Archive for February 29, 2020

Corona Impacts Amazon; More Than One Million Products Banned


The e-commerce giant has finally started taking steps to secure against the corona epidemic by banning more than one million products and furthermore by removing "tens of thousands" of overrated health products from unethical vendors.

A quest for "coronavirus" on Amazon raised results for face masks, disinfectant wipes and recently published books on viral infections, revealing how a few merchants are taking advantage of the health crisis. It additionally offered results for vitamin C boosters as well - a fake remedy for the virus that has been broadly disseminated on the web.

The World Health Organisation (WHO) expresses its worry about some deceptive Amazon postings prior this month, including counterfeit medications. The organization said fake coronavirus claims online were creating mass turmoil and asked tech giants to battle this spread of misinformation.

Amazon is yet to provide a rundown of those items it says it has expelled, but a BBC search for "coronavirus" on the online site proposes that numerous items are as yet being sold at strangely high prices. A portion of those items is not by any means fit for purpose, like the dispensable dust or surgical masks, as opposed to the recommended protective gear.

In one such example, a 50-piece heap of surgical masks from one seller cost more than £170, while a well-known alternative of a similar item is at a sale for around £36. Indeed, even that less expensive item has still risen drastically in price since early January, when it cost under £10.


Alluding to the act of "hiking up prices of goods" to unreasonably high levels in light of an expansion in demand, a spokesperson said, "There is no place for price gouging on Amazon," She referred to the company policy which permits Amazon to bring down items/products that "hurt customer trust", including when pricing "is significantly higher than recent prices offered on or off Amazon".

And further on added that the company will keep on monitoring the site for price spikes.

Facebook Sues Data Analytics Firm for Improperly Harvesting User Data


On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Cyber Flashing- Another Horrendous Way of Sexual Assault Via The Internet!


Of all the horrible things a pervert could do using the cyber means, Cyber Flashing is by far the most debauching and harassing of all.

For all those who aren’t well aware of this concept, cyber flashing is like every other form, a highly disgusting method of “image-based sexual abuse”.

This technology backed crime doesn’t stand on a particular pedestal as to the legality of it hence, the fact that people don’t know much about it let alone it being a crime.

You may be sitting somewhere in peace and quiet, supposedly on a much-wanted vacation cruising your lazy fingers on your phone and Bam! A stranger’s genitals cover your phone screen via an AirDrop file.

The initial shock, getting grossed out and the eventual sickening feeling you get is all well understood. Because the moment you try to close the file it only gets sent, again and again, a good number of times.

The nastiest part about this is that the person who sent it to you could be sitting close by, watching you see their nether regions and could be taking some sort of nauseating pleasure out of it.

According to several polls and researches, in England, Scotland and Wales combined, 40 percent of the women have, in one form or the other experienced cyber-flashing by having received repulsively uncalled for pictures of male private parts.


Disappointingly enough, notwithstanding the pervasiveness of the situation not many governments have special legal provisions to contend with cyber-flashing. Several countries’ existing laws don’t cover the subject wholly and only in the light of “sexual harassment or communication”.

Nevertheless, Scotland, Singapore and the American state of Texas did get something done for this but only under the pressure of women’s rights campaigns.

In the years that have passed, groups have suggested pretty fervently the need for the introduction of a new law that solely focuses on “image-based sexual abuse” and legally forbids cyber-flashing.
But it never had a toll on the government and the recommendations got rejected.

Contemplating over the severity of the not-at-all trivial crime and the neglect it has undergone in terms of its legal consequences is desperately needed to frighten away any potential partakers.

The degenerates require getting this into their head that sending someone an unsolicited picture of their genitals is simply not okay and that they can be legally punished for it.

Cyber-flashing could seriously distress the receivers and make them think that they are not safe even in public spaces. It also empowers men to accept the anonymous nature of the ill-act and just show off their genitals, without the fear of getting immediately caught.
Women need to be emboldened about fighting back against it.

