Page 11234..1020..»

Category Archives: Tor Browser

Over 25% Of Tor Exit Relays Are Spying On Users’ Dark Web Activities – The Hacker News

Posted: May 11, 2021 at 10:56 pm

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.

"The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months."

It's the latest in a series of efforts undertaken to bring to light malicious Tor activity perpetrated by the actor since December 2019. The attacks, which are said to have begun in January 2020, were first documented and exposed by the same researcher in August 2020.

Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through a series of relays in order to mask a user's IP address and location and usage from surveillance or traffic analysis. While middle relays typically take care of receiving traffic on the network and passing it along, an exit relay is the final node that Tor traffic passes through before it reaches its destination.

Exit nodes on the Tor network have been subverted in the past to inject malware such as OnionDuke, but this is the first time a single unidentified actor has managed to control such a large fraction of Tor exit nodes.

The hacking entity maintained 380 malicious Tor exit relays at its peak in August 2020, before the Tor directory authorities intervened to cull the nodes from the network, following which the activity once again crested early this year, with the attacker attempting to add over 1,000 exit relays in the first week of May. All the malicious Tor exit relays detected during the second wave of the attacks have since been removed.

The main purpose of the attack, according to nusenu, is to carry out "person-in-the-middle" attacks on Tor users by manipulating traffic as it flows through its network of exit relays. Specifically, the attacker appears to perform what's called SSL stripping to downgrade traffic heading to Bitcoin mixer services from HTTPS to HTTP in an attempt to replace bitcoin addresses and redirect transactions to their wallets instead of the user-provided bitcoin address.

"If a user visited the HTTP version (i.e. the unencrypted, unauthenticated version) of one of these sites, they would prevent the site from redirecting the user to the HTTPS version (i.e. the encrypted, authenticated version) of the site," the maintainers of Tor Project explained last August. "If the user didn't notice that they hadn't ended up on the HTTPS version of the site (no lock icon in the browser) and proceeded to send or receive sensitive information, this information could be intercepted by the attacker."

To mitigate such attacks, the Tor Project outlined a number of recommendations, including urging website administrators to enable HTTPS by default and deploy .onion sites to avoid exit nodes, adding it's working on a "comprehensive fix" to disable plain HTTP in Tor Browser.

"The risk of being the target of malicious activity routed through Tor is unique to each organization," the U.S. Cybersecurity Security and Infrastructure Security Agency (CISA) said in an advisory in July 2020. "An organization should determine its individual risk by assessing the likelihood that a threat actor will target its systems or data and the probability of the threat actor's success given current mitigations and controls."

"Organizations should evaluate their mitigation decisions against threats to their organization from advanced persistent threats (APTs), moderately sophisticated attackers, and low-skilled individual hackers, all of whom have leveraged Tor to carry out reconnaissance and attacks in the past," the agency added.

Excerpt from:
Over 25% Of Tor Exit Relays Are Spying On Users' Dark Web Activities - The Hacker News

Posted in Tor Browser | Comments Off on Over 25% Of Tor Exit Relays Are Spying On Users’ Dark Web Activities – The Hacker News

Joy-Anna Duggar & Husband Austin Forsyth Break Silence On Brother Josh Duggar’s Child Pornography Arrest: The Accusations ‘Sadden Us To Our Core’…

Posted: at 10:56 pm

Article continues below advertisement

As OK! reported, Josh was arrested on Thursday, April 29, and was detained without bail. During his arraignment hearing one day later, his attorney pleaded not guilty to two federal charges of receipt and possession of child pornography. He was released on Thursday, May 6, and is awaiting his July 6 trial. His pretrial is set for July 1.

On Saturday, May 8, Joy-Anna took to her Instagram Story, on behalf of her and Austin, to issue a statement regarding the troubling charges brought against her brother. While keeping their message vague, the couple said they are trying to process the recent controversy and condemned any form of child abuse.

Article continues below advertisement

Source: Joy Forsyth/Instagram; Washington County Sheriff/MEGA

"The recent accusations brought against Josh sadden us to our core," their statement read. "We have not wanted to be hasty in making any statements while trying to process the news ourselves. We are especially heartbroken by the reality that there are children in the world being harmed and exploited."

Article continues below advertisement

"We ask for prayer for all those involved," Joy-Anna and Austin concluded, "and it is our continued prayer that the truth comes to light."

