Home Blog Page 141

India-based Quoality Systems expose over 1m credit cards

Ana Mary Joseph
-
1
India-based Quoality Systems expose over 1m credit cards
  • Address, nationality, phone number, pickup date and time, means of transportation, source of booking, full credit card details exposed.
  • Quoality fails to adhere to industry standards such as the Payment Card Industry Data Security Standard.
  • Cybernews research team discovers a misconfiguration in Elastic cluster that caused the data leak.

Discovery of a misconfiguration within India-based Quoality Systems has sent shockwaves through the cybersecurity community.

The Cybernews research team unearthed a grave oversight within Quoality’s hotel and guest management platform, Guest Experience (GX), leading to a severe data leak.

The breach has potentially compromised the sensitive information of over a million hotel guests, exposing their financial and personal details to malicious actors on the internet.

Quoality, a company specialising in developing innovative solutions for the hospitality industry, prides itself on offering the Guest Experience platform as a comprehensive tool for managing contactless check-ins and checkouts, hotel services, guest arrivals, automated messaging, and payments.

However, a critical human error made by the company’s developers has now cast a shadow over its reputation and integrity.

A treasure trove of guest data

The data leak such as address, nationality, phone number, pickup date and time, means of transportation, source of booking, full credit card details – was attributed to an Elastic cluster misconfiguration, where inadequate access controls on the Elasticsearch cluster left a treasure trove of guest data vulnerable to exploitation.

Elasticsearch clusters, comprising interconnected nodes for data storage and retrieval, are integral to the real-time indexing and querying capabilities of the platform. Unfortunately, this misstep allowed threat actors to potentially weaponise the exposed information for malicious purposes such as targeted phishing campaigns, doxxing attacks, or spamming activities.

Of particular concern is the revelation that the leaked data includes full credit card details, encompassing sensitive information like CVV codes and expiry dates.

The critical oversight significantly raises the risk of identity theft and financial harm for the affected individuals.

Identity theft

Cybersecurity experts, including Bob Diachenko and Aras Nazarovas from Cybernews, have underscored the gravity of this breach, emphasising the potential ramifications for both the impacted guests and Quoality Systems.

Bob Diachenko, a seasoned security researcher at Cybernews, highlighted the immediate threat posed by the exposure of full credit card details alongside customer booking information.

The combination of data elements not only facilitates identity theft but also opens the door for cybercriminals to exploit victims’ bank accounts through unauthorised transactions, leveraging the leaked information to their advantage.

On the regulatory front, Aras Nazarovas, another security researcher at Cybernews, drew attention to the implications of Quoality’s failure to adhere to industry standards such as the Payment Card Industry Data Security Standard (PCI-DSS).

The mishandling of sensitive payment information not only jeopardises the trust of customers but also exposes the company to potential fines from credit card companies and regulatory bodies for non-compliance with data protection laws and regulations.

The repercussions of this data breach extend beyond immediate financial risks, encompassing broader concerns about data security, privacy, and corporate accountability.

Cybernews have reached out to the company following its responsible disclosure guidelines, and the data is no longer exposed to the public.

“We’ve also asked the company to provide an on-the-record comment to help better understand what happened, but haven’t received any response.”

Preventing misuse of deepfakes require a multi-faceted approach

Contributor
-
0
Preventing misuse of deepfakes require a multi-faceted approach
  • Advances in artificial intelligence and machine learning have led to the development of tools and software that can analyze videos and images to identify signs of tampering or manipulation.
  • It is possible to create a more secure online environment that is less susceptible to the spread of deepfakes.
  • Researchers and developers must work together to stay ahead of the evolving threats posed by deepfakes and develop effective countermeasures to mitigate their impact

The advent of deepfakes, a form of artificial intelligence-generated media that can manipulate and alter faces, voices, and other biometric characteristics, has raised significant concerns about the potential misuse of this technology.

The ease with which deepfakes can be created and disseminated has far-reaching implications for national security, privacy, and the very fabric of trust in online communications.

Sumsub, a global full-cycle identity verification and deepfake solution provider, detected upwards of a 245 per cent year-on-year increase worldwide in the first quarter of 2024..

In the first quarter, the sectors with the most deepfakes were crypto, fintech and iGaming.

Fight AI with AI

The quantity of deepfake cases year on year soared 1,520 per cent in iGaming, 900 per cent in marketplaces, 533 per cent in fintech, 217 per cent in crypto, 138 per cent in consulting, and 68 per cent in online media.

