44 % of MEPs and 68 % of British MPs made it easier for their personal data to end up circulating on the dark web. The reason is that many would have registered online accounts using their official email address and entered additional personally identifiable information (PII). Then, when cybercriminals attacked those third-party providers and shared or sold the data on the dark web, it was too late to prevent the dissemination of said data. ESET, a leading company in proactive threat detection, shares and lists some timely preventive tips.

“Unfortunately, this is not something that happens only to politicians or other people of public relevance, and it is not the only way that a person’s data can end up in the underworld of the Internet. It can happen to anyone, even if they do everything right. And it often happens. That is why it is worth keeping a close eye on your digital footprint and the data that matters most to you,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Laboratory.

The dark web refers to parts of the Internet that are not indexed by traditional search engines, it is not illegal or populated solely by cybercriminals, it is a place where you can browse anonymously using the Tor browser. However, today’s cybercrime economy has been built on a thriving dark web, with many of the specialized forums and markets visited en masse by cybercriminals, while remaining hidden from law enforcement.

As enablers of a criminal economy worth trillions, dark websites allow threat actors and attackers to both buy and sell stolen data, hacking tools, DIY guides, hacking services and more. Despite regular law enforcement crackdowns and operations, they continue to adapt to fill the gaps left by authorities when they dismantle their operations.

Research by Proton and Constella Intelligence, for example, showed that two-fifths (40%) of the email addresses of British, European and French MPs were exposed on the dark web – almost 1,000 out of a possible 2,280 emails. Worse still, 700 of these emails had associated passwords stored in plain text and exposed on dark websites.

When combined with other exposed information such as birth dates, home addresses and social media accounts, they constitute a treasure trove of identity data that can be used in subsequent phishing and impersonation attacks.

When and how we are vulnerable

There are several ways that data can appear on a dark web forum or site, some may be the result of negligence, while many others are not. Some of those ways are:

• Data breaches at third-party organizations: Data is stolen from an organization that you have interacted with, and that has collected the data, in the past. In the United States, 2023 was a record year for these types of data breaches; more than 3,200 incidents at organizations led to the compromise of data belonging to more than 353 million customers.
• Phishing attacks: A legitimate-looking email, direct message, text message, or WhatsApp message contains a link that can install malware to steal information or trick you into entering personal or login details (for example, a fake login page for Microsoft 365).
• Credential stuffing: An account is compromised through a brute-force attack (credential stuffing, dictionary attack, etc.) where hackers guess a password or use previously breached logins on other sites. Once inside the account, they steal more stored personal information to sell or use.
• Infostealer malware: Personal data is stolen through info-stealing malware that can be hidden in legitimate-looking apps and download files (such as pirated movies/games), phishing attachments, malicious ads, websites, etc.

However, cybercriminals obtain data, once shared on the dark web, it can be handed over or sold on demand. It is very important to understand that depending on the type of data, whoever obtains it will likely be able to hijack bank accounts to steal more information, including bank or card details, design very convincing phishing messages that share some of the stolen personal information to persuade you to hand over even more sensitive data, steal email or social media accounts to spam other contacts in your address book with malicious links, or commit identity fraud; for example, taking out loans, generating false affidavits to receive a refund or receiving medical services illegally.

Explaining the matter step by step: about cybercrime and the black market

In case you discover that some personal or confidential data was exposed and is being traded on the dark web, it is advisable and vital to take emergency measures such as changing all passwords, especially the affected ones, for strong and unique credentials; Use a password manager to store and retrieve saved passwords and passphrases; enable two-factor authentication (2FA) on all accounts that offer it; notify relevant authorities (law enforcement, social media platform, etcetera); ensure that all devices have security software from a reputable vendor installed; freeze bank accounts and order new cards, check bank statements for unusual purchases, and be on the lookout for other unusual activity on online accounts such as inability to log in, changes to security settings, messages/updates from accounts you don’t recognize, or logins from strange places and at odd times.

How can we avoid becoming victims of an attack in the future? ESET recommends the following:

• Be more cautious when sharing information online.
• Review the security/privacy settings of social media accounts.
• Activate incognito mode – that is, when appropriate, use options such as disposable email addresses so you don’t always have to give out personal data.
• Never respond to unsolicited emails, messages or calls, especially those that try and pressure you to rush into action without thinking clearly first.
• Use strong, unique passwords on all accounts that offer it and enable a strong form of 2FA for added protection.
• Invest in a dark web monitoring service that notifies you of newly discovered personal data on the Internet, so you can act before cybercriminals do.

ESET contact details: https://www.eset.com/ve/https://www.eset.com/ve/. Also, their social networks: Instagram (@esetla) and Facebook: (ESET).

With reference information and images provided by ESET and Comstat Rowland Comprehensive Strategic Communications

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Expert advice to keep personal data out of the dark web apareció primero en Bitfinance.

The National Data Protection Authority (ANPD), linked to the Ministry of Justice of Brazil, began an investigation on Monday, November 4, to establish whether the social network TikTok had access to the personal information of minors.

The state agency has urged the platform to implement a clear data protection policy and indicated in a statement that “these decisions are due to an audit of the network’s activities, according to which there are indications of violations of national laws that preserve personal information in Internet traffic.”

The ANDP emphasized that the privacy of personal data must have adequate protection guarantees for minors. The social network has a period of 10 days to “deactivate the resources that allow access to its content without the need for prior registration or age verification.”

In addition, the authorities have asked TikTok to present a plan detailing the restrictions for the creation of “fake profiles,” as well as the necessary protocols to prevent the opening of accounts for children and adolescents who do not have the assistance of their parents or guardians at the time of registration.

M.Pino

Source: swissinfo

(Reference image source: Olivier Bergeron in Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Brazil investigates TikTok access to personal information of minors apareció primero en Bitfinance.

This Monday the signing of a new Privacy, data transit, personal data, United States, agreement, European Union was completed. Both regions had been working on it since 2022.

Privacy continues to be the main concern of data protection defenders in cases of espionage or data trafficking. However, according to the agreement that allows the free flow of data between the US and the EU, it does not represent a risk.

This is not the opinion of Max Schrems, a European activist who has filed court cases on the issue of violation of privacy, as well as espionage in communications and Internet browsing that Edward Snowden revealed at the time.

Privacy rules have been the subject of discussion between the United States and Brussels more than once. In addition, there is talk that in the United States “there is no federal privacy law. This has created uncertainty for tech companies like Google and Meta, and the possibility that the companies may have to keep the data of European individuals used to target advertising to them outside the United States.”

However, and according to the statements of the EU Commissioner for Justice, Didier Reynders, at a press conference in Brussels: “Personal data can now flow freely and smoothly from the European Economic Area to the United States without further conditions or authorizations”.

M.Pino

Source: apnews

(Reference image source: Ilya Pavlov, Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

La entrada The United States and the European Union sign data transit agreement apareció primero en Bitfinance.

The UK Government has announced the launch of a new electronic authorization for visa-free travelers and for Europeans, called Electronic Travel Authorization UK (ETA UK), with the aim of improving British border control and fully digitizing border systems by 2025.

As explained in a statement, the ETA system will be introduced at the beginning of 2023 and will be fully operational by the end of this year. The ETA system will screen visitors before they arrive in the UK and travelers will provide basic personal details, passport details and certain security information by completing an online ETA application form.

According to the Government, this measure will provide “more accurate” information on the number of people traveling to the United Kingdom and the countries of origin, in addition to making the country “an even safer destination” by being able to detect threats much earlier.

The British Home Secretary, Priti Patel, has explained that the ETA UK is not a visa and that Europeans and travelers from countries like the United States and Canada will maintain their visa exemption, but “will need an ETA to cross the border of the United Kingdom”.

The validity period of the UK ETA has not yet been announced, but the British government has stated that it is based on the US ESTA system, so it is likely that it “will be valid for at least two years and for multiple trips to Britain”. Currently, most visa-exempt visitors can stay in the UK for a maximum of six months.

Arab countries will be the first to benefit

Gulf Cooperation Council (GCC) passport holders will be the first nationalities to benefit from the new UK visa waiver system, once it comes into effect in 2023.

Thus, the ETA UK The ETA will first be extended to the citizens of these countries: United Arab Emirates, Saudi Arabia, Oman, Kuwait, Qatar and Bahrain.

Source: dpa

(Reference image source: Tomek Baginski, Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

La entrada UK to launch new official electronic permit for international travelers apareció primero en Bitfinance.

Social networks have become an important part of everyday life for millions of people around the world. However, experts warn that the entertainment provided by these platforms can sometimes make users forget something as fundamental as their privacy.

Every time a post is shared or a photo or video is uploaded, a new link is created between users’ personal data and the Internet. This link is used by cybercriminals to make them victims of ‘phishing’ and ‘malware’ and get hold of personal data. In addition to being able to use your accounts and data for other activities of very doubtful legitimacy.

For this reason, Kaspersky experts share a series of tips to establish a safer relationship with social networks, which begins with a phrase of common sense: ‘Think before you share’. “Anything you share on the Internet will be very difficult to eliminate. In fact, 74 % of Spaniards mistakenly believe that they can completely eliminate their presence on the Internet,” they explain from Kaspersky, citing data from the recent study ‘Right to Oblivion’ published by the company itself.

This first step, which consists of having a personal filter and making the decision not to share certain information, such as home address or personal telephone number, is essential. In addition, experts remind that users should never share anything that contains a QR or barcode, such as tickets to concerts or plane or train tickets.

Private browsing and configuration of social networks settings

On the other hand, Kaspersky urges you to browse the Internet privately. “When visiting any website, an analysis code is activated to count the visitors. Generally, they belong to companies such as Google or Facebook, who then use this information to offer you ads based on your interests,” the company details.

For this reason, if the user wants to prevent them from collecting this information, they can activate the incognito browsing mode, although experts clarify that it is not as secure as is usually thought, since it filters certain information, “but not all”. Another solution is to install the private browsing of the cybersecurity product that the user uses on their devices.

Likewise, cybersecurity experts recommend configuring social networks for greater security. Although many people are not aware of it, social networks offer various settings to determine what information is available and for which users. In addition, in most cases, the user can hide his profile in the search engine so that other people cannot tag him, write him messages or harass him.

At this point, Kaspersky offers the ‘Privacy Checker’ tool, which has useful information to maintain privacy on social networks such as TikTok, Instagram, Facebook, WhatsApp or Twitter, among others.

Delete inactive accounts and spot scams

Experts also encourage deleting unused accounts. Most people have some accounts that they haven’t used for a long time, but only some of them are automatically deleted. “Most of them are still there, saving information, images and personal data that could be leaked at any time. Therefore, it is a good idea to delete the profiles that you do not use, since, through old accounts, cybercriminals can access your data,” they add.

Finally, cybersecurity specialists encourage detecting scams in order to avoid them. Phishing scams through social networks like Instagram are becoming more and more common. Some of the most used methods are private messages with malicious links, fake influencer accounts, fraudulent giveaways, or even fictitious phishing emails that they use to steal data or take over accounts.

For this reason, they explain that the greatest precaution that the user can take is not to trust any profile that they do not know or that may be false. In addition, experts insist on the importance of changing passwords often and not using the same ones on all social networks.

“It is common to be more cautious when making a payment or management online, but privacy in social networks is an aspect that, on many occasions, is wrongly left aside. For this reason, Kaspersky warns users that they must be especially careful when sharing information to protect your data through simple steps like these,” concludes Marc Rivero, Senior Security Researcher at Kaspersky.

Click the link to subscribe for free to our news and media group on Telegram: https://t.me/G_ELSUMARIO_News

Source: dpa

La entrada Expert tips for a safer relationship with social networks apareció primero en Bitfinance.

As smartphones are increasingly required for all daily activities, cybercriminals are finding new methods to deceive their victims, which are becoming more sophisticated and complex over time.

One of them is called SIM ‘swapping’, a fraud through which cybercriminals try to fraudulently duplicate the SIM card of a user’s device, as mentioned by the Internet Security Office (OSI).

First, the attacker impersonates your identity to get a duplicate of your card. To do this, they contact the telephone operator of the card by phone and provide the victim’s personal information, such as their name and ID number.

Cybercriminals may have collected this data through other social engineering attacks (such as SMS fraud, ‘phishing’ or identity theft from the companies themselves), as well as by digging through your social networks.

Another way of accessing sensitive information of victims is through downloading fraudulent applications on their devices, or after connecting to free or fake Wi-Fi networks.

Once all the data has been collected and the call has been made to the company’s operator, the fraudsters can request a duplicate SIM card. In this way, a new card is created, and the one held by the legal user is invalidated.

Subsequently, the victim is left without telephone service, so that the mobile device will not be able to identify the SIM card, the coverage will not be reflected, nor will it allow the receipt or sending of SMS.

Cybercriminals, on the other hand, will be able to access your personal information and take control of your applications, impersonating your identity on social networks, email accounts or digital banking.

In this way, you can carry out bank transactions as you please since you also control the notifications that these services usually offer to confirm the sending and receipt of money transfers, among other actions.

How to avoid being victim of swapping

Because it is a very common scam and, at the same time, complex to stop, OSI recommends taking a series of measures to avoid being victims of this increasingly widespread fraud.

The first of these is to establish contact with the telephone company in the event of having lost coverage for no apparent reason, such as portability to another operator. In addition, it is convenient to establish two-step authentication, as an additional measure.

To do this, applications intended for your security protection, such as Microsoft Authenticator or Google Authenticator, can be used and downloaded as alternative two-factor methods.

Likewise, it is advisable to update the account recovery options, in case the cybercriminals have managed to access other personal accounts to collect the necessary information to proceed with the ‘swapping’.

Special attention should also be paid to the information that is provided through social networks or public channels, as well as the Privacy Settings options of these platforms.

Finally, it is recommended to exclusively download applications from official stores such as Google Play or the Apple Store, as well as update the access credentials periodically.

