profile hacking Archives - TuxCare

Samsung Breach Leaks U.S. Customer Data

Samsung has confirmed a cyberattack on the company which led to attackers accessing some vital information belonging to attackers.

The company stated in its data breach notice that the hackers “in some cases” took customer names, contact, and demographic information, date of birth, and product registration information. The company’s notice however indicate that while not every Samsung customer is affected, it remains unknown how much data was stolen in its data breach.

“In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected,” the company said in a notice.

The breach did not affect users’ Social Security numbers or credit and debit card numbers and the extent of information leaked for each customer varies.

The tech giant urge customers to be on guard against potential social engineering attempts, avoid clicking on links or operating attachments from unknown senders. Customers are also warned to review their accounts for potentially suspicious activity.

While alerting customers of the breach, Samsung has also shown decisive steps to secure the affected system and engage an outside cybersecurity firm to lead the response efforts.

Samsung action since the flaw was disclosed has raised several questions from experts. Following the disclosure, Samsung published a new privacy policy which many adjudged to be controversial.

According to the new policy, Samsung can use a customer’s “precise geolocation” for marketing and advertising with the user’s consent. The new policy also states how long Samsung stores data that users share from the Quick Share feature. Samsung says it may “collect the contents you share, which will remain available for 3 days.” The reason behind the controversial policy remains unknown.

The sources for this piece include an article in TheHackerNews.

Phishing Attacks On Social Media Users Are On The Rise

With more than 4 billion social media users around the world, cybercriminals are more inclined than ever to target these users to make money or steal their personal information.

In the latest edition of the Consumer Cyber Security Pulse Report, the team at digital security firm Norton Labs published some important findings after spending a year analyzing phishing attacks against social media platforms.

A phishing attack is a fake email or message that pretends to be from an authentic or trusted source. A phishing attack aims to gain access and steal vital information from users.

According to the Norton Labs team, phishing attacks targeting social media users are on the rise, with users being targeted via email, text messages, or even within a social media platform.

The report identifies eight different phishing techniques used by attackers to target social media users, including classic login phishing, notifications of blocked accounts, notifications of copyright infringement, verified badge scams, hacking services for profiles, follower generator services, and two-factor authentication interception, and payment fraud.

In classic login phishing, attackers use a fake login page to deceive users into entering their social media data and passwords, which are forged by the attackers, who then use them to access the compromised accounts.

When notifying users about blocked accounts, the attackers deceive them that their account has been compromised. Users are then asked to provide information to restore their accounts.

Notices of copyright infringement mislead users into believing that their account has been suspended because they have broken certain rules. Users are therefore asked to log in to a fake login page to unlock their accounts.

Verified badge scams target verified accounts on social media platforms, asking them to log in to the attacker’s fake login page so they don’t lose their verified status.

Profile hacking services deceive users who want to hack a profile. Victims in turn are redirected to various malicious websites or used to generate traffic for ads.

Follower Generator Services target content creators who want to grow their audience. This type of phishing attack promises to help users grow their audience at little or no cost. Ultimately, users are redirected to malicious websites, where their information is collected and their presence used to generate traffic for ads.

Two-factor authentication interception helps attackers intercept temporary codes required to penetrate profiles with multi-factor authentication.

In the phishing campaign for payment fraud, attackers pose as well-known social media brands and deceive victims into providing payment card information. The aim is to extract user data and use it for malicious activities such as financial theft.

The sources for the piece include an article in Betanews.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching