only expose people who did not want the data revealed at the risk of extortion, but it could also put victims in greater physical danger if their abuser found out.
The researchers attempted to reach out to When Georgia Smiled and the Dr. Phil Foundation to get the serious data breach fixed last Wednesday, but ultimately it took the involvement of AWS itself to get the unsecured web bucket shut down.
So, that’s a happy end to the story, right?
Well, perhaps not.
You see, a security failure like this could lead to victims of domestic abuse losing confidence in Aspire News App. If they do not feel safe any longer using the app, they may find it harder to escape abusive relationships safely.
That clearly wasn’t what Dr Phil and his wife Robin McGraw wanted – the Aspire News app was supposed to help people escape dangerous situations, not make it even harder to find a way out.
Huawei ban might see Phone Signal Blackouts across UK
If British Prime Minister Boris Johnson takes a U-Turn from allowing Chinese telecom firm Huawei in building a 5G network in UK, then almost all phone users living across Britain might witness a phone signal blackout for 2-5 days says Howard Watson, the Chief Technology and Information Officer for BT Group Plc.
It’s already a known fact that from the past two weeks there has been extreme pressure on Britain from Trump Administration to impose a ban on Huawei’s business in the region citing espionage, data steal, and national security concerns.
Therefore, the British Telecom Chief says that any tightening of restrictions on the Chinese vendor will lead to disruptions, higher prices for customers and delay in establishing 5G services in the region.
UK is not in a position to turn nations like US into adversaries by disobeying their sanctions on Huawei as they found the equipment to be unreliable and insecure.
Shutting down doors in next threats years is like inviting trouble as it might lead to disruptions in phone signals as the officials need to switch off the entire network for two days or more says Mr. Watson.
In January 2020, Britain proposed the usage cap to the use of Huawei equipment not over 35% by 2023.
And if, UK tightens the current guidelines, we need to spend hugely to build the infrastructure from zero which might invite constraints related to budget and spending.
Experts say that such decisions need at least 5 years time to be implemented without troubles as removing Huawei kits from the phone signaling pole masts within 2 years is like inviting a blackout of phone signals for 2 or more days- as the disruption time frame strictly depends on how deep the network has to be dug out to favor.
Data Breach on Clubillion Gambling app puts millions of users to risk
A popular gaming app titled Clubillion is in news for putting millions of users to risk due to a massive data leak. According to a research carried out by vpnMentor, the sensitive data related to Clubillion Gambling app built on the Elasticsearch Engine of AWS database was leaked because of a technical glitch throwing details like names, winning track, IP addresses, private messages in account, phone numbers and email IDs open to be accessed by hackers.
So, the security researchers of vpnMentor say that the exposed data could put all the users of the gaming app vulnerable to banking frauds and various cyber attacks such as phishing.
Technically, Clubillion is a free to play casino game dedicated to Android and iOS users where the gamers can avail free 30+ slots for free to try their luck.
It’s now revealed in the research that all the gaming related data hosted on Amazon Web Services was left exposed from the past few weeks to hackers because of a technical glitch. All the log action like when an individual player entered the game, won it, lose updated the account, created account was available to be accessed by anyone on the cloud platform.
It is estimated, that the database exposed over 200 million records daily, meaning around 50GB data was available to be accessed by hackers with no authentication.
According to sources reporting to Cybersecurity Insiders, players of Clubillion are located across the globe like in countries such as USA, UK, France, Israel, Germany, Spain, Italy, Netherlands, Australia, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Thailand, Austria, Hungry, Latvia, Canada, Brazil, Sweden and Russia.
Clubillion Data Breach could spell deep trouble to the future of the gaming app as it can lead to loss of trust among players, force EU’s data watchdog to reprimand it for breaking GDPR rules and make Google Play and Apple Store remove it from their respective platforms as it has failed to protect its user data securely.
Honeywell Says USB-Borne Malware That Can Cause Major ICS Disruption Are Significantly Increasing
Honeywell reports it’s seen a large rise in USB-borne malware over the past year, which can threaten industrial control systems (ICS).
This week Honeywell Industrial Cybersecurity released its USB Threat Report for 2020. The report is based on data collected by the company’s Secure Media Exchange (SMX) USB security platform from oil and gas, energy, chemicals , food, shipping, construction, aerospace, pulp and paper, and manufacturing companies across 60 countries across the Americas, Europe , and Asia over a 12 month period.
An analysis of the data showed that at least one threat was blocked by SMX at 45% of industrial sites using the product, up from 44% in the previous report published by the company in 2018.
While only 11 percent of the malware found on USB drives was specifically designed to target industrial systems — this represents a slight drop from the 14 percent identified in 2018 — 59 percent of the detected threats could cause significant disruption to industrial systems, compared to only 26 percent in 2018. On the other hand, the 11 percent becomes 28 percent if consideration is also given to ransomware, which has increasingly targeted operational technology (OT) systems.
These pieces of malware can launch DoS attacks, cause the operations management networks to lose sight and harm or interrupt key properties, says Honeywell.
Compared to 2018 , the company has seen an increase in the percentage of trojans , worms, rootkits and viruses, and a drop in potentially unwanted applications (PUA), non-targeted bots, spyware , adware and hacking instruments. Other commercial security solutions did not detect five per cent of all threats, Honeywell claimed.
RATs, backdoors, and droppers were the most common threats observed by the company.
“This makes logical sense: a sound strategy for an attacker is to gain a foothold via USB in industrial environments where network access is difficult, and then establish remote access and download new malware,” the company said in its report. “In these otherwise elusive environments, while ransomware can be effective via USB, establishing a persistent backdoor with command and control, more coordinated attacks may be attempted.”
Union green lights third PSA vans shift at Luton
The Invisible Hours Brings Its VR Murder Mystery Drama To Quest ‘Soon’
Bernhard Maier steps down as Skoda boss
China Warns Spread of An ‘Unknown Pneumonia’ Deadlier Than COVID-19
Life Sciences Fund Launches with €76M to Invest in Nordic Biotech
Caasta launches new ‘subscribe and drive’ mobility solution
Three Toyota GB dealers among Europe’s Ichiban Awards-winning elite
Bitcoin Dropped To $9,050 Following Stock Market Tumble: Friday Price Watch
Bitfinex to Face New York Courts Over Missing $850 Million in Cryptocurrency Funds
Toyota, Mitsubishi may miss Philippine production incentive targets
Ford hits Mexico engine supply problems
BMW and Mini introduce online new car stock finder
Peter Cooper Motor Group expands into Dorset with Think Cars acquisition
The cars that are cheaper on finance revealed by WhatCar?
Liquid metal synthesis for better piezoelectrics: Atomically-thin tin-monosulfide
Freyr secures US$14m lithium-ion financing
Accomplice in Alleged $722M Bitcoin Ponzi Scheme Pleads Guilty to Charges
5 Questions With Flower By Edie Parker: ‘Cannabis For The Cool Kids’
EDAG and Hexagon Purus team on hybrid storage
NY Court Rejects Bitfinex and Tether Appeal For Ongoing Dispute
5 Crypto and Blockchain Superstitions That Need Debunking
Brave Software and NYIAX Announce Partnership Utilizing Blockchain
Market Analysis Report (10 Jul 2020)
Fintech Firm Rapyd Launches Local Payment Solution in Mexico
ETH Price Rally From Yesterday Has Peter Brandt Predicting New Altseason
Interview: CEO Jay Hao on OKEx DeFi Plans and COMP Token Listing
BitClub Programmer Pleads Guilty for $722 Million Crypto Fraud
Ethereum and EOSIO Square Up Over Enterprise Blockchain Business in Latin America
Minecraft Gear VR Support To End In October, No More Multiplayer & Realms
Bitfinex Lists Dogecoin After TikTok Fad Sends DOGE Price Over $0.005
Tether Blacklists 39 ETH Addresses Worth Over $46 Million
CCC: Marijuana tax structure not worth disrupting
Ethereum users still waiting for ETH 2.0. But for how long?
Technicals Suggest Ethereum Must Stay Above $230 For Hopes of a Fresh Rally
Iranian government plans to tighten the crypto mining regulations.
DigiByte Holds Complete Support; Faces Strong Resistance at $0.0250
$147 million Bitcoin scammer still missing, CFTC plans to proceed case without him
Hearthstone 17.6 update nerfs Galakrond Rogue and Demon Hunter
Bitfinex, Tether to Face Trial for Allegedly Hiding Lost Funds
TISE Reports Record-Breaking First Half Despite Covid-19 Crisis
Business Insider6 days ago
A 17-year-old entrepreneur made nearly $500,000 reselling sneakers during a quarantine. Here’s a look inside his pandemic-proof business model.
Automotive1 week ago
Variables Complicate Safety-Critical Device Verification
Gaming1 week ago
Fortnite Floating Rings Locations: Where To Collect Rings At Lazy Lake
Gaming1 week ago
Popular gamer Byron ‘Reckful’ Bernstein dead at 31, hours after proposing on Twitter
Gaming1 week ago
Nier Creator’s New Game SinoAlice Is Out Now
Biotechnology1 week ago
Researchers Find A Newer Dominant Variant of COVID-19-Causing Virus
Gaming1 week ago
EVO Online canceled & Mr. Wizard to leave company amid sexual misconduct allegations
Start Ups5 days ago
Elon Musk tweeted a meme of “7 Things Every Kid Needs to Hear”