Pavel Goldman-Kalaydin, Head of AI/ML at Sumsub, had said the number and quality of deepfakes is increasing and evolving daily worldwide.

“Even with the most progressive technology, it’s getting much harder to differentiate between a deepfake and reality. The only way forward is to fight AI with AI.”

Moreover, he said that the ultimate tool that keeps businesses protected is a multi-layered anti-fraud solution with different checks at various user journey stages.

Consulting firm Deloitte forecast that deepfake-related losses are expected to soar from $12.3 billion in 2023 to $40 billion by 2027, with banking and financial services being a primary target.

It’s projected that deep fake incidents will go up by 50 per cent to 60 per cent in 2024, with 140,000-150,000 cases globally predicted this year. 

The latest generation of generative AI apps, tools and platforms provides attackers with what they need to create deep fake videos, impersonated voices, and fraudulent documents quickly and at a very low cost.

Unsurprisingly, one in three enterprises don’t have a strategy to address the risks of an adversarial AI attack that would most likely start with deepfakes of their key executives.

Ivanti’s  latest research finds that 30 per cent of enterprises have no plans for identifying and defending against adversarial AI attacks.

In light of these risks, it is essential to take proactive steps to prevent the misuse of deepfakes and ensure that this powerful technology is utilised responsibly.

I. Education and awareness

One of the most critical steps in preventing the misuse of deepfakes is to educate the general public about the existence and risks of this technology. Many individuals are still unaware of the capabilities of deepfakes and the potential consequences of their misuse.

Therefore, it is essential to launch public awareness campaigns to inform people about the dangers of deepfakes and the importance of verifying the authenticity of online content.

This can be achieved through social media campaigns, educational programs in schools, and collaborations with reputable organizations to promote awareness about deepfakes.

II. Authentication and verification

Another crucial step in preventing the misuse of deepfakes is to develop robust authentication and verification mechanisms to detect and flag manipulated content.

This can be achieved through the development of AI-powered algorithms that can detect anomalies in audio and video files, as well as the implementation of digital watermarking techniques to tamper-proof online content.

Additionally, tech companies and social media platforms must work together to develop and implement industry-wide standards for authenticating and verifying user-generated content.

III. Regulation and policy

Government agencies and regulatory bodies must play a critical role in preventing the misuse of deepfakes by establishing clear laws and policies governing the use of this technology.

This can include implementing strict regulations on the use of deepfakes in political campaigns, prohibiting the creation and dissemination of manipulated content that could cause harm to individuals or societies, and establishing penalties for those found guilty of misusing deepfakes.

Furthermore, governments must work together to establish international standards and agreements to prevent the cross-border misuse of deepfakes.

IV. Digital literacy

In today’s digital age, digital literacy is essential to preventing the misuse of deepfakes. Individuals must be equipped with the skills to critically evaluate online content, identify manipulated media, and take steps to verify the authenticity of information.

This can be achieved through education and training programs that focus on developing critical thinking skills, media literacy, and online safety. Furthermore, tech companies and social media platforms must provide users with tools and resources to help them identify and report manipulated content.

V. Collaboration and information sharing

Preventing the misuse of deepfakes requires collaboration and information sharing between governments, tech companies, academia, and civil society organizations.

This can include sharing research and best practices on detecting and mitigating deepfakes, collaborating on the development of authentication and verification mechanisms, and working together to raise awareness about the risks of deepfakes. Furthermore, information sharing and collaboration can help to identify and disrupt organised efforts to misuse deepfakes.

VI. Research and development

Finally, preventing the misuse of deepfakes requires continued research and development in AI-powered detection and mitigation technologies.

This can include investing in the development of AI-powered algorithms that can detect and flag manipulated content, as well as exploring new technologies and techniques for authenticating and verifying online content.

Furthermore, researchers and developers must work together to stay ahead of the evolving threats posed by deepfakes and develop effective countermeasures to mitigate their impact.

It is possible to create a more secure online environment that is less susceptible to the spread of deepfakes.

Lyvely secures operational license from RAK Digital Assets Oasis

TCN Bureau
-
0
Lyvely secures operational license from RAK Digital Assets Oasis
  • UAE-based social monetisation platform can undertake any non-regulated activities that fall under the SocialFi category.
  • Lyvely allows creators and brands to profit from their digital presence via monetisation features such as content memberships, paid communities, and social commerce. 