Click the link to subscribe for free to our news and media group on Telegram: https://t.me/G_ELSUMARIO_News

Source: dpa

La entrada Cases of swapping through smartphones increase apareció primero en Bitfinance.

This security solutions provider announced that these fraudulent attacks share similarities with those registered a few months ago with another well-known brand such as Amazon.

In this threat, cybercriminals send a seemingly legitimate PayPal order confirmation, telling users that they have purchased more than $500 worth of the DogeCoin blockchain-based cryptocurrency.

To cancel the order, users have the option of calling a customer service or support number, a fake phone with which they contact cybercriminals.

From Avanan they report that the contact number that appears in these fraudulent emails is based in Hawaii (United States) and has previously been linked to other scams.

In addition to gaining access to your financial information, scammers can target their victims in a variety of ways with their respective phone numbers, from text messages to calls to WhatsApp messages.

However, the main objective of cyber scammers is to access the bank details of their victims, so when they call that number, they will receive the order to give the credit card number and the CVV to cancel the charge.

Click the link to subscribe to our news and media group on Telegram: https://t.me/G_ELSUMARIO_News

Source: dpa

La entrada Scam with Paypal allowed to capture bank details apareció primero en Bitfinance.

LinkedIn is listed as the company that has received the highest number of phishing attacks during the first quarter of the year, being the target of 52% of these campaigns.

Social networks have become the main target of this type of scam, whose objective is to obtain information from users to access their personal accounts, as well as bank details.

These platforms are followed in a number of attacks by other sectors of the industry, such as retail, technology and freight transport.

This is one of the main conclusions reached by CheckPoint in its recent Brand Phishing Report, which analyzed the record of this type of attack carried out during the first quarter of this year.

In its report, CheckPoint analyzed phishing attacks targeting large companies and organizations such as LinkedIn, DHL, Google, Microsoft, Apple or WhatsApp.

During the first quarter of 2022, the professional social network completed 52 % of all registered attacks globally.

This figure is 44 % higher than the figure registered in the previous quarter, of 8 %. In addition, it is the first time that the platform has led the ranking of the most attacked websites.

Haga clic en el enlace para suscribirse a nuestro grupo de medios y noticias en Telegram: https://t.me/G_ELSUMARIO_Noticias

Source: dpa

La entrada LinkedIn has been the center of phishing attacks apareció primero en Bitfinance.

The telecommunications company T-Mobile is conducting a “deep technical” investigation of its systems to verify the nature of the massive data breach, which could be affecting more than 100 million users.

This was announced in a statement by the telecommunications giant, ensuring that an “unauthorized access to the T-Mobile database was detected, but we have not determined that any personal data of the client has been violated.”

Hackers claimed to have extracted sensitive information for some 100 million customers from the telephone operator’s database. According to posts on Vice’s Motherboard, the seller offered “complete information on T-Mobile customers.”

The seller noted that he is privately selling most of the information, however, it will hand over a subset of data containing 30 million social security numbers and driver’s licenses in exchange for payment in BTC.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver’s license information and you are requesting 6 BTC which is equivalent to about $ 287,000.

T-Mobile has also been the victim of this type of cybersecurity scandal in other occasions. Last February the mobile company was sued by a victim who lost $ 450,000 in Bitcoin in a SIM swapping attack.

Other big US companies such as Facebook, Yahoo and Marriott have also been victims of cybercriminals, involving more than 100 million customers.

M. Rodríguez

Source: laprensa.hn

La entrada Hackers breach T-Mobile’s database apareció primero en Bitfinance.

The new Paraguayan bill arises from the need for comprehensive data protection, taking into account all current digital development and its incorporation into everyday life. According to the explanatory memorandum of the legal text, this proposal is intended to provide a “comprehensive treatment of personal data” and ensure the “right to privacy in the digital age.”

The legislative text, which is inspired by the diversity of regulations existing on the European continent, considers that individuals not only want to protect their data in the financial sector, but also in all areas related to digitization or the virtual world as a right fundamental in today’s society.

The constitutional framework does not contemplate the concept “protection of personal data” or “informational self-determination”, being the power by which the individual can control their data. However, in articles 33, 24 and 35 of the Constitution, which refer to the rights to privacy, inviolability of private areas and identification documents, it can be interpreted that these concepts were protected.

Background

Until October 2020, Paraguay had Law 1682/01, which was in charge of regulating private information and its amendments. But it was limited to information that could not be disseminated, and was also not outdated because it did not contemplate internet stocks and everything related to the digital age.

As of October 2020, Law 6534/20 on the “protection of personal credit data” comes into force, repealing the previous rule and its amendments, leaving all information that is not in the credit spectrum legally disregarded.

M. Rodríguez

Fuente: thecryptolegal.com

La entrada Paraguay launches new law for personal data protection apareció primero en Bitfinance.