Elibomi, an Android malware, has targetted Indian taxpayers by stealing their financial information in a phishing attack, according to a blog post by McAfees Mobile Research team. The antivirus company disclosed that the attackers lure in unsuspecting users by pretending to be a fake tax-filing application.The company picked out two campaigns in November 2020, and May 2021, which relied on phony tax-filing themes to target users.

Cyber attacks have increased exponentially since the pandemic as lockdowns caused by COVID-19 triggered a rapid adoption of digital tech. The surge in digitisation has also invited the attention of hackers and scammers who see this as an opportunity ripe for the taking. Phishing is a cyber attack that uses disguised email as a weapon and is notoriously difficult to sniff out, given its sophistication.

It is also the reason why it is one of the most common types of cyber attacks. Phishing constituted almost one-third of all cyber attacks in 2019 as per Security Intelligence. The attacks have increased by 600% during the pandemic. The consequences can be damaging in most cases as it results in severe financial losses.

McAfee explained that the delivery of malware takes place through an SMS text.

The SMS message pretends to be from the Income Tax Department in India and uses the name of the targeted user to make the SMS phishing attack more credible and increase the chances of infecting the device. The fake app is designed to capture and steal the victims sensitive personal and financial information by tricking the user into believing that it is a legitimate tax-filing app, the post read.

Heres how cybercriminals display the original logo to trick users into installing the fake iMobile app:

Image credits: McAfee

The stolen data includes e-mail addresses, phone numbers, SMS/MMS messages among other financial and personal identifiable information. McAfee added that the malware exposes stolen information to anyone on the Internet.

McAfee advised users to follow these steps:

Elibomi has been able to gather sensitive information from affected users which could be used to perform identity and/or financial fraud. Even more worryingly, the information was not only in cybercriminals hands, but it was also unexpectedly exposed on the internet which could have a greater impact on the victims, the company informed.

February 2021: Hindustan Times reported that a number of senior government officials, including those from the ministries of defence and external affairs, were targetted in a phishing campaign with attackers using compromised government domain email accounts to launch their hacking attempts. The National Informatics Centre (NIC) issued an alert soon after the attack but there was no confirmation whether any targetted computers were compromised.

March 2021: A response to a parliamentary question revealed that CERT-In, Indias nodal cyber security agency, was working with the Reserve Bank of India (RBI) and other banks to track and disable phishing websites in an effort to thwart online frauds.

July 2021: Researchers at Seqrite, the cybersecurity arm of Quick Heal Technologies, claimed that they found sophisticated phishing attempts targetting Indian critical infrastructure PSUs across sectors of finance, power, and telecom by a Pakistan-linked group. The PSUs were targetted to get access to sensitive information including screenshots, keystrokes, & files from the affected system.

July 2021: Kaspersky Internet Security found that India was among the top three countries facing phishing attacks primarily via instant mobile messaging apps like Facebook-owned WhatsApp and Telegram. Countries experiencing the highest number of phishing attacks were Russia (46 percent), Brazil (15 percent), and India (7 percent).

August 2021:CERT-Inwarned that scammers were targetting banking customers in India with a new type of phishing attack to collect sensitive information such as internet banking credentials, mobile numbers, and OTP to carry out fraudulent transactions. It said that the malicious activity is carried out using the ngrok platform (cross-platform application).

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

The rest is here:
Phishing attack dupes Indian taxpayers and steals their financial information - MediaNama.com

JEFFERSON CITY, Mo. The Missouri House Elections Committee convened last week to discuss ways to alter the initiative petition process and improve election security.

And over the course of more than three hours, lawmakers heard a parade of debunked conspiracy theories about the 2020 election.

Im convinced the country suffered the greatest cyberattack in the history of the world that was ordered and orchestrated by the Chinese Communist Party, retired military analyst David Stevens told the committee.

Stevens was referencing a conspiracy peddled by MyPillow CEO Mike Lindell that claims the Chinese were behind President Joe Bidens 2020 victory. During his August symposium, Lindell offered $5 million to any cybersecurity expert who could prove his claims wrong, and at least one former military cyber expert, a longtime Republican from Texas, has said he easily can.

Others testifying Tuesday were similarly enamored with Lindells theories, including Rep. Ann Kelly, a Lamar Republican who doesnt serve on the elections committee but testified about attending a symposium in Sioux Falls, South Dakota, organized by Lindell.

Missouri resident Keith Carmichael testified about false voter-fraud theories from Ohio mathematician Douglas Frank, which have been disproven by a Republican-led Michigan Senate Oversight Committee. Working together, Frank and Lindell contend they can prove voting machines were hooked up to the internet, which both Ohio and Missouri laws prohibit.

Just a moment ago, a veteran military analyst told you that you were attacked, Carmichael said. I dont know if you were listening. Nobody ran out. I didnt see anybody call home. I know during 1941 when Pearl Harbor was attacked, I imagine people just stopped what they were doing.

There is no evidence of widespread voter fraud or irregularities during the 2020 election.

The witnesses were met with numerous objections from both Republican and Democrat committee members. Election officials at both the state and county levels also testified for several hours to dispel the false claims.

We do have a very secure system that all of our election authorities use, said Trish Vincent, chief of staff for Secretary of State Jay Ashcroft. We put in layers of security to make it doubly secure.

However, Vincent quickly added that a bill to require a photo ID to vote an idea that has been repeatedly rejected by Missouri courts would be one way to dispel mistrust and increase voter confidence.

Weve been wrestling with that for a number of years, she said.

The GOP-dominated General Assembly made requiring a photo ID to vote and making it harder to change state law through the initiative petition process top priorities this year. But the session ended in May without any of the election bills finding their way to Gov. Mike Parsons desk.

Tuesdays hearing is seen as clear indication that election legislation will once again sit atop the GOP agenda in January when lawmakers return to Jefferson City.

Rep. Ashley Aune, D-Kansas City, said Tuesdays hearing was part of a strategy to sow seeds of doubt and distrust in the electoral system.

Even though the Republican committee members didnt outwardly support the election-fraud conspiracy theories touted by witnesses, Aune said she had serious concerns about the level of legitimacy they gave the claims by inviting witnesses to talk about them.

They just need to put it out there and leave people to stew on it, Aune said. It paves the way to create policies to make our elections safer if they think they are unsafe.

At one point in the meeting, committee chair Rep. Dan Shaul, R-Imperial, said that he brought forth the issues of data hacking to make sure the states election authorities have the tools they need.

That was my purpose today to make sure that we talked about these odd things that could impact the integrity and the trustworthiness of our systems, Shaul said.

The first hole in Lindells Chinese cyberattack theory is that election authorities dont certify election results via the internet, said Rep. Peggy McGaugh, a Carrollton Republican who is vice chair of the elections committee and a former county clerk.

Greene County Clerk Shane Schoeller, a Republican and former state legislator, agreed.

Missouri is a paper ballot state, Schoeller said. We certify elections off of paper. We use electronic equipment on election night in order to be able to put uncertified results out to the public.

All that equipment is certified by the secretary of states office. They use an encrypted memory stick thats certified by a bipartisan election team.

Schoeller walked through the rigorous auditing steps that election results go through after election night.

We have these safeguards in place, he said. I think we all agree we are going to trust but we are going to verify.

Aune said a public school in her district had to close down for two days because its system was hacked.

She co-sponsored the Missouri Cybersecurity Act, which lawmakers approved in May and will establish a commission of cybersecurity experts to address issues like this. It went into effect Saturday.

If lawmakers are interested in cybersecurity, they should ignore baseless election conspiracies to focus on safeguarding utilities and entities like public schools, she said.

Thats where our time should be spent, Aune said. Lets put our attention where we know we need it.

Excerpt from:
Missouri lawmakers discuss election security in hearing marked by conspiracy theories - Joplin Globe

US tech giants Microsoft and Google have committed to invest $20 billion and $10bn, respectively, to fight cyber crime over the next five years.

The two companies announced pledges after their chief executives met US President Joe Biden on Wednesday and discussed measures to strengthen the country's cyber ecosystem. Top executive of other technology companies such as IBM, Apple and Amazon also attended the meeting.

Thank you @POTUS for convening a critical conversation on cybersecurity, Satya Nadella, Microsofts chief executive, said on Twitter.

Microsoft will invest $20bn to advance our security solutions over the next five years, $150 million to help US government agencies upgrade protections and expand our cyber security training partnerships."

The Washington-based company has been one of the prime targets for cyber criminals. Recently, thousands of apps and portals that use Microsofts Power Apps platform mistakenly leaked about 38 million confidential records and left them exposed for months on the internet.

In March, cyber espionage group Hafnium reportedly exploited Microsoft's widely used email and calendar Exchange server, breaching more than 30,000 commercial and local government entities in the US.