Article continues below advertisement

Josh was released from Washington County Detention Center in Fayetteville, Ark., last week after his virtual detention hearing on Wednesday, May 5. At the time, Judge Christy Comstock granted his bail but refused to allow him to return in his family home, where his six minor children live. In the meantime, Josh's family friends, pastor LaCount Reber and Maria Reber, agreed to house him until his trial next month.

The 19 Kids and Counting star also cannot be around other children and will be monitored by a GPS. However, Josh will be allowed to visit his children as long as his wife, Anna who is pregnant with the couple's seventh child is present.

Article continues below advertisement

As OK! reported, Anna announced the couple's seventh bun in the oven days before Josh was arrested in connection to a May 2019 Homeland Security raid on his Arkansas car dealership as part of an "ongoing federal investigation."

During his detention hearing last week, Homeland Security Investigations special agent Gerald Faulkner alleged that Josh downloaded files depicting child sex abuse on May 14, 15 and 16 of 2019, which were allegedly flagged and traced back to his IP address on a computer from his car dealership.

Article continues below advertisement

During the raid and before Josh knew what the agents were investigating he allegedly asked: "What is this about? Has someone been downloading child pornography?" When asked about the content of children reportedly ages 5-10 allegedly found during the federal investigation, Josh responded: "I'd rather not answer that question," Faulkner claimed.

Article continues below advertisement

The investigators also uncovered a program, Covenant Eyes, that was installed onto his computer, which would alert his wife when objectionable content was being searched for. However, the site was apparently unable to detect Josh's internet usage after he installed a password-protected network on his computer, the agent said during the virtual hearing.

Josh reportedly admitted that he had a TOR browser on his computer, allowing him to access the dark web (which is used for child pornography, Faulkner explained). There was reportedly no evidence that it was him who downloaded the browser.

Article continues below advertisement

The 33-year-old faces up to 20 years behind bars and $250,000 in fines on each count if convicted.

Josh was previously under fire in 2015 when a 2006 police report was released, revealing he had been investigated as a teen for molesting five underage girls. His sistersJill, 29, andJessa, 28, reportedlystepped forward as two of the victims.

Originally posted here:
Joy-Anna Duggar & Husband Austin Forsyth Break Silence On Brother Josh Duggar's Child Pornography Arrest: The Accusations 'Sadden Us To Our Core'...

Posted in Tor Browser | Comments Off on Joy-Anna Duggar & Husband Austin Forsyth Break Silence On Brother Josh Duggar’s Child Pornography Arrest: The Accusations ‘Sadden Us To Our Core’…

Pornography consumption has become widespread among young netizens, study – Hindustan Times

Posted: at 10:56 pm

Nearly four-fifths of 16 and 17-year-olds have encountered pornographic content on the Internet, which is a multibillion-dollar business.

Pornographic content is virtually ubiquitous on the Internet, and surveys suggest that 25 per cent of all searches lead to explicit content. Given the size of the market, it's not surprising that young people are drawn to such sites, which are only a couple of clicks away. The study was published in the journal Policy and Internet.

Professor Neil Thurman of the Department of Media and Communication (IfKW) at Ludwig-Maximilians-Universitaet (LMU) in Munich, in collaboration with statistician Fabian Obster (Universitat der Bundeswehr Munchen), has carried out a study on the use of pornographic sites by young people. Based on a survey involving a sample of 1000 British adolescents, the survey also provides pointers for regulators and legislators in Germany.

Overall, 78 per cent of users between the ages of 16 and 17 reported that they had encountered pornography on the Internet. Moreover, many of them stated that they visited dedicated pornographic websites frequently. Those who participated in the survey admitted that, on average, they had last visited such sites 6 days prior to filling in the questionnaire.

Many respondents said they watched porno videos and viewed picture galleries on that very day. Analysis of the responses indicated that adolescents spent an average of 2 hours per month on commercial pornographic websites, almost always accessed on their smartphones or tablets.

The survey also revealed that young consumers are also turning to social media portals for access to explicit material. Adolescent users of online pornography are more likely to be male.

Well acquainted with VPNs and the Tor browser

In Germany, the UK, France and Canada, efforts are now underway to regulate access to legal online pornography, and in some cases measures have already been implemented. These include provisions for mandatory age verification prior to the admission of users to such websites.

