What is SMS Bombing?
Mobile devices send text messages through the Short Message Service (SMS). Although the majority of us are accustomed to sending one special message at a time, several services are available that can significantly speed up and increase the frequency of your messaging. An SMS bomber is a piece of software that repeatedly copies the same message and transmits it to a specific receiver. You obtain the programme online and utilise the text-messaging capabilities of your phone to send the SMS bombs.
Online downloads of the apk files are accessible for SMS bombing, which uses freeware. SMSBomber, BombItUp, and TXTBlast are some well-known SMS bombing applications. The websites frequently take advantage of weak API points owned by other companies that are actually used to deliver OTPs and messages to authorised users for login, password reset, etc. The attackers use their scripts to make GET/POST queries on these APIs, which automates message transmission and aids in planning SMS bombing attacks.
Also Read: https://tsaaro.com/newsletter/online-pharmacies-and-data-privacy/
Why should it matter to you?
Many times, your friend might bombard you with these messages, just for the sake of a prank, but it can be at the risk of breaching his privacy or might as well yours. These applications and websites that help pull such tricks off can sneak into the systems used to pull this prank off, and guess what happens next?
Yep, you guessed it right. A Privacy and Security breach.
While there are several ways through which these breaches can be taken care of, a more straightforward method would be to stop pranking your friends (if you are) this way, and if you are being pranked on, maybe just don’t open and click on any links in these messages.
Also Read: https://tsaaro.com/newsletter/the-general-obligations-of-the-data-fiduciaries-under-the-dpdp-act-2023/
Major Privacy Updates of the Week
Uber blames recent security breach on LAPSUS$ hacking group
A cyberattacker gained access to Uber‘s computer network, according to the company, and after obtaining the employee’s login information from the dark web, entered the account of an EXT contractor. Uber said the contractor unintentionally accepted a verification notification that eventually gave the attacker access. Uber has online security measures in place for employee logins. From there, the attacker gained access to a number of worker accounts and applications like G-Suite and Slack. Uber blamed the hacker collective Lapsus$, which in 2022 breached Microsoft, Cisco, Samsung, Nvidia, Okta, and other companies using similar methods.
Morgan Stanley fined $35 million by US authorities for failing to protect customer data
The largest provider of financial services in America, Morgan Stanley, agreed to pay a $35 million fine to the Securities and Exchange Commission (SEC) for data security violations. The corporation would have permitted about 1000 unencrypted hard drives (HDDs) and about 8000 backup tapes from decommissioned data centres to be resold on auction websites without being initially erased, according to the SEC’s lawsuit. According to the SEC complaint, the unlawful disposal of the devices allegedly began in 2016 and was a part of an “extensive failure” that exposed the data of 15 million users.
Australian telecommunications provider Optus suffers cyber-attack compromises customer’s personal information
One of the biggest #telecommunications service providers in Australia, Optus Telecom, managed to escape a hack that revealed the data of its clients. The birth dates and contact information were accessible to the hackers. Some of the users’ driving license information has been made public. Additionally, a handful of the user’s passports and mailing addresses were stolen. Optus, however, claimed that the information pertaining to payments and passwords had not been altered. Nearly nine million people have been impacted by the cyberattack.
Meta sued for collecting users' data despite Apple's privacy features
Meta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking, within its Facebook and Instagram apps. Meta has been known to disagree with #ATT. The act of tracking users is a clear violation of Apple’s App Tracking Transparency (ATT) policy, which mandates that apps obtain users’ permission before tracking them across apps and websites run by other businesses.
Crypto trading firm Wintermute loses $160 million in DeFi hack
Leading #cryptocurrency market maker Wintermute has disclosed that hackers were able to take $160 million from the business’s decentralised finance (DeFi) division. The hack adds London-based Wintermute to the long list of businesses affected by cyber security breaches. In total, 90 different assets worth a combined $160 million were taken in the hack.
Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro
