A critical flaw in Zoom video conferencing:

If you are using Zoom video conferencing then you need to read this.

Why Zoom is used?

Zoom is popular for cloud-based meeting platforms such as video, audio and screen sharing for users, And its free.

Recently a flaw has been found which exposes your webcam. If you uninstall zoom from your device even then the attacker can access your webcam.

For more details and Zoom’s response for this attack. click on the link

Marriot Faces fine from GDPR:

The World’s biggest hotel chain Marriot International has been fined with $123Million under GDPR over 2014 data breach.
In 2018 November, Marriot detected that unknown hackers have comprised their guest reservation database through its recently acquired Starwood Hotels and got access to personal details of around 339 million guests
.

The attack leaked guests’ names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences.

For More details visit this link.

To know more about GDPR . click on this link

Facebook accounts hacked

You must have heard about Facebook accounts hacked. Around 30 million Facebook account was hacked.

There was a security patch in last month which gave access to hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the ‘View As’ feature.

Though Facebook estimated that 50 million accounts were hacked, a report said that 30million accounts have hacked using this vulnerability.

A Facebook resource person said that hackers have collected these data from the victim accounts

  1. Usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles of 15million users.
  2. And the other 14million users data were collected in detail such as personal data, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.

How to check if your Facebook account was hacked or not:

Facebook users can check their account was hacked or not by visiting this social network’s help center

Facebook will also directly reach out attacked users and inform them what data was collected when they were hacked.

Note: Please don’t overuse Facebook in your life. Make sure that you don’t add the check-in’s or your traveling post. So that the Hacker(attacker) will not get complete data on you. Live your life in real rather than in virtual(Social media).

What happens when you sleep

Recently you must have read or heard about Google collecting your data even though you are not
using them. You will be amazed at how they can collect your data without your knowledge. In this blog, I have shown how data is collected with a minimum lab setup.

Lab Setup:
1. I have installed a free Proxy server(JanaServer) on my laptop and started the server.
Link to download the software here.
Note: If the link is not working, Google “JanaServer server download”. And download from the website.

2. Go to the IP address section.

3. After clicking the IP address, you will be directed to the new page. Enter your laptop/System’s IP address there. In order to check your system’s/ laptop’s IP address. Open Command prompt-> Ipconfig->IPv4 address will be your IP address.

4. After setting the IP address go to the ports section. Set which port function you want and then click on submit.

5. Now Proxy server setup is done. To check the port number used by the functions, scroll down.

6. On your mobile:

a. Go to Settings->Wifi->On->Select wifi->And press the wifi name for a second.

b. It will give you options such as Forget network and Modify network.

c. Select modify network->select proxy->Enter your laptop’s IP address(192.168.225.62) and port number(3128) from server’s settings. Here 3128 is HTTP port.

d. Now save the settings.

e. Access the google.com or any other website to check whether your proxy is working or not.

f. Change the proxy port server to random and refresh the website. if its says problem occurred then your proxy setup is working fine.

g. Change the proxy port to the previous one.

7. After proxy server setup, I was browsing from 6.10PM-6.13PM.
8. And then I kept my phone idle from 6.14PM-6.21PM.
9. After a while, I went to the proxy server’s log file. In which log file will be created under “proxy.log” name.


10. After going through the log file, I got to know how much of my data was being collected by the apps that were installed on my mobile.

I have attached the “proxy.log” file. you can check it here Proxy_log.

Mitigation :

Always disconnect wifi/data carrier on your mobile/tablets so that your data won’t be sent the application’s server you have installed.

Now you know how much data is being collected even though you have closed application.

 

What is Cambridge Analytica? What is the Scandal about it?

Hi,

Cambridge Analytica is basically a consulting firm which deals with data mining, data analysis for the electoral process.

In March 2018, there were reports about data breach by Cambridge Analytica on Facebook. Now how they collect data, How did they classify them. To whom did they sell these data and how did they strategize for their benefit.

You may have seen ads about “Which celebrity do you look like”, “How will you die”, “Will you be rich in future”, apps like thisisyourdigitallife, etc., Now when you click on these ads or post you will be directed to access page, were you have to give permission for the post to access data from your profile like your name, date of birth, religion, your interest,etc., without seeing what access is it asking, you just click on ok as you read “It will not post anything on your profile”. It will give you some bluff results based on your posts and views, Which you think is correct.

At the backend, they collect the data and structure that data according to them. From that collected data they are able to tell what’s your age, What is your interest, Who do you support, Are you an introvert or extrovert. And based on this they provide data to either ruling or opposition party and give them a suggestion and how to attract users to their vote.

Now as per resource half million Facebook users data from India has been mined for the electoral purpose. And also facebook has said that on 11th April users will get a notification in their news feed if their data has been affected or not. And if affected then how has it affected. for more info on this click here

Facebook settings that you should change right now

HI all,

You may have heard that there is a breach of data security on Facebook. Here are some settings that will help to protect your data.

Facebook settings you need to change:

1. To know which apps and service share your data on Facebook.

Settings->Apps->You will get the apps and service that are connected to your Facebook account.

Remove them if you don’t recognize them.

2. Limit information that friends share with you:

Settings->Apps->Scroll down->Apps other use->Edit->uncheck the data which you don’t want to be shared

3. Manage App permission: If you have installed the Facebook app on your phone

Settings->App permission->Facebook app->switch off the button(Revoke permission) for contact, messages, call logs, etc. And in that way, your information will not be shared with Facebook.

And also if you are using Facebook Messenger, then uninstall it. And install it again without turning on you “Text anyone in the phone”, Don’t add your number to the messenger app(You can just skip it), and don’t turn on “Send and receive SMS from messenger”

4. Limit the adds: Settings-> Ads. You can revoke permission under “Your Information”, “Add settings”, “interest”.So that your data will be safe from now.

5. Make sure you never log in to Facebook in the 3rd party apps. If you do click on review and see what permission is it asking for access.

6. You must have seen the adds like “Know what you will be future” or “who is your spirit animal” or “which celebrity looks like you” because these are the adds which take access to your data and may sell it 3rd party.

7. Check this link that Facebook has gathered contacts from your mobile though never shared.

CredSSP Flaw in Remote Desktop Protocol Affects all versions of windows

Hi Everyone,

A critical vulnerability has been discovered in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code.

This Flaw was discovered by researchers at Cybersecurity firm Preempt Security. This issue can be exploited by Man-in-the-middle attack with wifi or physical access to the network.

How to defend yourself?

  1. Recommended: To patch workstation and servers using available updates from the Microsoft.
  2. It would be better if the use of the privileged account is decreased.  For more details click here

Contd..Intel Chip Security Flaw

Hi All,

This is the update regarding Intel Chip Security(Spectre and Meltdown).

Vendors have made significant progress in rolling out fixes and firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple, and Google, Spectre is not easy to patch, it may take some time.

Here’s the list of available patches from major tech manufacturers:

  1. Windows 10: Microsoft has released an out-of-band security update (KB4056892).
  2. Windows 7& 8: The patch is available you can check your OS version here
  3. Apple OS: The patch is already released.
  4. Andriod: For Google-Branded phones, the security patch will be updated or we need to install. And other Android users have to wait for their device manufacturers to release a compatible security update.

For more information visit the link

Intel Chip Security Flaw

Hi All

A new security flaw has been discovered in Intel chips that are made after 1995. Since many computers use Intel chips this is really bad news.

So what is this security flaw? what is at stake here?

There is a bug, that has been found to leak memory at the kernel level.This would let hackers access your sensitive data such as password or login details from the chip itself.

A patch will be released for this vulnerability. For more information click here