Connect with us
Cybersecurity 101 By Z6Mag Cybersecurity 101 By Z6Mag

Technology

Cybersecurity 101: What To Do If Your Data Is Involved In A Data Breach

Published

on

ad1

There is no way that one can downplay the gravity of the world’s data security problem. Day after day, reports of a new database from various companies are exposed online and is dominating most of our security-related conversations. Billions of people have been affected, and it’s most likely that your data has been exposed or compromised one way or another.

Of course, these data breaches vary in degrees. Some were spotted earlier than the other, allowing them to secure their database before someone used it for their criminal activities. Some, however, remains accessible until today, and it’s pretty much available for everyone to use. There are also data that are relatively harmless – like names, email address, breed-readiness, etc. However, there are also data that were very sensitive like nude images, phone recordings, credit card details, passwords, and social security numbers.

Protecting your data from being exposed is one way to ensure that your data will not end up in an unprotected database somewhere. But that only goes as far as it can. There are data that, no matter how much you protect them, can still fall in the hands of dangerous people.

Hence, it is indispensable to know what to do if in case your data becomes public. Here are a few things that you can do to mitigate the effects of a data leak:

WHAT TO DO IF YOUR DATA HAS BEEN LEAKED?

Read the news.

Making yourself aware of the recent data breaches will prepare you for the worst days to come. If you are updated with the recent cyber attacks, you can be able to plan out what to do in case your data is part of the database that has been exposed.

Furthermore, by being updated and aware of the recent data attacks, you will be alerted if the company or the app or the website that has your data was breached. In that case, you can immediately take action to protect yourself if in case someone uses your exposed data against you. Remember: knowledge is power.

Determine what kind of data is leaked.

As mentioned earlier, there is a varying intensity of the effects of data breaches. It is essential to know what kind of data was compromised so that you will know what steps to take to mitigate its possible effect on you. For starters, there are three primary intensities of data breaches:

  1. Least Sensitive Breaches – This kind of data breaches only exposed harmless data like your name and your email address. With this kind of breach, the worst that can happen to you is increased traffic in your spam folder.
  2. More Sensitive Breaches – This kind of breaches are more harmful as they usually include some sensitive information that you don’t want even your friends to know. Examples of these data are credit card numbers and date of birth. While a stolen credit card number may result in fraudulent charges, the cardholder will eventually be protected from the liability if this happened. On the other hand, the date of birth can be used to verify identity since it doesn’t change unlike address or phone numbers.
  3. Most Sensitive Breaches – This kind of breaches deal with confidential information of a person like your social security number. When criminal elements take hold of your social security number and your name, it becomes easy for them to impersonate you resulting in identity and financial theft.

Change all affected passwords.

If an online account has been compromised, it is necessary to change all affected passwords immediately. One tip is to make the new password stronger than the previous password. It is even more advisable to replace all account passwords in all the services you use to make sure. Avoid reusing passwords in other accounts; that way, you will be limiting the damage if in case a breach happens.

Contact relevant financial institutions.

Once your data is exposed and is way up there – especially your credit card information – contacting the card issuer immediately will protect you from fraudulent charges. Make sure that you personally appear to the institution or to talk to a human representative. Explain to them that your account is at risk of fraud and ask the card issuer to alert you if it detects suspicious activity. Most likely, the company will cancel the card and issue a new one straight away.

Contact credit-reporting bureaus.

By contacting credit-reporting bureaus and asking them to place a fraud alert on your name, you will be notified if in case someone impersonates you or steal your financial identity. For example, if someone decides to open a credit card account in your name, you will know. These alerts are free and can be renewed every 90 days, at least in the U.S.

In conclusion:

All of these tips are a few of the things to do for you to mitigate the effects of a data breach. The best thing to do, however, is prevention. /apr

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

An iOS jailbreak is publicly available after Apple accidentally unpatched a vulnerability

Published

on

Photo by Tyler Lastovich on Unsplash
ad1

A recently patched vulnerability in iOS has been unpatched accidentally in the newly available outbreak that leads to a jailbreak. After fixing a vulnerability in iOS 12.3 update, Apple, without realizing it, unpatched it in the iOS 12.4 update, the latest iOS update from the tech giant.

Because the vulnerability once again exists in the iOS, hackers, who discovered it over the weekend, were quick to design an iOS jailbreak base on the 12.4 updates.  Pwn20wnd, a known jailbreak creator, created a publicly available free jailbreak that works on devices running the latest version of iOS or any version of iOS below iOS 12.3. 

For those who are unfamiliar with what iOS jailbreaking is, it is the process by which hackers creates a privilege escalation on an Apple device which effectively removes software restrictions imposed by iOS. It is typically done using kernel patches in order to allow unauthorized and root installation of applications that are not available in the official Apple App Store. This time, the hacker was able to design a jailbreak by exploiting the supposedly patched vulnerability in iOS, which was unpatched by the new update.

Pwn20nd has posted the assets for the publicly available jailbreak codes in a Github forum with multiple updates since yesterday. As of the writing time, the latest update for the jailbreak code was posted five hours ago. While the assets can be accessed for free, the hacker is also asking for donations through his Paypal and Patreon accounts.

“Rebooting user space using launchd’s built-in feature which can be triggered by running launchctl reboot userspace (unc0ver’s launchctl binary lacks the entitlement that is needed to perform this operation, this will be fixed soon, but in the meantime, to perform your testing, you can simply resign /bin/launchctl with these entitlements (which are the entitlements that we are supposed to have) using ldid2 (not ldid because the kernel trust cache only accepts SHA256 signatures on iOS 11 and up) (Should be installed from the Elucubratus repository, the package is called Link Identity Editor) or jtool by Jonathan Levin from http://www.newosxbook.com/tools/jtool.html and inject it back to the trust cache using the trust cache injection tool that comes as default with unc0ver v2.0.0 or up, also available in the Elucubratus repository,” the hacker wrote on Github.

The jailbreak that the hacker created is interesting. Most jailbreaks codes are kept hidden so that Apple will find a hard time to fix and patch the problem; but this is the first time, for a while, that a publicly available jailbreak code has been released. The jailbreak codes were discovered when a user tried to reuse an old iOS 12.4 and found that the jailbreak has been reverted.

Jonathan Levin, a security researcher, said that the new accidental vulnerability could also potentially put iPhone users in a vulnerable position. He said that users could be vulnerable to “100+ day exploit,” referring to how long the bug has been around.

Another security researcher also said that the new accidental bug could also be exploited by threat actors smuggle spyware and other malicious codes to a target’s iPhone.

“Somebody could make a perfect spyware” taking advantage of Apple’s mistake. For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox–a mechanism that prevents apps from reaching data of other apps or the system–and steal user data. Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher,” said Ned Williamson from Google Project Zero.

Furthermore, because of the jailbreak is publicly available, many applications that are downloadable from the App Store could also smuggle the code into a target phone, Stefan Esser, a cybersecurity expert, explained in a Twitter post.

“I hope people are aware that with a public jailbreak being available for the latest iOS, 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it,” his tweet reads.

Many users have already confirmed that the new jailbreak code available in GitHub from Pwn20nd works and many devices has already been jailbroken by exploiting the accidental bug from iOS 12.4 update.

However, until now, Apple is yet to comment regarding the unpatched vulnerability and no explanation on why and how the reversal of the bug fixes happened. Nonetheless, Apple is most likely to fix the issue soon, now that that the hacker has publicly offered his jailbreak codes.

Continue Reading

Cybersecurity

Luscious leaked database with supposedly anonymous user data

Recent data breach target is a popular hentai porn site.

Published

on

Photo by Nikita Kachanovsky on Unsplash
ad1

More than 1.1 million users who expected anonymity from the popular hentai porn site, Luscious, have been victims of a data breach. The site unintentionally left a database unprotected that allowed anyone with access and potentially identify the members and users of the sites through their non-public email addresses.

Luscious is an adult site that caters mainly to a niche of people interested in hentai and manga pornography. The site focuses specifically on user-generated, mostly animated, pornographic content, and has become one of the most popular sites in the United States. According to the data from Alexa, the site ranks in the top 5,000 websites in the U.S.

A research team from vpnMentor, led by Noam Rotem and Ran Locar, discovered a data breach that compromises a supposedly anonymous data of users who has accounts in the Luscious site. Researchers claim that an unprotected database containing identifiable information of users have been available online for those who know how to look for one.

The unprotected database contained information that the site has promised not to disclose to anyone. What the researchers discovered appeared to be the site’s back-end database that includes more than 235,000 albums, 30,000 user blog posts, and 900 videos. Furthermore, the leaked database also contains details of the site’s 19.7 million photos.

The researchers revealed that each user in the site has had themselves a profile set up, which allow users to upload, share, comment on, and discuss content on Luscious. As a rule of thumb for pornographic websites and fora, all of these are understood to be hidden through usernames instead of the users’ sensitive credentials.

“The data breach our team discovered compromises this anonymity by potentially allowing hackers to access the personal details of users, including their personal email address. The highly sensitive and private nature of Luscious’ content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers,” said the researchers from vpnMentor.

The database was first discovered last August 15 and was later on disclosed to the company on August 16. However, the database was only closed down today.

Researchers and even journalists was not able to get an immediate response from the site administrator, whose email came first in the list of the exposed emails.

“The data breach gave our team access to 1.195 million user accounts on Luscious. All of these were compromised, revealing personal details of users with potentially devastating consequences,” the researchers added.

The information that was contained in the leaked database includes their usernames and email addresses. The researchers highlighted that at least 20% of the users had used faux email addresses, which indicates that some of them have taken extra steps to keep their identities hidden.

Aside from email addresses and usernames, the database also contained data like user activity logs, or the record of their signup and their most recent login, country of residence/location, as well as gender.

Because of the leaked database, the porn site essentially gave people the chance to access user activities within the website. It allowed the researcher to complete an overview of user activities and view things like:

  • The number of image albums they had created
  • Video uploads 
  • Comments 
  • Blog posts
  • Favorites
  • Followers and accounts followed
  • Their User ID number – so we can know if they’re active or have been banned

The information disclosed in the database is enough for people to create an accurate approximation of how a user is using Luscious.

“While some of this information is visible to other users, much of it was hidden in the website’s database. All of this combined information creates valuable insights into how people use Luscious,” the researchers said.

The researchers were also able to gain access to the things users are posting, including blog posts and content published on Luscious. This included the author’s details, along with the number of likes, when published, category, etc. They said that some of these disclosed blog posts were “extremely personal” and are meant by the users to be kept anonymous.

The researchers warn that the data contained in the leaked database is enough for a threat actor to launch a cyber attack to an unsuspecting victim, including doxing, phishing, and extortion. They encourage users to change their Luscious login to contain the breach immediately.

“We suggest you immediately change your Luscious account details, including your username, and associated email address. For adult-themed websites, or any other websites of a sensitive nature, always create a username completely unrelated to your personal email address or any other online account,” they said.

Continue Reading

Apps

Wireless Networks are throttling video streaming 24/7

All because of competition, and not due to internet congestion.

Published

on

Photo by Markus Spiske on Unsplash
ad1

U.S. wireless networks assert the need to throttle down internet speeds to avoid network congestion and make internet access well-distributed to all users. However, a recent study debunks this claims, saying that wireless carriers throttling internet speed is prevalent — and it’s not because of congestion.

Researchers from Northeastern University and the University of Massachusetts Amherst conducted more than 650,000 tests in the U.S. found out that internet service providers are throttling different services with a bias to other services — a violation of the basic tenet of net neutrality.

The researchers uncovered that from early 2018 to early 2019, AT&T Inc. throttled Netflix Inc. 70% of the time and Google’s YouTube service 74% of the time. Even if AT&T claims that this move is to make sure that there will be no network congestion, it appears that this claim is not the reason for throttling Netflix and Youtube, as researchers discovered that, at the same time, the wireless carrier did not touch the internet speed when people use the services of Amazon.com Inc.’s Prime Video at all.

Conversely, T-Mobile U.S. Inc. slowed down the internet speed for Amazon’s Prime Video at least 51% of the time without throttling Skype and Vimeo, the researchers said in a paper entitled “A Large-Scale Analysis of Deployed Traffic Differentiation Practices,” to be presented in an industry conference this month.

The researchers of the study, namely, Fangfan Li, Alan Mislove, and David Choffnes from Northeastern University, together with Arian Akhavan Niaki, and Phillipa Gill from University of Massachusetts Amherst, said that wireless companies are throttling internet speeds all the time, and the practice is very “pervasive.”

“They are doing it all the time, 24/7, and it’s not based on networks being overloaded,” said David Choffnes, associate professor at Northeastern University and one of the study’s authors.

The authors of the study denounce the claims made by wireless carriers that internet speed should be sacrificed to serve everyone. While it is true that slowing down internet speeds per user could ease congestion in the network, the researchers claimed that based on their results, carriers like Verizon Communications Inc., AT&T, and T-Mobile are doing it for a different reason.

Furthermore, the researchers raise how these practices violate the principle of net neutrality, where internet service providers should not discriminate based on user, app, or content — meaning, no matter what service a user is accessing on the internet, it should be treated equally, with similar internet speed allocation as other services.

“Net neutrality has been the subject of considerable public debate over the past decade. Despite the potential impact on content providers and users, there is currently a lack of tools or data for stakeholders to independently audit the net neutrality policies of network providers,” reads the study manuscript.

In the past, the FCC has attempted to safeguard net neutrality and has voted a regulation that would make sure that internet service providers will abide by the net neutrality principles. But, was later abolished by the Republican FCC after President Donald Trump was elected in 2016.

The study uncovered that wireless network providers are throttling internet speed with particular distinction in video streaming services. While different internet service providers throttle sites differently, there is a consensus that they are throttling, mostly video streaming services.

“We found that most throttling targets video streaming and that there is a wide range of throttling implementations detected in our dataset. In addition, we investigated the impact of throttling on video streaming resolution, finding that while throttling does limit video resolution, it is also the case that default settings in video streaming apps in some cases are the primary reason for low resolution,” the researchers said in the study.

But Choffnes said that these discrepancies they found could be a result of errors, as some carriers haven’t been able to detect and limit some video apps after they made technical tweaks.

“They may try to throttle all video to make things fair, but the internet providers can’t dictate how the content providers deliver their video,” Choffnes said. “Then you have certain content providers that get throttled and some that don’t,” he added.

Nonetheless, the researcher pointed out that net neutrality is an issue that should not be forgotten, and that is the reason why they are motivated to share their results publicly.

“‘It’s important to keep publishing the work,” Choffnes said. “It would be nice if this is not completely forgotten. At least when ‘there’s an appetite for legislation on this topic, we’ll have the data.”

Continue Reading

Trending