But, according to Thurman's survey, around half of the respondents had used VPNs or the Tor browser. Both tools anonymize connection data, thus allowing country-specific restrictions to be circumvented.

"At present, the online pornography market is highly concentrated. It is dominated by a few global firms. Indeed, only a handful of websites account for the majority of consumption," Thurman says.

In the context of measures to protect minors, he therefore suggests that, in additional to country-specific measures, there should also be pressure placed on the major global publishers of pornography, to encourage them to introduce effective age restrictions in all the markets in which they operate. In addition, similar regulations should be applied, as is already happening in the UK, to social-media platforms.

Follow more stories on Facebook and Twitter

Go here to see the original:
Pornography consumption has become widespread among young netizens, study - Hindustan Times

Posted in Tor Browser | Comments Off on Pornography consumption has become widespread among young netizens, study – Hindustan Times

5 ways to keep your online searches private in the digital age –

Posted: May 9, 2021 at 11:20 am

(Unsplash Photo)

Google processes over 40,000 searches every single second, according to Did you know that there are some things you should never search for? Tap or click for seven Google searches that can land you in serious trouble.

For your more embarrassing or private queries, you may think youre protecting yourself entirely with incognito mode, but that only goes so far. Tap or click here to see what incognito mode is really good for and what it cant do.

Lets take a closer look at the privacy options available to you. This post should be required reading for anyone in todays digital age. So, be sure to share it out on your social media accounts.

1. Know what private windows do

In most browsers, select File > New Private Window or hit the three-dot menu near the search bar to open a new incognito or private window. Heres where a lot of people fall for this privacy myth.

Dont make a mistake and think this privacy feature blocks what you search or sites you visit from your internet provider, work or school, or even a search engine. A private window only wipes out local data like your search history, cookies, and anything you entered into a form.

2. Stop searching using Google

If you dont want to be tracked, use an alternative to Google.

StartPage calls itself the worlds most private search engine. The Netherlands-based company pays Google for the use of its search algorithm but strips out the tracking and advertising that usually comes along with it. You get a Google-like experience, along with the promise that your data will never be stored, tracked, or sold.

Test it out at You can also set StartPage as your browsers default search engine.

DuckDuckGo is another option that doesnt track you the way Google does. It doesnt allow targeted advertising, results are not based on your search history, and youll see fewer ads based on your search.

Its easy to use and install, too, with an extension that plugs in with all the major browsers. You can also search at

Want more? Tap or click for more search alternatives to Google that respect your privacy.

3. Wipe your browsing history

Aside from being tracked by companies and your ISP, there are other reasons you dont want people to see your browser history. Perhaps you need to look up something private (and embarrassing) or not want to spoil a surprise. Clearing things out takes a few clicks in your browser of choice.

There are steps to follow for each browser and even your social media accounts. Tap or click here for all the steps you need for Chrome, Firefox, Edge, Safari, and more.

4. Hide yourself with a VPN

A virtual private network, or VPN, is a layer of protection between your devices and the internet. It hides your IP address and your location, and its the most effective way of keeping yourself private online.

Think about everything you have to protect. The products you look up, medical conditions you search for, people you Google its all compiled into the dossier about you.

A VPN sends your internet traffic through an encrypted tunnel, effectively blocking your identity. Without one, youre handing over a ton of information to the sites you browse and apps you use, along with your ISP, your mobile carrier, and anyone else who goes snooping.

A word of caution: Some VPNs track you or, worse, collect and sell your data just like all the companies youre trying to avoid. Many cheap or free VPNs make money by selling your data to ad companies, so do your research. I use and recommend ExpressVPN, a sponsor of my national radio show.

5. Use a privacy-focused browser

You can go a step further and download the Tor Browser. You may know Tor as the browser used to access the Dark Web. That doesnt mean its nefarious by nature.

Wondering whats on the Dark Web? Tap or click here for steps on how to access it as well as what youll find.

With Tor, your browser history and cookies are cleared after every browsing session. It also unblocks restricted websites and encrypts every website three times before you visit it. You can download or learn more about Tor here if youre interested.

If it feels like your privacy is tough to hold onto, well, youre right. But you can take steps to secure yourself. With a bit of effort, you can keep Big Tech and advertisers out of your business.

What digital lifestyle questions do you have? Call Kims national radio show and tap or click here to find it on your local radio station. You can listen to or watch The Kim Komando Show on your phone, tablet, television or computer. Or tap or click here for Kims free podcasts.