Microsoft said it would also expand its partnerships with community colleges and non-profit groups for cyber security training programmes.

US President Joe Biden addresses members of his national security team and private sector leaders at the White House in Washington on Wednesday. Reuters

The meeting [with President Biden] comes at a timely moment, as widespread cyber attacks continue to exploit vulnerabilities targeting people, organisations and governments around the world, Kent Walker, senior vice president of global affairs at Google, said.

Governments and businesses are at a watershed moment in addressing cyber security [cyber attacks] are increasingly endangering valuable data and critical infrastructure."

The Alphabet-owned company said it plans to invest in strengthening cyber security and securing the software supply chain. It also pledged to train 100,000 Americans in the fields of information technology support and data analytics, learning in-demand skills, including data privacy and security.

Cyber crimes globally have risen amid a rise in remote working and a rapid digital uptick due to the Covid-19 pandemic, according to IBM.

The average global cost of a data breach rose about 10 per cent a year to $4.2m over the past 12 months, it said. The US continued to top the list, with average costs of $9m, up from $8.6m a year ago, followed by Saudi Arabia and the UAE at $6.9m. Canada ($5.4m), Germany ($4.9m) and Japan ($4.7m) complete the list.

Last week, T-Mobile US said cyber attackers breached its computer networks and stole personal details of more than 40 million past, current and prospective customers.

The information stolen from the company's servers included victims names, dates of birth, social security numbers and driving licence details.

The cyber security market is forecast to be worth $363 billion over the next five years, according to Mordor Intelligence. Getty

In May, cyber criminals targeted the US company Colonial Pipeline, which ships about 2.5 million barrels of oil each day across the country. It had to pay a ransom of about 75 Bitcoin to regain control of its systems. However, US investigators have said they recovered about 63.7 Bitcoin.

Updated: August 27th 2021, 6:11 AM

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

UAE currency: the story behind the money in your pockets

Read more:
Microsoft and Google pledge $30bn to fight cyber crime over five years - The National

When I say browsing through any website isnt free, I dont mean the price you pay to your internet service providers or the price you pay for your electricity bill. It's not even the price you pay to get hold of the electronic devices to access such accounts; instead, it's your datayour private informationwhich is sold; auctioned off to the highest bidder. Over and over again. To quote an Internet user named bluebeetle If you are not paying for it, youre not the customer; youre the product being sold.

In the infamous hearing of Facebooks Chief Executive Mark Zuckerberg in 2018 when Senator Hatch had asked him, "How do you sustain a business model in which users don't pay for your service?" Zuckerberg replied, "Senator, we run ads." So, for the platforms which heavily rely on their users' watch time and click-through rate on ads to earn money, it is only logical for their business model to focus on what their advertisers want and how to market relevant ads to the users. Hence they use targeted ads. Targeted advertisements are done by marketers where the users get ads that revolve around their specific interests, traits and shopping patterns.

The websites run their ads specific to their users to benefit their "customers", who are the companies who buy the advertisement slots. In the Netherlands, a 2013 study showed that when a law was introduced that required websites to inform visitors of tracking in the advertisements, click-through rates dropped. So it is obvious why companies would use sneaky ways and abuse loopholes in the law to mine data.

With users sharing their personal data and the web cookies tracking every click of the users, the marketers have been able to tailor ads to each user according to their needs. Research shows that many people don't know that their data dictates the ads they receive.

Most of us have got ads of the products or services specifically when we need them. Researchers discovered that users perceive personalised ad content as more appealing and more connected to their interests.

Have you ever wondered how much information Facebook or Youtube, or Instagram has on you? How much information has Google stored on you and to what extent it keeps track of your search history and click-through rates? Well, you can request a copy of the data these websites have on you. When I got curious about how much Google has tabs about my personal information, I exported my personal data from Google. It created a copy out of 46 products that contained 39.25 GB worth of data. Your privacy settings determine how much information you allow Google to access your browsing history and activity on related products.

Google keeps track and stores your location. Google has a record of every place you've been to (if your location tracking was turned on). I was shocked to find Google still keeping records of a random restaurant I visited on July 31st, 2015. It stores your search history across all of your devices, even the ones you have deleted. It knows all the apps youve used, every extension used. It has all of your YouTube historylikes, comments, searches and subscriptions. So, based on the content you watch on YouTube, Google can figure out your personality, political inclination, religious stance, health data, and tastes and preferences on basically anything. Google Photos has access to all the photos you've taken through your phone. Much like Google, Facebook, too, keeps track of every message you have sent and people you've befriended or unfriended. It also keeps track of your log-ins or log-outs, the devices you have used, and the places you have visited. Even if you delete any piece of information, it just becomes invisible but never really disappears.

