WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of information that will be shared under the incoming terms. The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user…

Read More

Authorities Take Down World’s Largest Illegal Dark Web Marketplace

Europol on Tuesday said it shut down DarkMarket, the world’s largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.’s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, with over 320,000 transactions resulting in the transfer of more than 4,650 bitcoin and 12,800 monero — a sum total of €140 million ($170 million). The illegal internet market specialized…

Read More

What Is DNS Foorprinting?

What Is DNS Foorprinting? – Attackers can gather DNS information to determine key hosts in the network and can perform social engineering attacks. What Is DNS Foorprinting? Extracting DNS Information DNS footprinting, namely Domain Name System footprinting, reveals information about DNS zone data. DNS zone data include DNS domain names, computer names, IP addresses, and much more about a particular network. An attacker uses DNS information to determine key hosts in the network, and then performs social engineering attacks to gather even more information. DNS footprinting helps in determining following…

Read More

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents claimed to be a curriculum vitae and…

Read More

Experts Uncover Malware Attacks Against Colombian Government and Companies

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities to an APT group targeting the country since at least April 2018, but also different in other ways. The overlaps come in the form of phishing emails, which have similar topics and pretend to come…

Read More

What is Who is Lookup?

What is Who is Lookup? – Gathering network-related information such as “Whois” information about the target organization is important when planning a hack. in this section, we will discuss whois footprinting. Whois foorprinting focuses on how to perform a Whois lookup, analyzing the Whois lookup results, and the tools used to gather Whois information. What is Who is Lookup? Whois Lookup Whois is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP…

Read More

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages. The vendor, who goes by the name of “Triangulum” in a number of darknet forums, is alleged to be a 25-year-old man of Indian origin, with the individual opening up shop to sell the malware…

Read More

WhatsApp Will Disable Your Account If You Don’t Agree Sharing Data With Facebook

“Respect for your privacy is coded into our DNA,” opens WhatsApp’s privacy policy. “Since we started WhatsApp, we’ve aspired to build our Services with a set of strong privacy principles in mind.” But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that’s expected to go into effect next month. The “key updates” concern how it processes user data, “how businesses can use…

Read More

Competitive Intelligence Gathering

Competitive Intelligence Gathering – Competitive Intelligence gathering is the process of identifying, gathering, analyzing, verifying and using information about your competitores from resources such as the Internet. Competitive Intelligence is non-interfering and subtle in nature. Competitive Intelligence Gathering It is non-interfering and subtle in nature compared to the direct intellectual property theft carried out through hacking or industrial espionage. It cocentrates on the external business enviorment. In this method, professionals gather information ethically and legally instead of gathering it secretly. Competitive intelligence helps in determining: What the competitors are doing.…

Read More

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (tracked as CVE-2021-3011) allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim’s account from a FIDO Universal 2nd Factor (U2F) device like Google…

Read More