By Deeba Ahmed
Instant Checkmate and TruthFinder are two subscription-based services allowing users to carry out background checks on people.
This is a post from HackRead.com Read the original post: Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked

Popular background check and verification services Instant Checkmate and TruthFinder have suffered a data breach, which has been confirmed by their parent company, PeopleConnect.

TruthFinder and Instant Checkmate are two prominent, subscription-based background check services owned by PeopleConnect. The service recently became a victim of a data breach, and as seen by Hackread.com, hackers have leaked the data of millions of its users.

Instant Checkmate and TruthFinder data leak – Screenshot: Hackread.com

**What is TruthFinder?**

TruthFinder is an online service that enables users to search for information about people, businesses, and even phone numbers. It provides access to public records and other data sources to provide accurate and up-to-date results. TruthFinder can be used for a variety of purposes, including background checks, address searches, reverse phone number lookups, court records searches, and more.

**What is Instant Checkmate?**

Instant Checkmate is an online tool that provides users with access to public records. This website collects detailed information from many sources, such as criminal records, address histories, marriage and divorces, bankruptcies, and more.

**Data Breach Details**

On January 21, 2023, unidentified hackers leaked a 2019 backup database belonging to TruthFinder and Instant Checkmate on Breach Forums, a hacker and cybercrime forum that surfaced as an alternative to the popular and **now-seized Raidforums**.

These leaked records were stored before the backup was created on April 16th, 2019, and were shared as two 2.9 GB CSV files. Upon extraction, the entire dataset turned out to be a whopping 7 GB, including the following information:

*   Full Names
*   Phone Numbers
*   Email Addresses
*   Passwords Hashes
*   Password Reset Tokens and more.

The following screenshot shows leaked files and the information that has been leaked in the Instant Checkmate and TruthFinder data breach.

Screenshot: Hackread.com

**PeopleConnect Confirms Breach:**

PeopleConnect has confirmed the incident and assured that an investigation has been launched.The company has published notices on both impacted websites (**1**) (**2**), confirming the data breach. The statement read:

“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers, was being discussed and made available in an online forum.”

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”

**What Could Have Happened?**

The investigation is still underway, and PeopleConnect has collaborated with a third-party cybersecurity firm to find more details regarding the incident. However, the company has ascertained that the incident was an accidental leak or that hackers stole a particular list; however, there is no evidence of a network breach.

1.  **Experian Vulnerability Exposed Credit Reports**
2.  **24M Customers Affected after Experian Data Breach**
3.  **Hacker dumps household records of 250M Americans**
4.  **Sensitive Data of 123M American Households Exposed​**
5.  **What is Identity Verification Service, How Does it Work?**

Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked

By Waqas
The cause of the data leak is an ongoing server misconfiguration, identified by researchers on Shodan, the search engine for IoT devices.
This is a post from HackRead.com Read the original post: India’s Largest Truck Brokerage Company Leaking 140GB of Data

The misconfigured server is still exposing the data, and there has been no response from the company since their only contact email address available to the public is bouncing back all emails.

India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem. According to the IT security researcher **Anurag Sen** working with Italian cyber security firm **FlashStart**, the organization has exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication.

According to Hackread.com, the leaked data includes sensitive information such as customer records, invoices, and payment details across **India**. Not only that, but it also contains other personal information, such as names, addresses, and contact numbers of both customers and employees.

FR8 claims to be “India’s largest truck transport service company,” currently operating in over 60 cities across the country.

Anurag discovered the server on Shodan while searching for misconfigured cloud databases on January 30th, 2023. The researchers informed FR8 about the leak, but they did not receive any response. Their only contact email address available to the public is bouncing back all emails.

For your information, **Shodan is an OSINT tool** and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.

As for FR8, what is worse, at the time of writing, the server is still live and is exposing the following details:

*   Full name
*   Mobile number
*   Internal document
*   Delivery Full address
*   Bank payment details
*   Delivery Vehicle Details
*   Internal employee details

**India has a server misconfiguration issue**

With a population of over 1.4 billion people, India is a lucrative place for businesses to invest and for cybercriminals to target. The more investment there is, the more widespread and vulnerable the IT infrastructure becomes.

Just a couple of weeks ago, **Hackread.com exclusively reported** on how an Enterprise Resource Planning (ERP) software provider had exposed half a million Indian job seekers’ data.

Last year, several top data exposure-related incidents involving tens of millions of victims were reported from India. These included **Covid antigen test results**, **Indian Federal Police and banking records**, **MyEasyDocs**, online packaging marketplace **Bizongo**, and more.

**Impact**

Since the server is live and there has been no response from the company, the chances of misuse and abuse of data are high if it gets into the hands of a third party with malicious intent.

While the data can be exploited to carry out identity theft-related fraud, hackers can hold the company’s server or **data for ransom** and leak it on cybercrime forums if their demands are not met.

**Misconfigured Databases – Threat to Privacy**

As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. **In 2020**, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.

**In 2021**, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:

*   USA – 93,685 databases
*   China – 54,764 databases
*   Germany – 11,177 databases
*   France – 9,723 databases
*   India – 6,545 databases
*   Singapore – 5,882 databases
*   Hong Kong – 5,563 databases
*   Russia – 5,493 databases
*   Japan – 4,427 databases
*   Italy – 4,242 databases

1.  **Hackers selling 13TB of Domino’s India data**
2.  **Hackers leak millions of Airtel India user data**
3.  **Hackers leak 9 million Indian job seekers’ data**
4.  **Hacker claims to steal 8.2TB of MobiKwik data**
5.  **India’s COVID-19 surveillance tool leaked user data**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

India’s Largest Truck Brokerage Company Leaking 140GB of Data

By Deeba Ahmed
Although a fix is available to patch vulnerabilities, the EV industry is slow in applying the updates.
This is a post from HackRead.com Read the original post: EV Charging Stations at Risk of DoS Attacks

Threat actors can remotely carry out DDoS and DoS attacks on vulnerable Electric Vehicle (EV) Charge Points (CPs) to cause service outages and access sensitive and personal information of customers.

According to recent studies, 5.8 percent of all vehicles sold in 2022 were electric. This is a big number considering how new the technology is. However, hackers are also keeping eye on these developments and any potential vulnerability related to electric vehicles or their charging stations can create havoc.

As per the Israeli EV infrastructure provider SaiFlow, cybercriminals can abuse **Electric Vehicle (EV) Charge Point (CP**) to prompt service disruption. According to their findings, threat actors can exploit different versions of OCPP (Open Charge Point Protocol), which use WebSocket communications.

Researchers Lionel Richard Saposnik, SaiFlow’s research VP, and Doron Porat, software engineer at the company, wrote that their discovered attack method is a combination of two new vulnerabilities found in the OCPP standard. The exploitation would allow hackers to shut down EV charging stations remotely.

Moreover, they can manipulate docking stations to recharge EVs for free. Multiple vendors have confirmed the flaws. The hacker must obtain the charger’s identity first and then obtain information about the CMSM platform to which the charger is connected.

**What Causes the Issue?**

The security flaws are related to the communication between the CSMS (charging system management service) and the EV charge point (CP), particularly with the OCPP. EV chargers are connected to a management system platform, which is available on the Cloud platform, and lets operators track the stability of the infrastructure, energy management, handling billing, and EV charge requests.

Basically, the protocol doesn’t understand how to handle more than one CP connection, and attackers abuse this by opening a new connection to the CSMS. When the attacker opens a new connection to the CSMS on behalf of the charge point, the attacker can force the original connection to be closed or dysfunctional. The other issue is related to weak OCPP authentication and chargers’ identities policy. 

**Potential Threats**

According to SaiFlow’s **blog post**, when the embedded vulnerability is exploited using the OCPP protocol, a hacker can hijack the connection between the charger and the management platform. When this access is acquired, the hacker can shut down the entire group of chargers using the protocol, whether installed at a highway gas station or at home.

Using other identifiers, they can steal energy from the chargers and access the vehicle’s surrounding components, such as battery management systems, smart meters, other energy managers, and even distributed energy resources.

SaiFlow’s CEO Ron Tiberg-Shachar revealed that when an attacker exploits the two flaws, they can launch a **DoS attack** to disrupt or disconnect a single charger and access sensitive information like server credentials or payment card data. Or, they can execute a **DDoS attack** and take down/disconnect all chargers connected to that network. The flaw affects OCPP 1.6J.

He further noted that although a fix is available, the EV industry is slow at applying the updates. SaiFlow is working with some leading EV charger providers to address the issue.

1.  UK Experimenting with Roads that Wirelessly Charge EVs
2.  Brokenwire Attack Disrupts Electric Vehicles from Charging
3.  Gone in Seconds: Hackers Steal Mercedes Car without Key
4.  Internet-connected cars can be hacked to gridlock major cities
5.  Anonymous hacks EV charging station with pro-Ukraine slogan

EV Charging Stations at Risk of DoS Attacks

By Waqas
An OSINT tool is a must for every researcher - In this article, we will explore the 15 best OSINT tools that you can use for your investigations.
This is a post from HackRead.com Read the original post: What is an OSINT Tool – Best OSINT Tools 2023

Open Source Intelligence (OSINT) tools are an invaluable resource for companies, organizations cybersecurity researchers and students. In this article, we will explore the 15 best OSINT tools that you can use for your investigations and education purposes.

