Tag: Cybersecurity

  • Scam Involving International Missed Calls on WhatsApp

    As this report in The Indian Express explains, “many WhatsApp users in India have reported receiving a spate of missed calls from international numbers” and “[t]he scam has caught the government’s attention.”

    This is how the scam works: 

    “The scam typically involves defrauding unsuspecting people on platforms such as WhatsApp, where the victim, who responds to a missed call, is promised money for YouTube video likes or a positive Google review. The scammer makes initial payments to the victim, who is invited to join a group, typically on Telegram app. The victim is encouraged to “invest” small amounts for bigger payouts, but after a considerable sum has been invested, they are blocked from the group.” 

    Further investigation by The Indian Express revealed that “the fraudster who intends to target multiple people doesn’t even need to manually call each of them” as “automatic dialer software” can make multiple calls to an entire database of numbers “in one go.” 

    Reportedly, experts have “pointed to holes in WhatsApp’s security systems” but “[a] detailed questionnaire sent to WhatsApp on whether it was aware that its platform was being used by an ecosystem that created fake accounts to scam people and if it was working to strengthen its firewall remained unanswered till the time of publication of” the report. 

    Read the full report here.

  • Spate of Privacy Breaches by Healthcare Businesses

    According to this report, “Telehealth company Cerebral is facing a lawsuit that accuses the company of installing tracking technologies on its website and app that led to the protected health information of more than 3 million patients to be sent to social media companies.” 

    This is happening against the backdrop of “14 other hospitals and health systems around the country” facing lawsuits “alleging use of these tracking technologies on their websites.”

    Read the full report here.

  • Data Security Concerns Over the Use of Generative AI Tools

    A study by an Israeli firm Team8 got widely picked up by media outlets because of the concerns it raises about corporate secrets and customer information. 

    As one report says: 

    “The report said that companies using such tools may leave them susceptible to data leaks and laws. The chatbots can be used by hackers to access sensitive information. Team8’s study said that chatbot queries are not being fed into the large language models to train AI since the models in their current form can’t update themselves in real-time. This, however, may not be true for the future versions of such models, it added.”

    Bloomberg News covered the study first and is said to have received it “prior to its release.” As the Bloomberg report says: 

    Major technology companies including Microsoft Corp. and Alphabet Inc. are racing to add generative AI capabilities to improve chatbots and search engines, training their models on data scraped from the Internet to give users a one-stop-shop to their queries. If these tools are fed confidential or private data, it will be very difficult to erase the information, the report said. 

    Read the complete Bloomberg report on the Team8 study here.

  • Widespread Vulnerability to Cyberattacks

    This article on Dark Reading about a report published by cybersecurity firm Rezilion states that “[m]ore than 15 million instances of Internet-connected applications, services, and devices are vulnerable to software flaws that the US government has confirmed are being exploited by attackers in the wild.” While “[t]ypically, only a small fraction of vulnerabilities are exploited every year”, Yotam Perkal, director of vulnerability research at Rezilion, is quoted as saying that vulnerabilities “are being exploited, continuously, by sophisticated threat actors as well as advanced persistent threat (APT) groups.” 

    Furthermore, these estimates could be conservative “as the services affected by more than one vulnerability were counted only once” and Perkal reportedly thinks that “it is safe to assume that the actual number of vulnerable instances is much higher.” 

    Read the full article here.