Towards Cybersecurity

In this article, I am explaining about phishing and its types. So, Let's begin. Phishing is one of the most destructive and internet's oldest cyberattack in which an attacker steal private sensitive information like username, password, payment details, etc. It uses social engineering as well as spoofing tricks . Social engineering means collecting personal information about a targeted person or an organization which gives an attacker the complete detailed analysis of the target. Spoofing means pretending as a legitimate source so that the target believes it's legitimate. That means attackers use social engineering tricks to analyze the targeted person and use spoofing tricks to attract the targeted person in entering a phishing website or downloading malware. The most popular form of phishing is Emails and it looks like as it comes from a legitimate (trusted) source. So, the targeted person believes it's trustworthy and attacker tricks the ta

Security researcher, Bob Diachenko found that 4,282 Android apps that use Google's Firebase are leaking users' personal sensitive data includes their usernames, passwords, phone numbers, email addresses, IP addresses, location data, and chat messages. Bob Diachenko also found that around 4.8% of Android apps are not properly secured due to misconfiguration and that allows anyone to access database which contains users' private sensitive information without a password or any other type of authentication. Google's Firebase is a popular mobile and web application development platform . It offers various functionality like analytics, databases, file storage, authentication, fix issues, in-app messaging, and etc. Google's Firebase services used by 30% of all Android apps. Misconfigured apps cover education, entertainment, games, travel, local, and business categories. Also, these misconfigured apps found to be installed by 4.22 B times by users . If

India's largest online learning platform, Unacademy was affected by a data breach and around 22 Million users record put up for sale in the Dark Web. Unacademy which has a market value (OMV) of more than 500 million US dollars has more than 20 million registered users, a million video lessons, and more than 14,000 teachers. Cyble which is a cyber intelligence company has found on 3rd May that an attacker has started to sell an Unacademy's database which has around 22 Million users records for $2000. The database actually consists of a total of 21,909,707 user records. These user records include first names, last names, joined date, last login data, email addresses, usernames, hashed passwords, etc. An attacker breached Unacademy's database from 26th January 2020 because the last account created in the Unacademy's database is from that date. It is also found that lot's of Unacademy's accounts using an organization's emails exi

Xiaomi Smartphone Users Beware !! It has been collecting its millions of smartphone users private sensitive data. Also, Xiaomi is storing this private sensitive information on servers located in Russia and China. Gabi Cirlig who is a security expert has found that his Redmi Note 8 smartphone was collecting his internet activity includes a history of visited sites, queries on search engines, etc and also forwarded this sensitive information to servers located in China and Russia. The popular browser applications from the Xiaomi smartphone like Mi Browser Pro , Mint Browser which is included by default in Xiaomi's smartphones are stealing user's browsing behavior even if users are browsing through the incognito mode of browser. Gani Cirlig also found that this could be happening in other Xiaomi's smartphones as well includes Xiaomi Mi MIX 3 , Xiaomi Mi 10 , Redmi K20 . Because all Xiaomi's smartphones share the same browser code. Gani Cirlig als