**OSINT**, or Open Source Intelligence, refers to the practice of gathering information from publicly available sources. In the information and digital age, there are countless tools and resources available for OSINT practitioners to use, making it easier than ever to collect and analyze information. Here are the 15 best OSINT tools that you can use for your investigations:

**Maltego**

Maltego is a powerful and sophisticated OSINT tool for gathering data from public sources. Developed by Paterva, Maltego OSINT allows users to quickly uncover relationships between large amounts of disparate data which can then be used to build intelligence profiles.

With Maltego OSINT, users are able to extract information from multiple online sources using simple graphic representations. This includes the ability to map out social networks, capture contact details and business data, track domain names and IP addresses, uncover digital evidence such as documents or images stored on websites, find related news articles and more.

Furthermore, by automating the process of gathering publicly available data in this way, Maltego OSINT enables users to quickly discover hidden connections that would otherwise remain undetected. Visit the official website of Maltego **here**.

**Shodan**

**Shodan** is a search engine for the Internet of Things **(IoT) devices** and an OSINT tool that is used to uncover vulnerable and exposed devices connected to the Internet, otherwise known as smart devices.

Shodan was created by John Matherly in 2009 and is considered to be the world’s first computer search engine. Shodan can be used to detect security vulnerabilities on public websites, as well as provide detailed information about each web server it finds.

Shodan has become increasingly popular among cybersecurity and IT security professionals who use it for vulnerability assessment, penetration testing, and network mapping. Shodan also helps them identify insecure services such as **misconfigured cloud databases**, FTP servers, telnet servers, and SSH servers that are exposed on the internet without authentication or encryption.

Additionally, Shodan provides detailed technical information about each device it finds including IP address, operating system type, open ports, running software programs and associated vulnerabilities. That is why Shoden is a perfect OSINT tool out there. Visit the official website of Shodan **here**.

**TheHarvester**

TheHarvester is a powerful OSINT tool used to find information related to domains and email addresses. It can be used by security professionals, IT administrators, and hackers alike to collect information from different sources on the internet.

TheHarvester was created as an alternative for doing research on public resources such as search engines, PGP key servers, and social networks. It allows users to quickly gather large amounts of data from sites like Google, Bing, Yahoo!, Dogpile, LinkedIn, Twitter and many more.

All of the gathered data can be exported into several formats such as HTML/XML or even saved as a text file. Additionally, it includes an API that allows users to customize their searches according to their specific needs. Visit the official TheHarvester page on Kali **here**.

**Recon-ng**

Recon-ng is an OSINT tool used for reconnaissance and data gathering. It is a full-featured web application that can be used to gather subsets of public information related to a target, such as usernames, names, email addresses, domain names and other relevant details.

Recon-ng has been designed to automate the process of gathering intelligence about a given target as quickly and efficiently as possible. The Recon-ng OSINT tool provides users with access to multiple resources such as Google, Bing, Twitter, Shodan and more.

The platform also allows users to interact with each resource using the same interface which simplifies the data-gathering process significantly compared to traditional methods. It enables users to quickly collect comprehensive information on a target without having to manually search multiple online sources or databases. Visit the official Recon-ng page on Kali **here**.

**Spiderfoot**

Spiderfoot is an excellent OSINT tool designed to automate the process of gathering information about a specific target. Spiderfoot enables users to have quick and easy access to a wide range of data sources.

It is capable of collecting information from over 200 sources, such as DNS records, WHOIS information and public resources like Shodan, **VirusTotal**, Google and others. Spiderfoot can be used for reconnaissance, investigative research and even threat hunting by allowing users to quickly identify potential threats or vulnerabilities in their environment.

The tool works by scanning the internet for publicly available data from various sources based on the user’s input query parameters. The collected data can then be mapped out into an interactive graph with various visual indicators which make it easier to interpret the gathered information.

This feature makes it much easier for security professionals to recognize trends or anomalies within their networks which can help them detect malicious activities or threats early on. Visit the official website of Spiderfoot **here**.

**OSINT Framework**

OSINT Framework is a website and information-gathering tool used by security professionals for investigative purposes. It is a collection of free and publicly available tools that can be used to conduct online investigations.

OSINT Framework provides users with an easy-to-use platform to quickly search, collect and analyze data from various sources such as social media platforms, websites, forums, blogs and more. By using this framework, security professionals are able to gather a wealth of information in order to identify potential threats or anomalies on the web.

The OSINT Framework enables users to access public records and other sources of information quickly and efficiently. It utilizes specialized search engines and databases such as Google Hacking Database (**GHDB**) as well as several other open-source intelligence tools such as Recon-ng, Maltego and Shodan. Visit the official website of OSINT Framework **here**.

**Foca**

Foca (Fingerprinting Organizations with Collected Archives) is an OSINT tool used by cybersecurity professionals to collect data from the internet. It can be used to find information on any subject, including people, companies, and other organizations. The tool gathers data from a variety of sources such as social media platforms, websites, and search engines.

The tool helps users to collect information quickly and efficiently by providing them with a set of tools for searching, collecting and analyzing the collected data. It provides users with advanced filtering options that allow them to narrow down their searches and find relevant information easily.

Foca also has features such as keyword analysis which enables users to analyze text-based content or images in order to identify patterns or trends in the collected data. Additionally, it offers other features like automated report generation which allows users to generate reports quickly without having to manually gather all the necessary data themselves. Visit the official GitHub repository of FOCA **here**.

**Metagoofil**

Metagoofil is a powerful OSINT tool used for gathering publicly available information about a particular target. It is especially useful for penetration testers, security professionals, and researchers who need to collect data from websites in order to perform reconnaissance on their targets.

Metagoofil was developed by Edge Security in 2006 as part of the framework for its security consulting services. This tool can be used to scan websites, search engines, and public document archives such as **PDFs and Microsoft Office documents**. It then searches for specific keywords related to the target and collects the relevant information from these sources.

With its easy-to-use interface, Metagoofil allows users to quickly find files containing sensitive information such as usernames, passwords, email addresses, IP addresses, etc., which can then be used in further attacks or research projects. Visit the official Metagoofil page on Kali **here**.

**GHunt**

GHunt is a new OSINT tool that lets users extract information from any Google Account using an email. The information that GHunt extracts include:

*   Google ID
*   Owner’s name
*   Public photos (P)
*   Phones models (P)
*   Phones firmware
*   Installed Softwares
*   Google Maps reviews
*   Possible physical location
*   Possible YouTube channel
*   Possible other usernames
*   Events from Google Calendar
*   If the account is a Hangouts Bot
*   Last time the profile was edited
*   Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)

Visit GHunt’s GitHub repository **here**.

**Yandex Images**

The Russian counterweight to America’s Google, Yandex has been extremely popular in Russia and offers users the option to search across the internet for thousands of images. This is in addition to its reverse-image functionality which is remarkably similar to Google.

A good option included within is that you could sort images category wise which can make your searches more specific and accurate.

**Tip:** In my personal experience; Yandex image search results are far more accurate and in-depth than Google Images. Visit Yandex **here**.

**N2YO.com**

Allowing you to track satellites from afar, N2YO is a great tool for space enthusiasts. It does so by featuring a regularly searched menu of satellites in addition to a database where you could make custom queries along the lines of parameters such as the Space Command ID, launch date, satellite name, and an international designator.

You could also set up custom alerts to know about space station events along with a live stream of the International Space Station(ISS)! Visit the official website of N2YO **here**.

**TinEye**

TinEye is the original reversed image search engine, and all you have to do is submit a proper picture to TinEye to get all the required information, like where it has come from and how it has been used.

Instead of using keyword matching, it uses a variety of approaches to complete its tasks, including picture matching, signature matching, watermark identification, and numerous other databases to match the image. 

In conclusion, these 15 OSINT tools are among the best available for conducting investigations using publicly available information. Whether you are a professional investigator or a curious individual, these tools can help you gather and analyze information more efficiently and effectively. Visit the official website of TinEye **here**.

**Have I Been Pwned**

**Have I Been Pwned** is an online service that helps people determine if their personal data has been compromised. It works by using email addresses to track data breaches, allowing users to know whether their information has been leaked or stolen due to a hack or other incident.

Have I Been Pwned was created in 2013 by Troy Hunt, a Microsoft Regional Director and security expert. The site provides users with detailed information about the source of any breach affecting their personal data, as well as the types of data that may have been leaked. This allows them to take appropriate steps to protect themselves from future attacks.

Have I Been Pwned or HIBP currently tracks more than 12 billion accounts across over 600 major data breaches, providing one of the most comprehensive databases for checking if your account details have been exposed online. Visit Have I Been Pwned **here**.

**Conclusion**

In conclusion, OSINT tools are an invaluable resource for anyone looking to stay ahead of the curve in the world of digital intelligence. The 15 Best OSINT tools outlined in this article provide an excellent overview for any user, from the novice to the professional, to get started. By using these tools and understanding their functions, users can empower themselves to become better researchers and find valuable data more quickly.

1.  **Top 10 Reliable VPN Services**
2.  **5 Free Best Internet Speed Test Websites**
3.  **8 Online Best Dark Web Search Engines for Tor Browser**
4.  **What Are Dark Web Search Engines and How to Find Them?**
5.  **Best legal & free online streaming sites for movies & TV shows**

What is an OSINT Tool – Best OSINT Tools 2023

By Habiba Rashid
According to researchers, there are a few key points that allow a packer such as TrickGate to remain efficient and undetectable for so many years. 
This is a post from HackRead.com Read the original post: TrickGate: Malicious Software Outwitting Antivirus for 6 Years

Check Point Research (CPR) recently reported on a live software service, dubbed TrickGate, that has been used by malicious threat actors for over six years. TrickGate is essentially a packer that allows cybercriminals to carry out malicious activities, such as deploying malicious code by **evading antivirus checks**.

According to researchers, there are a few key points that allow a packer such as TrickGate to remain efficient and undetectable for so many years.

First, a packer can contain any kind of payload, and since it is not limited to any single one, it can also be used to pack many different **malicious samples**.

Secondly, a packer’s inherent nature allows for changes to its wrapper on a regular basis, which enables it to evade detection from security products.

However, CPR was able to connect the dots from prior research and ended up finding a single operation that appeared to be offered as a service. Their research suggests that numerous threat actors from groups such as **Cerberus**, **Emotet**, **REvil**, **Maze**, **Cerber**, **HawkEye**, **AZORult**, **Formbook**, **Remcos**, **LokiBit**, **AgentTesla** and more exploited the service to deploy malware.

The advisory further estimates that, during the last two years, threat actors have used TrickGate to conduct 40 to 60 attacks per week. The majorly targeted industry was manufacturing, but others such as education, healthcare, finance, and business enterprises were also affected.

“The attacks are distributed all over the world, with an increased concentration in Taiwan and Turkey. The most popular malware family used in the last 2 months is Formbook with 42% of the total tracked distribution,” CPR wrote in its **report**. 

Going into technical depth, CPR security researcher Arie Olshtein explained that the entire attack flow of TrickGate shows that the malicious program is first encrypted and then packed with a special routine. It is designed to prevent the system from detecting the payload statically and at run-time.

CPR’s advisory concludes with the need for more attention to unravelling the packer’s building blocks since they provide a way to detect the threat at an early stage. The only way to tackle a hacker’s transformative abilities is by giving them the same attention that is given to actual malware. Researchers can now use the identified packer, TrickGate, as a focal point to detect new or unknown malware.

1.  TrickBot malware crashes devices to evade analysis
2.  Android Stalkerware MonitorMinor spies, steals & evades
3.  Fake Antivirus Apps Loaded with SharkBot Banking Trojan
4.  Threat actors using CAPTCHA to evade phishing, malware detection
5.  Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

TrickGate: Malicious Software Outwitting Antivirus for 6 Years

By Owais Sultan
What is a CDN? How can businesses benefit from a CDN? and What to look for in a CDN provider?
This is a post from HackRead.com Read the original post: Content Delivery Network (CDN) FAQs

Content Delivery Networks (CDNs) have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, reliability, security, and the business’s bottom line. This is why they have gained such popularity among businesses in a wide variety of industries.

If you are considering investing in CDN services, you need to ensure you choose the right solution and provider for your business’s needs. Additionally, you should do thorough research to learn how these solutions can help your business.

You can learn about everything from the convenience of integrated CDN solutions to how CDN can help your business when you conduct research. Looking at FAQs about CDN services and solutions can also help; we have provided a sample of common questions and answers below.

**Some Common Questions**

If you want to get to grips with CDN solutions and how they could help your business, here are a few of the many common questions and answers:

**What Is a Content Delivery Network?**

A CDN is a collection of servers that are geographically distributed and work in tandem to ensure the speedy, efficient, and reliable delivery of internet content. It enables the swift transfer of assets required for loading Internet content, including javascript files, HTML pages, videos, images, and more.

The popularity of CDNs means that most web traffic is served through them, including for high-traffic sites such as Facebook and Amazon.

**Does a CDN Replace Web Hosting?**

Another common question is whether a CDN replaces web hosting; the answer is no. CDNs do not host content, but they do help to cache content to improve performance. Standard hosting services often do little to boost performance; this is where a CDN can help. By reducing hosting bandwidth through caching, the CDN can help improve performance, reduce interruptions, boost security, and even cut costs.

**How Can Businesses Benefit from a CDN?**

Following the previous question and answer, there are many ways in which businesses can benefit from CDNs, boosting their popularity. You will find that this is a cost-effective solution; it can reduce downtime, boost performance, provide greater security, and help to speed things up, among other things.

**What Do You Look for in a CDN Provider?**

Many people are eager to know what they should look for in a CDN service provider, and there are several key factors to keep in mind. Of course, the cost of the solution is an important factor to help keep your business within budget.

However, you also need to look at things such as DNS response times, network connectivity, throughput and wait times, and cache hit-or-miss ratios, among other things.

**Conclusion**

In conclusion, Content Delivery Networks are a powerful tool for businesses that need to improve their website’s performance, scalability and security. With the help of this FAQ, we hope that readers have been able to better understand the basics of CDNs and can now decide whether they should consider using one for their website.

As with any technology, there are both advantages and disadvantages that must be considered before investing in a Content Delivery Network.