Read more:
5 ways to keep your online searches private in the digital age -

Posted in Tor Browser | Comments Off on 5 ways to keep your online searches private in the digital age –

Browse The Intercept Using Our New Tor Onion Service – The Intercept

Posted: April 29, 2021 at 12:42 pm

Websites that end in .onion are known as Tor onion services or if you want to be dramatic about it, the dark web. Heres how it all works.

When you load a website in a normal web browser like Chrome, Firefox, Safari, or Edge, you make a connection over the internet directly from your house (or wherever you happen to be) to the web server youre loading. The website can see where you are coming from (and track you), and your internet service provider can see which website youre loading (and track what youre doing and sell advertising based on your activity).

But if you open Tor Browser and load the same website, none of those parties can spy on you. Even Tor itself wont know what youre up to. Within the network, consisting of thousands of nodes run by volunteers across the internet, you do not connect from your house directly to the web server. Instead, your connection first bounces between three Tor nodes and then finally exits the Tor network and goes to the website. The website cant see where youre coming from, only that youre using Tor. Your ISP cant see what website youre visiting, only that youre using Tor. And the Tor nodes themselves cant fully track you either. The first node can see your home IP address, because you connect directly to it, but cant see what site youre loading, and the last node (also called the exit node) can see what site youre loading but doesnt know your IP address.

In short, Tor Browser makes it so people can load websites anonymously. Tor onion services do the same thing, except for websites themselves.

So what exactly is an onion service? Just like when people use Tor Browser to be anonymous, web servers can use Tor to host anonymous websites as well. Instead of using normal domain names, these websites end with .onion.

If you load an onion site in Tor Browser, both you and the web server bounce encrypted data packets through the Tor network until you complete an anonymous connection, and no one can track anyone involved: Your ISP can only see that youre using Tor, and the websites ISP can only see that its using Tor. You cant learn the websites real IP address, and the website cant learn yours either. And the Tor nodes themselves cant spy on anything. All they can see is that two IP addresses are both using Tor.

Onion services have another cool property: The connection never exits the Tor network, so there are no exit nodes involved. All the communication between Tor Browser and the web server happens in the dark.

When people hear about the dark web, they tend to think about shady things like drug markets and money laundering. That stuff is, in fact, facilitated by anonymous websites running Tor onion services, just as its facilitated by the normal, non-anonymous internet. But its not the only use of onion services by a long shot.

The Intercept along with dozens of other newsrooms around the world, including pretty much every major news organization, run Tor onion sites for SecureDrop, a whistleblower submission platform. With The Intercepts new onion service for readers of our website, well also join the ranks of the New York Times, ProPublica, BuzzFeed News, The Markup, and other news organizations in making their core websites available as onion services.

I also develop an open source tool called OnionShare which makes it simple for anyone to use onion services to share files, set up an anonymous drop box, host a simple website, or launch a temporary chat room.

But, by far, the most popular website on the dark web is Facebook. Yup, Facebook has an onion service. For when you want some but not too much anonymity.

Continue reading here:
Browse The Intercept Using Our New Tor Onion Service - The Intercept

Posted in Tor Browser | Comments Off on Browse The Intercept Using Our New Tor Onion Service – The Intercept

Has Google "FLoCed" you? This website lets you know if your browser is using the new tech – TechRepublic

Posted: at 12:42 pm

The Electronic Frontier Foundation has a website that "will tell you whether your Chrome browser has been turned into a guinea pig" for the Federated Learning of Cohorts.

Image: GettyImages/gremlin

Google's Federated Learning of Cohorts (FLoC) trial is underway in select areas around the globe. The tracking system has drawn scrutiny for privacy and security concerns. In fact, the Electronic Frontier Foundation (EFF) created a website to let people know if they've been "FLoCed." So how does FLoC work and how is this system different than the old cookie-based method? And, most importantly, how do you know if you've been "FLoCed"?

SEE:Electronic Data Disposal Policy(TechRepublic Premium)

In March, Google published a blog post announcing the initial rollout of a Chrome "developer origin trial" for its Federated Learning of Cohorts (FLoC) tracking system. The company said the technology "is still in development" and expects FLoC to "evolve based on input from the web community and learnings from this initial trial."

The FLoC rollout has drawn plenty of pushback in recent weeks. TechRepublic's sister site, ZDNet, previously reported a WordPress Core proposal to block FLoC as well as browser Brave disabling the tracking system.

In an article titled "Google's FLoC is a Terrible Idea," the EFF said that "no one should mourn the death of the cookie as we know it," stating the third-party tracking tool has "been the lynchpin in a shadowy, seedy, multi-billion dollar advertising-surveillance industry on the Web."

The EFF also created which the organization says "will try to detect whether you've been made a guinea pig in Google's ad-tech experiment."

Companies have taken measures to block third-party cookies, including browsers Safari and the Tor Browser, as ZDNet reported last spring. In 2019, Google announced its Privacy Sandbox initiative and outlined challenges associated with blocking cookies, explaining that doing so encourages other techniques a la fingerprinting in which a person's device or installed fonts "generate a unique identifier" to match people online.

Additionally, without providing an alternative way for publishers to "deliver relevant ads," blocking cookies reduces funding for publishers and, in turn, "jeopardizes the future of the vibrant web," Google explained.

Instead, FLoC provides a "viable advertising business model" for publishers and boosts privacy, Google said in the March blog post.

The company said FLoC maintains individual anonymity and allows publishers to present ads to "large groups" of web browsers which it calls "cohorts" who are "defined by similarities in browsing history, but they're not based on who you are individually."

Once grouped with "thousands of other people," Gooogle said the specific group's identification number is the "only thing provided when requested by a site" explaining this is different from the third-party cookie approach which enables companies to track people "individually across different sites."

SEE:Snowflake data warehouse platform: A cheat sheet (free PDF)(TechRepublic)

An initial FLoC test is underway involving a "small percentage of users" across the U.S., New Zealand, Australia, Canada, Brazil, India, Japan, Mexico, Indonesia and the Philippines with the tech coming to other areas as the trial expands, according to Google. The company said it would introduce a Chrome Settings control in April allowing people to opt-out of Privacy Sandbox proposals including FLoC.

Learn the latest news and best practices about data science, big data analytics, and artificial intelligence. Delivered Mondays

View post:
Has Google "FLoCed" you? This website lets you know if your browser is using the new tech - TechRepublic

Posted in Tor Browser | Comments Off on Has Google "FLoCed" you? This website lets you know if your browser is using the new tech – TechRepublic

Six reasons you should be switching to the Brave browser –

Posted: at 12:42 pm

Something that might not seem important is your choice of browser. Google Chrome, Microsoft Edge and Opera, are all just iterations of the same thing right?

If that thing is Chromium, then yes you would be correct, but all of these browsers employ variations on Chromium that make them unique while still using the same DNA. In fact, once you start digging into these browsers youll find they all behave and collect data differently.

But there is a Chromium-based browser that we love for many reasons and wed urge our readers to start using. That browser is Brave and having used it since version 1.0 was released in November 2019, weve never felt the need to switch to another browser.

The browser claims to put you back in control of your data by blocking intrusive ads and trackers by default. After nearly two years of using Brave, were starting to see what the internet would look like if companies didnt bid for every morsel of our data.

We know you need more than that though, so here is why we think you should switch to Brave.

As mentioned in our preamble, Brave allows you to install applications from the Chrome Web Store which is great if like us, you have a number of app extensions you use everyday.

The other benefit is that when new extensions are released, so long as you have updated Brave to the most recent version of Chromium, you should be able to use those extensions.

For example, if you hate the new Google Suite icons, there is a browser extension for Chrome, and by extension Brave, that you can use to switch them back to the older, more familiar icons.

One of the benefits of blocking trackers and advertising by default is that websites will load faster as they dont have to prime all the features that follow you around.

In reality this time saving is minimal. Following a format of our PC in January and reinstalling Brave, we have saved just under 24 hours we wouldve spent waiting for pages to load.

When comparing Chrome, Opera and Firefox to Braves loading times on YouTube (with a Premium subscription that removes advertising) the page loads slightly faster on Brave but not so fast youll notice it immediately.

The most important feature in Brave is located right in the omni-bar and it is called Shields.

This is, for all intents and purposes, Braves ad-blocker though just calling it an adblocker does it a disservice.

Shields does a number of things including:

Unfortunately, Brave is so good at blocking these that some websites just wont work because the browser is blocking pop-ups and the like. For example, a payment platform refused to move us to the next step because that step came in the form of a pop-up, which Brave blocked.

