Taking too long? Close loading screen.
Connect with us

Tech

Pardon the Intrusion #29: Ransomware gang turns Robin Hood

Published

on

Subscribe to this bi-weekly newsletter here!

Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.

Mobile network operators have a wide leeway when it comes to what kinds of data they can collect when you use their service.

Despite this, Indian carrier Airtel kicked up a storm last week after it emerged that its privacy policy allowed it to collect users’ sensitive personal information, such as sexual orientation, genetic information, and political opinion, and share all of this with third-parties.

This is what was mentioned in the privacy policy:

Now here’s the problem: Most people don’t bother reading privacy policies and terms of service agreements. They are often long, complicated, and mired in obtuse legalese, as if deliberately designed to confuse users.

So by clicking “agree,” you’re consenting for your data to be traded for a service, without really understanding what exactly you’re signing up for. This also means the company has the right to collect, store, and process your data as quid pro quo for the service it offers.

Plus, it doesn’t help that India doesn’t have a comprehensive data protection law like GDPR, thereby making it easy for private companies to overstep their bounds with regards to data collection.

In response to the complaint, Airtel characterized the incident as a “clerical error”, but not before revising its privacy policy to state that it doesn’t hoover personal information relating to genetic data, religious or political beliefs, health, or sexual orientation. For now.

“The generic content of the definitions of what constitutes personal data as laid down by the IT Act are expansive, which had been inadvertently put on to our website,” the company said in a statement.

Privacy policies need to be simplified, and Apple is taking a big step to address this with its privacy label approach for third-party apps. But it’s still in its infancy and is limited to the iOS ecosystem.

Until then, make sure you take the time to read those privacy policies and terms of service agreements. Trust me, it’s worth all the hassle.

What’s trending in security?

The US, UK, Canada, Australia, New Zealand, India, and Japan make renewed calls for encryption backdoors, Microsoft and an alliance of cybersecurity companies took down TrickBot malware infratsructure, and Zoom officially gains support for end-to-end encryption in video calls.

  • Vietnamese state-sponsored hackers, aka “OceanLotus,” have been linked to a cyberespionage campaign that involved spying on dissidents for years. [BR24]
  • The US, UK, Canada, Australia, New Zealand, India, and Japan make fresh call for encryption backdoors citing “challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” [US Department of Justice]
  • The operators of “Darkside” ransomware, who have extorted millions of dollars from victims, donated $20,000 in Bitcoin to charities to “make the world a better place.” [BBC]
  • Microsoft and an alliance of cybersecurity companies disrupt 94% of TrickBot’s infrastructure, a week after orchestrating a global take down of the notorious malware. [Microsoft]
  • A Russian-speaking hacking group called “MontysThree” has been tied to a series of highly-targeted attacks directed against governmental entities, diplomats, and telecom operators for industrial espionage. [Kaspersky]
  • Zoom is officially beginning to roll out end-to-end encryption in video calls. But you will have turn it on manually. [TNW]
  • In July, French authorities took down Encrochat, an encrypted phone network used almost exclusively by criminals, by deploying malware on thousands of devices and eavesdropping on the messages exchanged between criminal suspects. But the hack is now facing a new legal challenge, including whether the messages gathered using the malware is in fact admissible as evidence. [Motherboard]
  • Google said it delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. [Google]
  • Norway blamed Russia for carrying out a cyberattack against the Norwegian parliament in August in which attackers stole data from lawmakers’ email accounts. [Government.no]
  • Brandon Azad, a security engineer working for Google’s Project Zero hacking team who has been instrumental in uncovering a number of zero-day flaws in iOS, has joined Apple. [Motherboard]
  • The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned that cyberbaddies are chaining multiple security vulnerabilities to compromise IT networks and applications. [CISA]
  • The US government charged 6 Russian military intelligence officers for carrying out some of the “most disruptive and destructive series of computer attacks ever attributed to a single group.” [The Hacker News]
  • The last fortnight in data breaches, leaks and ransomware: Barnes & Noble, Crytek, Docsketch, Dr Lal PathLabs, and Software AG.