1.  Cloud Hacking – Why API Remains the Biggest Threat?
2.  VPS Hosting Vs. Dedicated Servers – Which Is Better?
3.  Managed Cloud Hosting vs. Unmanaged Cloud Hosting
4.  5 WordPress Security Solutions with Free SSL Certificates
5.  How Web Application Firewall (WAF) protects your website

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Content Delivery Network (CDN) FAQs

By Deeba Ahmed
Google Fi customers are impacted by the recent T-Mobile breach, as Fi relies on T-Mobile and US Cellular for connectivity.
This is a post from HackRead.com Read the original post: Google Fi User Data Breached Through T-Mobile Hack

According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google Fi, Google’s official mobile virtual network operator (MVNO), has confirmed that data belonging to its customers was exposed in a recently discovered T-Mobile security breach. The incident was **reported by Hackread.com** on January 20th, 2023.

**What does Google Fi have to do with T-Mobile?**

For your information, **Google Fi** relies on T-Mobile and US Cellular for connectivity. It operates on the networks of US Cellular and T-Mobile, allowing customers to enjoy comprehensive coverage across the country.

Unlike traditional plans from Verizon or AT&T, Google Fi uses technology to switch between different cellular providers while your phone is in use. This means that if you’re using your phone and one carrier’s service becomes weaker than another’s in the area, your phone will automatically switch to a stronger signal – without any interruption in service.

**T-Mobile Data Breach Details**

On January 19th, **T-Mobile** published a regulatory filing revealing that an unauthorized threat actor had managed to access the data of 37 million of its current customers. The breach occurred in November 2022 and was discovered on January 5th, 2023.

T-Mobile Inc. informed law enforcement officials and cybersecurity consultants regarding the data hack, which included customers’ names, dates of birth, billing addresses, email addresses, and more than 37 million postpaid and prepaid customers.

**Google Fi Warns About Data Exposure**

According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google has confirmed that no text message call contents or PINs were taken. Moreover, the exposed system did not store private customer data such as names, payment card details, email IDs, passwords, government IDs, etc.

However, the hackers could access account statuses, phone numbers, service plan details such as international roaming, and SMS card serial numbers. It is worth noting that, despite utilizing the T-Mobile network for its connections, Google did not name it as its primary service provider in the email.

**Email sent to Google Fi customers:**

_Dear Google Fi customer,_

_We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third-party system that contains a limited amount of Google Fi customer data._

_There is no action required by you at this time._

_This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status._

_It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other forms of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls._

_Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third-party system and notify everyone potentially impacted. There was no access to Google’s systems or any systems overseen by Google._

_If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue._

**_What does this mean for me?_**

_The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming)._

Google has assured its customers that they don’t need to take any further action, and there was no unauthorized invasion of Google’s own systems or any system that it directly oversees.

**_More Data Breach News_**

1.  **Google Employees Data Stolen After Data Breach**
2.  **Hackers Breach TPG Telecoms’ Email Host to Steal Client Data**
3.  **Australia’s 2nd-largest telecom firm suffers massive data breach**
4.  **Hacker extracts user data from Canadian Telecom Firm after rebuttal**
5.  **Telecom giant behind routing SMS discloses 5-year-long data breach**

Google Fi User Data Breached Through T-Mobile Hack

By Deeba Ahmed
Malwarebytes has confirmed that, despite confirmed reports of the presence of pre-installed malware in T95 TV boxes, Amazon is still allowing their sale.
This is a post from HackRead.com Read the original post: Amazon Still Selling T95 TV Box with Pre-Installed Malware

A few weeks back, **Hackread.com reported** about a malware-infected Android TV box available on Amazon: the T95 TV box. The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant, Daniel Milisic. 

Now the same TV box is in the news again, and the person who has identified security threats is Malwarebytes mobile malware researcher Nathan Collier. He purchased this device from Amazon to further probe and instantly realized something was off about this TV box. Collier discovered that regardless of whether the toggle switch was on or off, the box was rooted.

**What is Rooting?**

For your information, in an Android device, rooting refers to acquiring the highest level of access, aka root. It allows the user to modify system-level directories and files, which otherwise is not possible.

Developers require this heightened access to test the device in the pre-production phase. However, it must be noted that Android devices aren’t rooted during production. If the command adb (**Android Debug Bridge**) root is run on an under-production Android device, it will display the error “adb cannot run.”

Conversely, on a rooted device, the message appears as “restarting as root” or “adb is already running as root.”

**Tools Used in the Research**

Collier performed his research on the Android TV box using a few tools, including Android Debug Bridge from the Android Studio, Telerik Fiddler Classic internet traffic monitor with exceptional HTTPS capturing capabilities, NoRoot Firewall app that allows or denies network traffic as per an app’s requirement, and LogCat command line tool.