Moreover, girls and women need to know that these “dick-pics” are definitely not imprudent tries at flirting and the men need to understand that this is not a pathway of getting nudes in return or appallingly enough, some twisted way of showing off.

The current laws need to keep up with the expeditious changes in technology. Also, how people embrace the ill-usages of it especially for harassment and sexual abuse.

The Central Bank of Russia warned about the new scheme of fraud "taxi from the Bank"


Fraudsters have found a new way to withdraw money from Russians. Social engineering is also in progress: people are offered a new service from banks "taxi to ATM", and on the way, they are convinced to transfer money to a third-party account.

Victims of the new scheme are those who do not use online banking, in particular, the elderly. Attackers force them to transfer money through an ATM, for which they offer to use the "taxi from the Bank" service for free.

This information is confirmed not only in banks but also in the Central Bank. Several people have already become victims of such a fraud, all of them tell about the same story: criminals call from the number "8 800" and report that someone is trying to withdraw funds from the client's card. If the potential victim does not have an Internet Bank, the person was offered a special taxi to the ATM.

"Allegedly, it will be possible to transfer funds to a secure account from ATM. Attackers order a regular taxi for the victim, and when a person is at the ATM, he makes a dictation operation to transfer money to the attacker's account," said Alexey Golenishchev, Director of monitoring operations and disputes at Alfa-Bank.

The Central Bank warned that customers are never asked to make transactions through ATMs when a suspicious operation is suspected. Scammers often offer to transfer money through an ATM, and "taxi from the Bank" is one of the varieties of this scheme.

Sberbank confirms this scenario and recognizes that the scheme is becoming more popular. The victims are lonely people or elderly people who are easily to trick, and they do not have the opportunity to consult with someone. Scammers do not give time to think and convince a person to act quickly.

Usually, the damage from such fraudulent actions is about 15 thousand rubles ($220).
Previously, fraudsters began to practice another way of cheating. A man finds a forgotten card at an ATM, picks it up and then the owner of the card appears. Of course, the owner reports that money has disappeared from his card.

Bretagne Télécom recovered 30 TB data in a ransomware attack by DoppelPaymer


Bretagne Télécom, a cloud service provider was hacked by DoppelPaymer, ransomware that exploited CVE-2019-19781 vulnerability in unpatched servers.


Bretagne Télécom is a French cloud hosting telecommunications company that provides a range of services like telephony, Internet and networking, hosting, and cloud computing services to roughly 3,000 customers with 10,000 servers.

Fortunately this is a success story with a happy ending, as the ransom attack was a failure with no data loss and no ransom paid. The company could restore the encrypted system and data from backups on Pure Storage FlashBlade arrays.

Around 30 TB data was encrypted

The attack took place in the first half of January, on the unpatched servers making them vulnerable to attack. The attackers started scanning the vulnerable servers from Jan 8 and attacked two days later. The company soon released patches to overcome the vulnerability with the final patch being published on January 24.

The DoppelPaymer's operators infiltrated around 148 machines with data from "around thirty small business customers", as Bretagne Télécom CEO Nicolas Boittin told LeMagIT.

The DoppelPaymer Ransomware hackers demanded a ransom of 35 bitcoins (~$330K) for decrypting the system. Ofcourse, the company restored the data and didn't require the "decrypting services" from the hackers. Using the Pure Storage FlashBlade arrays' Rapid Restore feature, Bretagne Télécom could restore all of the customer's data.

"We found the time when the attackers installed the scheduled encryption tasks. Once these tasks and the malware were removed, we were able to return to operational conditions."

"It is not the first time that this has happened to customers. But most of the time, they are self-managing, so we didn't interfere," Boittin added.

"Ransomware from our customers, there may not be one per month, but not far. And we never paid. I refuse to fuel a parallel economy where we would give pirates the means to improve their systems to attack us again."
The company personally decrypted and stored data from each customer without a network, some even took six hours. They could efficiently tackle the attack by considering them as data breaches, most of the companies do that resulting in compromise of sensitive information even before the encryption takes place.