UAE-based social monetisation platform – Lyvely – secures operational license from Ras Al Khaimah Digital Assets Oasis (RAK DAO) to undertake any non-regulated activities that fall under the SocialFi category.   

Backed by publicly listed blockchain technology conglomerate, Phoenix Group, and Web3 investment firm, Cypher Capital, Lyvely aims to disrupt the $250 billion global creator economy. Lyvely was founded in 2023 by tech and wellness entrepreneurs Farah Zafar and Dave Catudal to empower all digital creators, ranging from celebrity influencers to digital creators and online brands.

Designed as a social monetisation platform and digital HQ with a suite of fintech features, Lyvely allows creators and brands to profit from their digital presence via monetisation features such as content memberships, paid communities, and social commerce. 

Freelance economy

“Lyvely’s vision to empower digital creators with advanced monetisation tools aligns with our mission to drive technological advancement in the region,” Dr. Sameer Al Ansari, CEO of RAK DAO, said.

Farah Zafar, Co-founder and CEO of Lyvely, said that they are proud to be a homegrown brand, building for the global creator and freelance economy from the shores of UAE.

“As a SocialFi platform, we envision adding immense value to the digital ecosystem by enabling web3-powered monetisation avenues for under-represented digital creators and everyone who seeks to build a more profitable digital presence.”

With the platform registering an impressive early traction, Lyvely is set to release its mobile application in the fourth quarter of 2024, followed by a much-awaited token launch. 

Indian public cloud market is poised for continued growth

Ana Mary Joseph
-
0
Indian public cloud market is poised for continued growth
  • Shift towards SaaS and the adoption of GenAI technologies to further enhance market’s potential, creating new opportunities for innovation and growth.
  • The Indian public cloud services market is experiencing a period of explosive growth, driven by a confluence of factors including digital transformation initiatives, application modernisation, and the increasing adoption of next-generation technologies like GenAI.

According to International Data Corporation (IDC), the market revenue totalled $8.3 billion in 2023 and  is expected to reach $24.2 billion by 2028, growing at an annual growth rate of 23.8% for 2023-28.

The dynamic landscape showcases the increasing reliance of Indian enterprises on cloud-based solutions for their diverse IT needs.

“While enterprises continue to modernise IT on IaaS offerings, core business applications have a shifting trend to SaaS models on public cloud. These offerings are further enhanced by GenAI technologies to improve user experience and productivity,” Rajiv Ranjan, Associate Research Director, Cloud and Artificial Intelligence, IDC India, said.

The trend is not limited to SaaS. Platform-as-a-Service (PaaS) offerings, particularly those focused on fully managed databases and serverless technologies, are also experiencing strong growth.

This is fueled by the need to deploy pure cloud-native applications and modernize data management infrastructure. The integration of GenAI into these platforms further strengthens their value proposition, offering enterprises powerful tools to streamline operations, enhance customer experience, and foster innovation.

The market dominance of the top two vendors, who collectively hold over 40% of the market share, highlights the increasing consolidation in the Indian public cloud space. However, the emergence of niche players specialising in specific segments like CRM, ERM, Collaborative Applications, and IaaS is contributing to the market’s overall growth. The demand for AI platforms, data management software, and system infrastructure software is also rising significantly, underscoring the growing adoption of advanced technologies in the Indian market.

The shift towards public cloud solutions is further fueled by the increasing emphasis on cost optimisation. As enterprises navigate economic uncertainties, they are actively seeking to leverage as-a-service consumption models to reduce capital expenditure and optimize their IT budgets. This trend is further accelerating the adoption of public cloud services.

The rising investment in next-generation technologies like GenAI is also driving the demand for robust computing infrastructure and data management capabilities. Enterprises are seeking public cloud platforms to support the massive computational demands of AI applications and effectively manage the ever-growing data volumes. This is creating a virtuous cycle where the demand for cloud services fuels the development of more advanced technologies, further propelling market growth.

Cyber insurance premiums fall despite rising ransomware attacks

Naushad K. Cherrayil
-
0
Cyber insurance premiums fall despite rising ransomware attacks
  • Future of cyber insurance is bright, with a strong focus on prevention, risk management, and incentivised security measures that will contribute to a safer digital landscape for all.
  • The increased competition in the market is leading to more competitive premiums.
  • Companies are increasingly using cloud providers and other robust backup systems to minimise downtime and financial losses.
  • More than half of the premium growth by 2030 is anticipated to come from outside the US.