**Performing the Research on TV95 TV Box**

Collier hypothesized that DGBLuancher was responsible for APK loading and running Corejava classes.dex. To prove this hypothesis, Collier uninstalled DGBLuancher and kept Corejava classes.dex. The malicious traffic stopped immediately without DGBLuancher, Ergo, Corejava classes.dex cannot run.

Collier then reinstalled DGBLuancher, and this time he removed Corejava classes.dex, too, but again the malicious traffic stopped, and no new traffic was produced. This means the traffic required Corejava classes.dex to be produced. Hence, Collier concluded that the DGBLuancher was the APK loading Corejava classes.dex.

Later, Collier deleted Corejava classes.dex from the /data/system/Corejava, but it reappeared immediately after a reboot and when DGBLuancher was uninstalled Corejava classes.dex stopped reappearing. This strengthened the hypothesis that DGBLuancher was the culprit as it created Corejava classes.dex.

Now he had to find out why Corejva classes.dex reappeared. Collier learned that system\_server ran more commands in the background than just create /data/system/Corejava. DGBLuancher used system\_server to create Corejava classes.dex, so it wasn’t the culprit but conduit. Collier couldn’t determine why Corejava classes.dex reappeared.

A T95 Android TV box sold on Amazon

**How to Fix the Issue?**

In a **blog post**, Collier recommends a factory reset before proceeding to fix the issue. A factory reset will remove the malware that might have been downloaded during this time. Afterwards, avoid connecting the box to a network until you install adb onto a Linux, Windows, or Mac environment and put the box into Developer Mode.

Turn on USB0 device mode to install adb. Connect your PC to the box, open a terminal such as Command Prompt on PC, and type: adb devices, which will display an ID number and a list of devices attached. Now you can remove the DGBLuancher. Check out Nathan Collier’s blog on Malwarebytes for a detailed remediation process.

**_More Pre-Installed Malware News_**

1.  **Malware targeting IoT devices and Android TV globally**
2.  **Monero Mining Malware Infecting Android Smart TVs & phones**
3.  **Hacked Android phones mimicked TV products for fake ad views**
4.  **Amazon Fire TV, Fire TV Stick hit by crypto mining Android malware**

Amazon Still Selling T95 TV Box with Pre-Installed Malware

By Owais Sultan
Perhaps it should give us pause for thought that one of the biggest revolutions in commerce and society…
This is a post from HackRead.com Read the original post: The Basics of Ecommerce Cyber Security

Perhaps it should give us pause for thought that one of the biggest revolutions in commerce and society has also brought with it a whole new dimension of cyber security and cybercrime threats.

Of course, we are talking about the Internet revolution and everything it has led to. We now most often communicate across the Internet and we send all kinds of data, files, and documents. Some of that is pretty valuable, so cybercrime has come calling.

For the successful functioning of a business, online or offline, theft needs to be prevented. Traditionally, this probably only accounted for the theft of stock, but nowadays, it is more the theft of information that new businesses are most concerned about. The reason for this is simple enough: most businesses at least have an online dimension, and the only transaction that occurs online is the transfer of information.

You are never actually sending money when you make a bank transfer; you are sending information that affects the respective bank balances of those involved. This data can be stolen and converted into real financial gains for criminals.

This is why cybersecurity is vital for any online activity, from simple personal computer use right up to the online business. Any **internet-enabled device** purchased today will more often than not come with a full package of cybersecurity software, from firewalls to anti-virus software and sensitive data encryption. For businesses, this becomes doubly important because there is so much more at stake.

**The Arms Race**

The other thing about cyber security, especially for **e-commerce**, is that it is constantly evolving. Every other month, cyber-criminals refine their techniques and make use of more advanced tools and technologies. Hacking is a serious discipline carried out not only by criminals but also by government agencies tasked with enormous commitments, such as ensuring national security and fighting terrorism.

This is all you need to consider to see how vital cyber security is and how essential it is that it is constantly updated and refined. The criminals are doing that, so your business needs to do it too. It is an arms race, with each development on one side necessitating a responsive development on the other.

If you run a small e-commerce business, then this might all seem pretty daunting. Luckily, criminal interest in online companies scales in direct proportion to the size of the company and the valuable information and funds it handles. Therefore, your response should always be proportional. There is no need to break the bank for your small online art and craft store.

However, you can never neglect cyber security, and you can never rest for long before you must consider updating it. New technology could be the reason for updating, or it might be due to business growth. Both technological advancements by criminals and the growth of your business increase the risks.

**What Are the Threats to Ecommerce?**

So, assuming that you run a small- to mid-sized e-commerce venture (no large company needs an introduction to cyber security), what are the most common cyber risks associated with your endeavour?

Well, there are many. Cyberattacks can constitute the theft of information, but they can also lead to the loss of physical assets as well. When this latter threat is posed, it is usually because hackers have found a way to hack your digital order fulfilment system.

Cybercriminals do not just work with a keyboard and screen. For example, once information concerning your delivery routes has been stolen, it is all the easier for criminals to organize a heist – in the real world. 