Thankfully, switching Shields on and off is as simple as clicking a button and Brave will remember to keep Shields switched off for that website.

You can also set how aggressively you want Brave to block trackers and advertising

One of the features of Brave often used to entice new users is the fact that you can earn money for just browsing.

While that is true, its also stretching what you the user needs to endure.

The adverts you see are delivered as desktop notifications that will appear constantly while the browser is open. Playing a game with Brave open? Get an advert. On a call with Brave open? Get an advert.

For this you will earn Basic Attention Tokens (BAT) which you can deposit into your wallet and use for a number of things.

You can of course have Brave deposit BAT into your wallet every month or you can have Brave divide your earnings up and send it to creators you want to contribute to.

Dont expect to earn huge amounts though, throughout April weve earned $2.84 and quite honestly its not worth the constant barrage of adverts we endured.

Right, before we dive into this if you are using the Tor network for serious reasons such as trying to evade a dangerous government or you are seriously trying to remain private, you should use the Tor browser directly from the Tor project.

We say this because unfortunately, in February it was discovered that the Tor feature was leaking .onion URLs visited by users. This has since been fixed but rather safe than sorry right?

If, however, you simply want to browse the dark web and see what there is to see, Brave is a convenient way to do that without having to download a separate browser. Just note that the speed benefits we mentioned earlier disappear when using Tor.

In addition you can also set Brave up to use DuckDuckGo by default in incognito mode for an extra layer of privacy.

The Federated Learning of Cohorts or FLoC is a term you may have encountered in recent weeks.

This is because its a new way to serve ads that Google is proposing by framing it as a positive.

Rather than targeting ads based on your individual preferences, FLoC puts users into groups and targets groups rather than an individual.

How is this a bad thing? Brave explains.

Say I run a website selling polka music, and I serve a dedicated community of die-hard polka fans. My site is successful because Ive identified a niche market that is poorly served elsewhere, which allows me to charge higher than, say, Amazon prices. However, FLoC may stick users browsing in Chrome in a polka music lover cohort, and begin having my users broadcast their polka love to other sites, including Amazon. Amazon could then peel off my polka-record buyers, leaving me worse off, the firm explains.

Brave argues that FLoC could mean worse privacy for you and not better as Google would have you believe.

Many similar examples are possible, but the general point is that FLoC will have your users broadcast their interest in your site (and sites like your site) to unrelated sites on the Web. Those other sites may use this information to engage in forms of price discrimination, or otherwise more aggressively market to your users. Programmatic ad-tech has done exactly this for years, and FLoC would continue this practice into the post third-party cookies era, adds Brave.

Brave isnt alone in this blocking of FLoC thankfully. Microsoft, Mozilla, Apple and even Opera have expressed a dislike for this method of tracking.

Brave is blocking FLoC right out of the gate and so if you needed any reason to switch, this is a rather good one.

Brave is available to download for free on Windows, macOS (Intel and ARM64 iterations), Linux, iOS and Android.

See the rest here:
Six reasons you should be switching to the Brave browser -

Posted in Tor Browser | Comments Off on Six reasons you should be switching to the Brave browser –

Mobikwik user data has leaked, here is what happened and this is what you should do next – India Today

Posted: March 31, 2021 at 3:20 am

In what is believed to be one of the worst cases of data leaks, important information of 9.9 crore Mobikwik users has been leaked online, which the digital payments company has denied. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.

Mobikwik has denied these claims saying that it is a regulated entity and takes security very seriously. The platform claimed that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.

The recent data leak is of serious nature as it is said to have exposed important user information including mobile phone number, bank account details, email, and even credit card numbers of 9.9 crore Mobikwik users. The screenshots of the Mobiwik breach were posted on Twitter by French security researcher who goes by the name Elliot Alderson. He called it the largest KYC data leak in the history.

Even though Mobikwik has denied this leak, there are number of reasons to believe that a breach was made. First, a group of hackers by the name of Jordandaven emailed the link of the database to PTI. They shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.

The hackers have maintained that they only want to get money from the company and do not plan to use it otherwise.

However, several users have posted screenshots of Mobiwik users' data put up for sale on dark web. In some cases, this data was being sold for 1.5 bitcoin or about $86,000. Again, the platform has denied the claims.