Inspired by Brian X. Chens article in the New York Times, I downloaded the information that Facebook has on me. To my horror, I found out that they had 3.46 GB worth of data on me. I found a folder labelled "Ads_information. A section named Advertisers who uploaded a contact list with your information had an overwhelming majority of companies I had never heard of or interacted with. It also had an "Advertisers you've interacted with" folder that records every advertisement I've interacted with.

Chen further explains how brands obtain users' information. These include: Buying information from data providers like Acxiom and taking that information to Facebook to serve targeted ads. Brands use tracking technologies like web cookies and invisible pixels to collect information about your browsing activities. According to Ghostery, Facebook offers different trackers to help brands harvest your information, advertisers can take some pieces of data that they have collected with trackers and upload them into the "Custom Audiences" tool to display ads to you on Facebook. After receiving a backlash, Facebook has limited the practice of allowing advertisers to target ads using information from third-party data brokers.

Sometimes ignorance is bliss but not when its your data that is in danger. The free services that these companies provide us doesnt automatically mean were getting fair compensation in exchange for our data. As MIT Technology Review has put it, "have little idea how much personal data they have provided, how it is used, and what it is worth." If the general public were aware of viable alternatives, they might hold out for compensation for free.

In the same internet space where browsers like Gener8 Ads respect your choice to either limit your data collection or generate money from it, we are obligated to analyse whether Google has been selling our data in exchange for providing "free" services. In a Harvard Business Review, Maurice E. Stucke wrote how Data-opolies have been depressing privacy protection below competition levels and collecting personal data above competition levels. (The Data-opolies consist of Google, Facebook, Amazon and similar companies who have minimal competition.) Stucke compares the collection of excessive personal data with charging an exorbitant price for a product/service. Since the companies have limited - or no- competition, they without a doubt have no competitive alternatives hence the bargaining power for the users is nonexistent.

These companies are also at a considerable risk of getting a security breach as the hackers have more incentives to hack such companies. The personal data of over 533 million Facebook users was leaked online in April 2021. This exposed the users' data for free, leaving the users vulnerable to data theft or impersonation.

When there should be stronger regulations on internet security and data privacy, Data awareness amongst users is necessary. So maybe next time you sign up for a website, you first at least skim-read the "Terms of Service", and the next time you click on "Accept Cookies", you first read what data you're willing to let the website track and collect from your browser.

See the rest here:
The lies of free sign-ups - The Kathmandu Post

If you use the internet, you need a solid VPN. It keeps your private data away from prying eyes, makes even public Wi-Fi safe to use, and allows you to browse the internet totally unrestricted by geo-blocks. Considering that93%of data breaches could have been avoided through basic data security measures, if you havent been keeping your browsing information, online banking and personal data secure through a VPN yet - now is the time to do something about it.

Thats because today, weve found an awesome deal with one of the absolute best VPN services on the internet. Right now, you can grab alifetime subscription to BelkaVPNon sale for just $39.99 - thats a massive 94% discount off the regular price of $719.

Belka protects all your private data thanks to its encryption shield tunnel, which secures your activity even when using public networks - and it comes with a zero log policy, and no speed or bandwidth restrictions, so your connection will always be fast and secure.

Belka uses more than 120 VPN servers across 25 global locations - keeping your information private, and meaning that you can bypass online region restrictions, too. Excitingly for entertainment fans, that opens up a whole new world of international TV, movie, and music streaming - allowing you to access the servers for US and international Netflix, BBC iPlayer, Hulu, ESPN+ and HBO, and over 40 other streaming services. So, whether you want to always be able to watch US shows wherever you travel, or you want to enjoy international shows you cant see on regular US channels, youll never be unable to watch anything by location - ever again.

This VPN comes extremely highly rated, too, with 4.1/5 stars on theGoogle Play storeand a 4.2/5 star rating on Trustpilot. Its no surprise the service is loved by its users. As one recently wrote, I have been looking for a good and secure VPN and this VPN has everything.

Ready to secure your private data for life? Get yourBelkaVPN: Lifetime Subscriptionon sale with 94% off right now, for $39.99 (reg. $719).

Read the rest here:
Protect Your Privacy For Life With This VPN Loved By Its Users, Now Less Than $40 - IGN Nordics