Connect with us

Tech

Companies prepare for more ransomware attacks on Monday

Published

on

ransomware-attacks

London, May 15: Companies around the globe are preparing for an imminent cyber attack as the offices re-open on Monday, media reports said.

Cyber security experts predict that the scope of the attack could expand as people return to work and resume their work on computers, CNN reported on Monday.

Though a British security researcher “MalwareTech” managed to stop the spread of the virus, hackers have issued new versions that cybersecurity organisations are trying to counter.

“We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode,” the report quoted Europol Director Rob Wainwright as saying.

“MalwareTech” has predicted “another one coming… quite likely on Monday”, the BBC reported on Sunday.

The biggest ever ransomware attacks that started on Friday have wrecked havoc across globe, crippling computers and demanding hundreds of dollars from the users before they could regain control.

After taking computers over, the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.

The number of ransomware-affected cases is still rising.

Europol has been analysing the virus and is yet to identify the hacking group behind the massive attacks.

MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.

“We have stopped this one, but there will be another one coming and it will not be stoppable by us,” the 22-year-old said.

“So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning.”

He also warned hackers could upgrade the virus to remove the “kill switch” that helped to stop it.

“Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch as soon as possible,” he tweeted.

Investigators are working to track down those responsible for the ransomware used on Friday, known as Wanna Decryptor or WannaCry.

The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency.

IANS

Tech

Truecaller hits 100mn daily active users globally

Published

on

TRUECALLER

New Delhi, April 19: Popular communication app Truecaller on Thursday announced that in less than a year, the app has leapfrogged from 100 million monthly active users (MAUs) to 100 million daily active users (DAUs) globally.

“There are only a handful of mobile-only services that impact as many users each and every day and we are humbled to be able to join this exclusive group,” Alan Mamedi, CEO and Co-founder of Truecaller wrote in a blog post.

From simple beginnings as a Caller ID and spam blocking app, Truecaller has now become a full-fledged communications platform with calling, SMS, Flash Messages and payment services.

“We could never have predicted that Truecaller would become a resource for women’s safety in many countries; or that it would be used for e-commerce and courier services around the globe to facilitate the difficult last mile of delivery, or allow more people to experience a data-only product in offline mode,” Mamedi added.

In January, the Stockholm-headquartered Truecaller launched “Truecaller Backup” feature for Android devices which allows users to backup and restore their contacts, call history, block list and settings to Google Drive.

“‘Truecaller Backup’ has been one of the most requested features by its users and will simplify a user’s transition to a new phone or SIM card by securely backing-up their contacts and settings and stored on your Google Drive,” the company said.

The “Airtel Truecaller ID” service now has over one million paying subscribers across India.

With this subscription-based service, all feature phone users with Airtel mobile service can use “Airtel Truecaller ID” to see who’s calling.

IANS

Continue Reading

Tech

Third-parties abusing ‘Facebook Login’ to steal users’ data: Report

Published

on

facebook

San Francisco, April 19: Several third-party trackers are abusing Facebook Login, exfiltrating users’ data including name, email address, age range, gender, locale and profile photo, a new security research report has claimed.

The unintended exposure of Facebook data to third party JavaScript trackers is not owing to a bug in Facebook’s Login feature.

“Rather, it is due to the lack of security boundaries between the first-party and third-party scripts in today’s web,” said the report prepared by Steven Englehardt, Gunes Acar and Arvind Narayanan, researchers at Freedom to Tinker — a digital initiative by Princeton University’s Center for Information Technology Policy.

“We report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs,” the trio wrote.

Meanwhile, Facebook told the technology website Tech Crunch that they were investigating into the security research report.

The researchers found two types of vulnerabilities: Seven third parties abusing websites’ access to Facebook user data and one third party using its own Facebook “application” to track users around the web.

British political consultancy firm Cambridge Analytica was found misusing users’ data collected by a Facebook quiz app which used the “Login with Facebook” feature.

“We’ve uncovered an additional risk: when a user grants a website access to their social media profile, they are not only trusting that website but also third parties embedded on that site,” the report noted.

The researchers found seven scripts collecting Facebook user data using the first party’s Facebook access.

“These scripts are embedded on a total of 434 of the top 1 million sites, including fiverr.com, bhphotovideo.com, and mongodb.com,” they wrote.

The user ID collected through the Facebook API is specific to the website (or the “application” in Facebook’s terminology), which would limit the potential for cross-site tracking.

“But these app-scoped user IDs can be used to retrieve the global Facebook ID, user’s profile photo, and other public profile information, which can be used to identify and track users across websites and devices,” the researchers warned.

“While we can’t say how these trackers use the information they collect, we can examine their marketing material to understand how it may be used,” they noted.

OnAudience, Tealium AudienceStream, Lytics, and ProPS all offer some form of “customer data platform”, which collect data to help publishers to better monetise their users.

Forter offers “identity-based fraud prevention” for e-commerce sites while Augur offers cross-device tracking and consumer recognition services.

Hidden third-party trackers can also use “Facebook Login to deanonymise users for targeted advertising”.

“This is a privacy violation, as it is unexpected and users are unaware of it,” the researchers said.

There are steps Facebook and other social login providers can still take to prevent abuse.

“API use can be audited to review how, where, and which parties are accessing social login data. Facebook could also disallow the lookup of profile picture and global Facebook IDs by app-scoped user IDs,” the report emphasised.

“It might also be the right time to make Anonymous Login with Facebook available following its announcement four years ago,” the researchers added.

IANS

Continue Reading

Tech

Reliance Jio tops 4G availability, Airtel scores best speed: Report

Published

on

New Delhi, April 18: Reliance Jio pipped its rivals in 4G availability and the mobile network operator was able to provide an LTE signal to testers more than 95 percent of the time in every single region in India, a new report said on Wednesday.

With a download speed of 6 Mbps, Airtel emerged as the clear leader in OpenSignal’s speed metrics across 4G providers in the country.

London-based OpenSignal, which specialises in crowdsourced wireless coverage mapping all over the world, said that Jio won its national 4G availability award by at least 27 percentage points.

“Our testers were able to find an LTE signal on Jio’s network 96.4 per cent of the time in our latest test period, up from 95.6 per cent in our October report,” the report said.

“Jio remained the closest contender in overall speed due to its high level of 4G access. It was able to deliver typical everyday download speeds of 5.1 Mbps in our tests, compared to Airtel’s 6 Mbps,” it added.

Vodafone had the fastest mobile data connection response times and it got both 3G and 4G latency awards with the lowest ping scores.

Lower latency means web pages load faster and consumers experience less lag time when using real-time communication apps like video chat.

On the regional level, Vodafone and Idea made their mark in several circles.

“Our results show Idea had the fastest 4G connections across Uttar Pradesh. Vodafone took our 4G speed awards in Gujarat and Tamil Nadu. Both were also tied for first place in speed in several other regions,” the report showed.

While India is making big strides in 4G availability, the same thing can’t be said about 4G speed.

“Even the best LTE speed score in India was well below the global 4G download average of 16.9 Mbps recorded in our ‘State of LTE’ report,” OpenSignal said.

In the “State of LTE” report, India moved into the 85th percentile in LTE availability where it joined high-performing 4G countries like Sweden, Taiwan and Australia.

IANS

Continue Reading
Advertisement

Most Popular