There is another report claiming that a separate dark web portal has been created which can be used to search data by phone number or email ID and get the specific results out of a total of 8.2 TB of data. Just the sheer size of data uploaded on the portal is alarming.

The payments solution platform has shrugged away the claims of this data leak and has put the blame on users. In a response put out on Tuesday, the platform claimed that all accounts and user information with it were completely safe.

Some users have reported that their data is visible on the dark web. While we are investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source, the statement read.

This isnt the first time when the company has denied these claims. The matter was first brought to light last month by the same security researcher. Back then, Mobikwik had denied these claims and announced that it will take action against the researcher. It hasnt revealed if a complaint has been filed since.

We thoroughly investigated his allegations and did not find any security lapses. Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company. Finally, our legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives, MobiKwik had said on Twitter.

The ongoing tussle between the platform and the researcher leaves Mobikwik users with lot of uncertainty and confusion. Even though the matter will be investigated over the next few days, the users are advised to update their Mobikwik account with new passwords. They should also update passwords to email addresses, setup two-factor authentication (2FA) including OTPs and fixed passcodes, wherever possible.

If you want check if your data is part of the leak, download Tor browser. It a free and open-source web browser that helps you anonymously browse the web. Open this link to access Mobikwik data put online. Search using your name or number to see if it is listed. If nothing shows up, you are safe. If information pops up, then immediately contact your bank and block your cards.

Update The hacker group which set up the website to showcase the stolen data from Mobikwiks servers has pulled it down from the website, claiming that all of it has been deleted from their servers and the users are now safe.

Read more here:
Mobikwik user data has leaked, here is what happened and this is what you should do next - India Today

Posted in Tor Browser | Comments Off on Mobikwik user data has leaked, here is what happened and this is what you should do next – India Today

Week in review: Phishers’ perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE – Help Net Security

Posted: at 3:20 am

Heres an overview of some of last weeks most interesting news and articles:

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.

Tackling cross-site request forgery (CSRF) on company websitesEveryone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldnt do that (they will usually offer a canned hackers can steal your credentials if you do explanation) Cross-Site Request Forgery (CSRF) is that reason.

Phishers perfect targets: Employees getting back to the officePhishers have been exploiting peoples fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives.

Data breaches and network outages: A real and growing cost for the healthcare industryOne year into the COVID-19 pandemic, the Infoblox report reveals major challenges the healthcare industry faced as IT workers scrambled to secure protected health information (PHI) and the infrastructure against the pandemics complex cybersecurity and networking challenges.

How to stay ahead of the rise of synthetic fraudThere are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcementWhile the DMARC enforcement rate increases, 3 billion messages per day are still spoofing the senders identity, Valimail reveals. Email continues to be an effective way to communicate and use has increased during a year of global pandemic, and hackers continue to use email as a primary attack vector, stressing that email security is not going away.

(IN)SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 68 has been released. Its a free download, no registration required.

Hidden areas of security and the future of hybrid workingWith the UK governments roadmap out of lockdown underway, it is predicted that employers will strive to keep the element of flexibility by moving to hybrid working models.

The financial impact of cybersecurity vulnerabilities on credit unionsCybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report.

Cybercriminals capitalizing on our reliance on the cloud90% of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials, according to a research from Centrify.

5G network slicing vulnerability leaves enterprises exposed to cyberattacksAdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operators 5G network, leaving enterprise customers exposed to malicious cyberattack.

Remote workers admit to playing a significant part in increasing their companys cybersecurity risksThe COVID-19 generation of remote workers are admitting to playing a significant part in increasing the cybersecurity risks facing their companies. An Opinium research shows 54% are regularly using their work device for personal purposes, including sharing work equipment with family members.

70% of organizations recognize the importance of secure coding practicesA research from Secure Code Warrior has revealed an attitudinal shift in the software development industry, with organizations bucking traditional practices for DevOps and Secure DevOps.

What businesses need to know to evaluate partner cyber resilienceMany recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third partys (hopefully multi-layered) approach to cyber resilience.

Why DDI technology is fundamental for multicloud successDDI technology, which integrates Domain Name System, Dynamic Host Configuration Protocol and IP Address Management functions, can help provide the solution to meet complexity and security risks head on.

80% of security leaders would like more control over their API securityThere are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals.

