Any proposal for the change, creation or removal of rules that the FCC is going to bring for a vote must have a period for public comments. The purpose of the public comments is for people to voice support for or against the proposal and to provide a substantive legal argument for or against the proposal. Read more “The Curious Case of FCC Net Neutrality Comments”
HP has been caught leaving a keylogger in a driver for the second time this year. The keylogger is in the keyboard driver SynTP.sys and is disabled by default. The explanation is that the keylogger is left over from when the software developers debug the program they’re developing.
460 HP models since 2012 are affected which you can find that list here.
It’s good news that the keylogger is disabled by default, but an attacker with knowledge of its existence and the right coding skills could activate it through malware deployed through social engineering or by having physical access then exfiltrate the data it collects.
HP responded quickly to the researcher that discovered the developer discrepancy, and shortly after first communication a patch was released that removes the keylogger. The bug was discovered by Michael Myng who goes by “ZwClose.”
You can download the patch here.
The first keylogger of the year was discovered by a Swiss security firm called Modzero that was located in the Conexant HD audio driver package version 220.127.116.11 and earlier. HP has also issued a patch for this bug that was pushed out through Windows Update (this is why it’s important to patch regularly!) and can be found on HP’s website.
This keylogger was not disabled by default and captured each keystroke and stored the data in an unencrypted file in the user’s home directory with the log being overwritten everytime the user logs in. The part of the driver that allows it to interact with other software, an API, allowed malware to “silently capture sensitive data by capturing the user’s keystrokes.”
Recently there has been a massive data breach that exposed millions of people. Upon installing the Ai.Type keyboard the application requested full access to your phone which recorded every letter or number you typed. Why would a keyboard and emoji application need to gather the entire data of the user’s phone or tablet? Great question.
Tuesday, December 5th, a security shop known as kromtech released details on a MongoDB database it found unsecured on the internet. The database had 577 gigabytes of user data collected from the app called AI.type. According to researchers, the app only leaked android users info so you iPhone users can feel a little safer.
According to the KromTech Security Center, the AI.type server had been using a mongo-hosted database that’s used by many well-known companies, but a simple misconfiguration could lead to a huge data breach. “It is clear that data is valuable and everyone wants access to it for different reasons,” said Alex Kernishniuk, VP of strategic alliances at Kromtech.
While it could have possibly had tens of millions of peoples data all over the world, the app developers failed to protect their database with a password. Anyone that had the direct URL could have used it to access the massive trove of stored data.
KromTech added that over 6 million records also contained data from people’s contact books. For a short time, more than 373 million records of contacts saved/synced on their linked google accounts were available to the public. A large portion of the records also contained phone numbers, full names, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number, IMEI number , emails associated with the phone, country of residence, links and the information associated with the social media profiles including birthdates and photos, IP, and location details.
AI.type also states that it will “never share your data or learn from password fields” but, as ZDNet highlights, there was a table with 8.6 million entries of sensitive information logged and stored via the keyboard. Interestingly, the free version of AI.type was found to have collected more data than the paid version.
A malicious script that is loaded from “cloudflare.solutions” records keystrokes and sometimes loads an in-browser cryptocurrency miner. The “cloudflare.solutions” domain is not part of the Cloudflare company, but the at-first-glance affiliation does give the malicious domain an air of legitimacy. Read more “Keylogger Found on 5,500 WordPress Sites”
According to an official for an agricultural watchdog in Russia, Pepsi hacked into its information network to steal a document. The claim was made by Rosselkhoznadzor and was released publicly on Monday and states that Pepsi uses “illegal methods of obtaining information from government agencies.” Read more “Pepsi Has a Hacking Team?”
A data breach is a cataclysmic invasion of privacy which can wreak havoc on both businesses and private individuals. 2017 surpassed the total number of data breaches in 2016 by mid-year. Today we touch up on what to do after a data breach. Read more “Steps You Should Take After a Data Breach”
Do you remember the Mirai botnet?
If you don’t, here’s a quick refresher.
Mirai is an internet-of-things malware that turns DVRs, security cameras, toasters, refrigerators, etc., into a zombie that can attack another network or device with a flood of empty data that will overwhelm and cause a denial-of-service (the device or network loses internet connectivity). You can find more information on Mirai and a different species of IoT malware called IoTroop here. Read more “Shodan Adventures Part 2”
Human trafficking is rapidly growing. According to the F.B.I., sex trafficking is the 2nd fastest growing criminal industry — just behind drug trafficking. There are many avenues that traffickers are targeting their victims, and we will look at some of these avenues, so we can prepare ourselves and our children and shut these avenues down. Read more “Techniques Used by Human Traffickers Pt.2”