The global cyber insurance market is experiencing a paradoxical trend: premium rates are declining even as ransomware attacks surge.

The counterintuitive development, as highlighted in a recent report by broker Howden, is driven by a confluence of factors, primarily a growing awareness of cybersecurity risks and proactive measures taken by businesses to mitigate their exposure.

The past two years saw a meteoric rise in cyber insurance premiums, fueled by the surge in cyber incidents during the COVID-19 pandemic.

However, the tide has turned in 2023 and 2024, with double-digit price reductions being observed across the market. This shift is attributed to a number of factors.

Businesses are taking a more proactive approach to cybersecurity, investing in robust security measures and training their staff to combat cyber threats. The adoption of multi-factor authentication (MFA), likened to “locking the door when you leave the house” by Howden’s Sarah Neild, has significantly reduced data breaches and subsequent insurance claims.

The increased vigilance and investment in security infrastructure are key drivers behind the reduced need for insurance coverage.

A more resilient landscape

Insurers are increasingly willing to offer cyber insurance, driven by the growing demand for coverage and their confidence in the ability of businesses to manage cyber risks. The increased competition in the market is leading to more competitive premiums.

The report stated that the war in Ukraine, while initially contributing to a decrease in ransomware attacks as hackers redirected their efforts to military targets, has also raised concerns about global cyber security and has prompted increased investment in cybersecurity measures across the private sector, leading to a more resilient landscape.

Despite the global decrease in ransomware attacks in 2022, the first five months of 2024 saw an 18 per cent increase in recorded incidents. While this rise is concerning, it has not translated into a significant spike in insurance claims due to the proactive steps businesses have taken to mitigate the impact of such attacks.

Growing awareness

The report emphasises that business interruption remains the most significant cost following a cyberattack.

However, companies are increasingly using cloud providers and other robust backup systems to minimise downtime and financial losses. These measures, coupled with enhanced cybersecurity, are reducing the need for significant insurance payouts.

While the United States dominates the cyber insurance market, accounting for two-thirds of the global share, the fastest growth in the coming years is expected to come from Europe. This is primarily driven by lower current penetration levels and a growing awareness of cyber risks.

Smaller businesses in particular, who are often less aware of their vulnerability, are being targeted by insurers and are starting to see the value of cyber insurance.

The report highlights a crucial finding: 76 per cent of companies have enhanced their cybersecurity measures specifically to qualify for cyber insurance coverage. This demonstrates the power of insurance as an incentivizing force, encouraging businesses to invest in their security and reduce their overall risk profile.

While the US remains the dominant force in the cyber insurance market, the report predicts that over half of premium growth by 2030 will come from outside the US. European markets, with their increasing penetration rates, hold significant potential for growth.

Related Posts:

Saudi-based WakeCap acquires Silicon Valley startup Crews by Core

TCN Bureau
-
0
Saudi-based WakeCap acquires Silicon Valley startup Crews by Core
  • Aims to create a suite of hardware and software tools to increase job site safety, productivity and profitability.

Saudi-based IoT platform for construction project management – WakeCap – has acquired an AI-powered project delivery platform for the construction industry – Crews by Core – to create a suite of hardware and software tools to increase job site safety, productivity and profitability.

The two companies’ technologies are already deployed across large sites and megaprojects in the US, Saudi Arabia, UAE, and Japan.

Through the transaction, WakeCap will open an R&D headquarters inSilicon Valley to solidify its position as a global construction tech leader.

Construction tech

“Hassan Albalawi has built a rocketship. It’s rare to see so much traction in construction tech, let alone any tech startup, and we’re excited to accelerate our mission with this partnership,” Di-Ann Eisnor, CEO and founder of Crews by Core, said.

“Saudi Arabia has some of the largest projects anywhere in the world and it’s the perfect place to deploy our project delivery platform.”

 “Di-Ann’s team has incredible knowledge and deep technical skill. We’re thrilled to bring the two companies together,” Dr. Hassan Albalawi, CEO and Founder of WakeCap, said.

Crews by Core has built some of the most important companies in Silicon Valley including Paypal, Waze, Google Chrome, and Palantir.

1...140141142...271Page 141 of 271