Of course, though, simple security of information is where it all begins; risks tend to arise when information is transferred. For example, an insecure office network that is not protected against hackers allows for information and data to be stolen. Even simple things, such as password protection and administrator privileges, are forms of cyber security that address specific cyber risks.

Finally, there is a risk inherent in slow Internet speeds, too. A cyber attack can happen in the blink of an eye (electronic signals are transferred significantly faster than the blink of an eye), so you need to know when one has occurred and act as soon as possible. To shore up defence here, you might invest in network monitoring software and **WiFi 6** internet providers to establish a virtual guard tower.

**A Cyber Security Infrastructure **

So, that is the reality of the situation, and these are the threats you are up against. But, how do you get started in creating a robust cybersecurity infrastructure? Perhaps the best way to answer this question is to look at some cyber security practices and guidelines that cover the most important bases.

**Payment Card Industry Data Security Standard (PCI DSS) **

Often referred to solely as **PCI**, this is a widespread industry standard that ensures bank and card details are transferred securely. Here, we see the legal dimension of cybersecurity. Consulting the PCI is a great way to cover the most essential bases when it comes to security for this sensitive information.

**International Organization for Standardisation (ISO) **

No business staying on the right side of the law should consult the ISO and specifically the **ISO IEC 27002:2013** for cyber security. The internet doesn’t tend to respect borders, and neither does international regulations. Accordingly, the ISO allows businesses to ensure their practices are in line with everyone else’s. Achieving this certification is a good first step to take.

**Personal Data**

Personal data is a necessarily broad category that includes any data related to a specific person. The aforementioned card details would be an example, as would a customer’s address, or simply their name. There are several regulations concerning this, the most important of which is probably the **GDPR**.

**HTTPS Authentication **

What is the difference between **HTTP and HTTPS**? Most simply, the latter is the former with encryption added. You will recognize these characters from the beginning of every web address you visit in your browser. HTTPS means that the data has been encrypted, meaning it cannot be accessed by any intermediaries. Having HTTPS in your URL is also a trust indicator for customers, especially because bank transfers often have their specific web address when underway.

**Conclusion **

You shouldn’t see the strong **legal regulation of cyber security** as a bad thing. Sure, the law will require you to toe the line, but this is necessary. The alternative could be far worse for your business. Furthermore, the number of helpful compliance guidelines can let you know from the outset what you need to invest in before you start trading, giving you peace of mind thereafter.

The Basics of Ecommerce Cyber Security

By Deeba Ahmed
GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom.
This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach

Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

**GitHub** revealed that on December 7th, 2022, hackers had gained unauthorized access to several of its code repositories and stolen code-signing certificates for two of its desktop apps: **Atom** and **Desktop**. The repositories were used in the planning and development of these applications.

A further probe led to the conclusion that GitHub’s services were not at risk, and no unauthorized changes were made to these projects. Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

The **repositories were cloned** one day prior by a compromised PAT (personal access token) associated with a machine account. GitHub did not reveal how the token was breached. Alexis Wales from GitHub stated in a **blog post**:

> “Several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. We have no evidence that the threat actor was able to decrypt or use these certificates.”
> 
> GitHub

GitHub has decided to revoke the exposed certificates used for Atom and Desktop applications. The revocations will be effective this Thursday and prevent some impacted versions of these apps from working. Revoking these certificates will render some versions of GitHub Desktop for Mac and Atom invalid; however, current versions of Desktop and Atom are unaffected by this theft.

For your information, code-signing certificates place a cryptographic stamp on the code to verify that the enlisted organization, i.e., GitHub, has developed it. If it gets decrypted, the certificates will allow an attacker to sign the app’s unofficial version, which has already been tampered with and pass them off as official updates from GitHub.

Affected apps include the following versions of GitHub Desktop for Mac:

*   3.1.2
*   3.1.1
*   3.1.0
*   3.0.8
*   3.0.7
*   3.0.6
*   3.0.5
*   3.0.4
*   3.0.3
*   3.0.2

The following versions of GitHub Atom have been affected.

*   1.63.1
*   1.63.0

It is worth noting that GitHub Desktop for Windows is not affected by this credential theft. On January 4, GitHub published a **new version** of its Desktop app, which was signed with new certificates that weren’t exposed to the attacker(s). GitHub Desktop users should upgrade to the latest version.

**_More GitHub Security News_**

1.  **GitHub: Hackers Stole OAuth Access Tokens to Target Orgs**
2.  **GitHub Attack Allowed Hackers to Steal Okta’s Source Code**
3.  **GitHub fixes vulnerability that exposed repositories to attackers**
4.  **GitHub Abused to Spread Malicious PyPI Packages in Image Files**
5.  **Hackers spoof commit metadata to create false GitHub repositories**