Tag Archive for: Mounts

Trouble mounts for WhatsApp, phone numbers of users found on Google search: Reports

/in


WhatsApp has reportedly exposed the phone numbers of the web users on Google Search via indexing.

If reports are to be believed, this development essentially means that anyone, sitting in any part of the world, with the right search query can find your personal phone number on Google easily.

The Google search result reportedly displays the phone number only, and not your name.

However, a simple Truecaller search can reveal your identity.

According to internet security researcher – Rajshekhar Rajaharia, phone numbers of WhatsApp web users appeared on Google Search.

He further alleged that Google is also indexing the text messages of users.

“15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don’t know why WhatsApp is still not monitoring their website and google. This is 3rd time,” Rajshekhar Rajaharia said in a tweet.

Also read: Dense fog engulfs Assam, Meghalaya and Tripura

Notably, a few days back, Group chat links were also available on Google Search.

Anybody could simply search the name of the group on Google and join a group on WhatsApp using the link.

However, WhatsApp soon took cognizance of the vulnerability.

WhatsApp said, “Since March 2020, WhatsApp has included the ‘no index’ tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats.”

Also read: Amidst concerns, WhatsApp delays implementation of its new privacy policy

Source…

Concern mounts over government cyber agency’s struggle to respond to hack fallout

/in


With Microsoft acknowledging for the first time this past week that suspected Russian hackers behind a massive government security breach also gained access to its source code, pressure is mounting on US officials and cybersecurity experts to explain how the attackers infiltrated various US computer networks, what they did once inside and the steps that are being taken to mitigate the damage.

As US officials struggle with the fallout, questions are swirling about whether the agency tasked with protecting the nation from cyberattacks is up to the job.

On Wednesday, the Cybersecurity and Infrastructure Security Agency, (CISA) signaled it’s still working to patch the known vulnerabilities, advising agencies to update their software from SolarWinds, a private contractor attackers exploited to gain access into potentially thousands of public and private sector organizations.

Congressional Democrats and the Biden transition team are demanding more information about the massive hacking campaign, calling on the Trump administration to address concerns about its handling of the fallout and perceived lack of transparency in the weeks since the data breach was first discovered.

The Biden team in particular has stated that it’s been stonewalled by Trump officials in its effort to learn more about key national security issues, including the hack.

Trump administration officials say those accusations are exaggerated but have also acknowledged they are wary of any transition activity that could provide the Biden team a head start in dismantling the President’s priorities.

To date, the White House has offered few public details about what is believed to be the most significant cyber operation targeting the US in years. The lack of…

Source…

The count of managed service providers getting hit with ransomware mounts

/in
Scrabble letters sitting atop laptop computer spell Ransomware.

Enlarge / When MSPs get owned by ransomware, their customers can lose more than just access to an application. (credit: Getty Images)

When more than 20 local governments in Texas were hit this summer by ransomware in one day. The attack was apparently tracked back to one thing the organizations had in common: a managed service provider. With limited IT resources of their own, local governments have increasingly turned to MSPs to operate significant portions of their networks and applications, as have other organizations and businesses—often placing critical parts of their business operations in the MSPs’ hands. And that has made MSPs a very attractive target to ransomware operators.

Threat researchers at the global cloud security provider Armor have been tracking publicly-reported incidents in which MSP and cloud service providers have been hit with ransomware. Thus far, they have documented 13 such incidents this year—with 6 of them reported in the past few months.

The most recent publicly exposed victim is Billtrust, which as security journalist Brian Krebs reported, was hit by what BleepingComputer reported was BitPaymer ransomware (a report that has not been confirmed). BillTrust is an online invoicing and billing provider based in New Jersey that also provides credit decision services. Billtrust executives sent an email to customers on October 22, informing them of the attack, stating:

Read 3 remaining paragraphs | Comments

Biz & IT – Ars Technica