How to get affordable DV certificates for onion sitesThe Tor Project, the nonprofit developers of the Tor network and Tor Browser, have announced two exciting developments for onion services: affordable DV certificates for v3 onion sites from HARICA, and new, easy onion site setup guides.

Using memory encryption in web applications to help reduce the risk of Spectre attacksTheres nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Rttger and Artur Janc earlier this month in a nutshell, they showed how the Spectre vulnerability can be used to exfiltrate cross-origin data from any website.

Rapid increase in security tools causing alert fatigue and burn outOn average, enterprises maintain 19 different security tools, with only 22% of such tools serving as vital to primary security objectives, a ReliaQuest survey reveals.

Cybersecurity awareness is too often a part-time effortSANS announced the release of a report which analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs.

Special pricing on CISSP and CCSP training bundleWhether youre motivated by career advancement, higher pay or inspiring a safe and secure cyber world, the (ISC) CISSP and CCSP certifications are professional game-changers. And now through April 30th, you can save 10% on Official (ISC) CISSP or CCSP Online Self-Paced Training when bundled with your exam.

New infosec products of the week: March 26, 2021A rundown of the most important infosec products released last week.

More here:
Week in review: Phishers' perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE - Help Net Security

Posted in Tor Browser | Comments Off on Week in review: Phishers’ perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE – Help Net Security

Dark Web to be Soon Infiltrated by Police in Australia’s New Law – Tech Times

Posted: March 25, 2021 at 2:42 am

Federal Police in Australia now can swarm the Dark Web and look for online crimes committed against the laws and citizens of the country, being one of the firsts in enforcing justice on the internet. While various laws protect people from the internet already, the Dark Web is a different topic as it moves away from the "surface."

(Photo : Photo by Sora Shimazaki from Pexels)

At first knowledge of the Dark Web, most of the transactions and happening within it are illegal, shady, and scary, which compromises different people and has no regard for privacy and safety of different users. Moreover, the Dark Web is one of the most elusive platforms as it requires a sophisticated way to get inside it, using the infamous "Tor Browser" to get in the platform.

Initial misconceptions on the Dark Web are mostly illegal, with people engaging in ruthless acts and behavior on the "dark side of the internet" mostly because their IP addresses are hidden and safeguarded. Moreover, people are not that mistaken, as the main purpose of the dark web is to hide personal information and location so that they can engage in nefarious activities.

Read Also: Ford vs. Tesla: Spokesperson Calls FSD Feature a 'Vaporware' After Popular Investor Calls Out Ford!

According toZD Neton Sunday, March 21, the "Hacking Bill" that was passed to Australia's parliamentary is already in motion, and the Commissioner of Australia's Federal Police (AFP) Reese Kershaw presses down its importance. The bill would help in serving up warrants, tracking down, and arresting people that are engaging in illegal activities on the Dark Web.

The main purpose of this bill is to protect Australia and its citizens, as well as focus on Australian citizens that engage in the malicious acts that are deemed illegal of the country's laws and regulations. In addition to that, this would be an extensive police search, particularly as the Dark Web is a highly complicated platform on the internet.

The AFP would do their best to gather intelligence and track down the illegal activities within their jurisdiction, and reduce the number of people engaging in illegal activities within the country. The Dark Web has resulted in a lot of identity theft and sale from several people, along with arms, drugs, and sexual harassment clips circulating on it.

Kasperskysays that the Dark Web is only accessible by specific websites in the "surface internet" which is the most used aspect or side of the internet that is known to man. With this, people are transported to a new dimension or clarity that allows people to see the different sides of the internet, showing mostly its darker side.

(Photo : Screenshot from Tor Browser)

The Australian authorities have reiterated that there are three parameters of the warrants for the online crimes committed, and the Hacking Bill could be applied for other countries in catching Dark Web crimes. The bill could help in jumpstarting the jurisdiction within the dark web for other nations, essentially helping in reducing crimes and illegal activities.

Related Article:Your iPhone is Vulnerable to Hijacking Calls and Texts; These Secret Codes Could Help You Avoid Them

This article is owned by Tech Times

Written by Isaiah Alonzo

2018 All rights reserved. Do not reproduce without permission.

Continued here:
Dark Web to be Soon Infiltrated by Police in Australia's New Law - Tech Times

Posted in Tor Browser | Comments Off on Dark Web to be Soon Infiltrated by Police in Australia’s New Law – Tech Times

Page 11234..1020..»