Data Point

As data breaches continue to become the norm, Verizon’s 2020 Data Breach Report summarized 3,950 confirmed incidents spanning across 81 countries. It found 45% of the breaches involved hacking, while errors and social engineering attacks made up 22% of the attacks. What’s more, 70% of the breaches were perpetrated by external actors, with organized crime groups behind 55% of the attacks. Troublingly, 30% involved internal actors.

That’s it. See you all in two weeks. Stay safe!

Ravie x TNW (ravie[at]thenextweb[dot]com)

Source

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Charge Your Phone Wirelessly With 50% off a Multifunctional LED Lamp

Published

on

Best Tech DealsBest Tech DealsThe best tech deals from around the web, updated daily.

White Wireless Charge Lamp | $18 | Amazon | Clip coupon + code ABC88699
Black Wireless Charger Lamp | $20 | Amazon | Promo code ABC88699

When you’re ready to turn in for the night, you don’t want to forget to charge your phone— especially if your mobile device doubles as your alarm clock.

With this wireless charger lamp, you can make this crucial step of your nightly routine even easier by just setting your phone on the wireless charging pad and… well, that’s all there is to it!

Advertisement

Other functions include multiple lighting modes as well as a sleep timer option for auto shut-off of the light after 30 or 60 minutes.

This lamp can be yours in white for $18 if you clip the coupon on Amazon (it’s below the original $40 price) and add promo code ABC88699 at checkout.

You can snag the black version for $20 using the same code—no coupon though, sorry.

Don’t sleep on this deal! Who knows how long stock or the coupon code will last?

Advertisement


Source

Continue Reading

Tech

Keep That Hotdish Hot With 65% Off a Luncia Casserole Carrier, Only $11 With Promo Code

Published

on

Best Home DealsBest Home DealsThe best home, kitchen, smart home, and automotive deals from around the web, updated daily.

Luncia Double-Decker Dish Carrier | $11 | Amazon | Promo code SDDU9S7F

It has been a long time since the days we could safely have a potluck or other gatherings, but we have a fantastic deal perfect for once those times return. These double-decker Luncia dish carriers can be had for 65% off when you add promo code SDDU9S7F at checkout and clip the coupon on the site (it’s just below the price). These holders fit 9″x 13″ sized baking dishes.

Advertisement

That means you can insulate and keep two dishes of food warm for only $11 instead of $30. What’s more, your Luncia carrier will arrive by Christmas if you order today as a Prime member.

Just add promo code SDDU9S7F and clip the 5% off coupon to bring the price down to $11 for the blue or the grey option.

Advertisement

Grab this offer while it’s still around!


Source

Continue Reading

Tech

Conquer Your Pup’s Dander and Fur With $700 Off a Cobalt or Charcoal Bobsweep PetHair Plus Robot Vacuum

Published

on

Best Home DealsBest Home DealsThe best home, kitchen, smart home, and automotive deals from around the web, updated daily.

Bobsweep PetHair Plus Robot Vacuum & Mop (Cobalt) | $200 | Best Buy

Bobsweep PetHair Plus Robot Vacuum & Mop (Charcoal) | $200 | Best Buy

Allergies can be bad enough as the seasons change. Don’t let pet hair and dander add to that by vacuuming it up early and often. That chore is easier said than done— unless you have a robot vacuum to do the work for you. This lovely bright cobalt Bobsweep PetHair Plus robot vacuum and mop, only $200 today at Best Buy seems like an ideal option. That’s a whopping $700 off, by the way.

Advertisement

You can get the same deal for the charcoal version of the robot vac, too. This model is not only specially made for picking up pet hair, it self docks and charges when it’s finished with the work.

It also comes with a mop attachment, so it can take care of those kitchen floors for you as well. Grab it while it’s still available for this fantastic price!

Advertisement


Source

Continue Reading

Trending