company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Ransomware

loading..
loading..
loading..

Tripadvisor Complaint Email: A Vector for Knight Ransomware

Explore the Knight ransomware's ingenious distribution through TripAdvisor complaints. Unveil the deception, techniques, and defenses in this cybersecurity expo...

12-Aug-2023
4 min read

Related Articles

loading..

FTC

privacy

BetterHelp Faces $7.8M Fine for Sharing User Data. Did They Leak Your Mental Hea...

In a move raising concerns about data privacy in the mental health space, online therapy giant BetterHelp has settled charges with the U.S. Federal Trade Commission (FTC) for a hefty $7.8 million. The FTC alleged that BetterHelp engaged in deceptive data practices, compromising the privacy of its users. #### A Viable Alternative, Now Tarnished Founded in 2013, BetterHelp emerged as a leading platform offering convenient and accessible mental health services. By providing text, chat, phone, and video therapy sessions with licensed professionals, BetterHelp became a viable alternative to traditional face-to-face therapy, particularly for individuals seeking help with conditions like depression, anxiety, substance abuse, and PTSD. #### Misuse of Vulnerable Data However, the FTC investigation revealed a disturbing disregard for user privacy. The complaint alleged that BetterHelp collected a wide range of user data, including email addresses, IP addresses, and even responses from preliminary health questionnaires – information explicitly promised to be kept confidential. This sensitive data collection extended beyond users who signed up for therapy, encompassing even those simply visiting the BetterHelp website. #### Fueling Growth Through Broken Promises More concerning was the revelation that BetterHelp allegedly shared this collected data with third-party advertising platforms like Facebook, Snapchat, Criteo, and Pinterest. The FTC contends that this data was used to target potential customers with advertisements, essentially leveraging users' vulnerabilities for financial gain. The complaint further alleges that this practice resulted in a significant increase in user acquisition and revenue for BetterHelp. #### Refunds and Repercussions As part of the settlement, BetterHelp has agreed to pay $7.8 million in refunds to affected consumers. This applies not only to BetterHelp users but also to users of affiliated platforms like MyTherapist, Teen Counseling, Faithful Counseling, Pride Counseling, iCounseling, Regain, and Terappeuta. The FTC estimates that roughly 800,000 consumers are eligible for refunds, highlighting the scale of the alleged data breach. A third-party entity, Ankura Consulting, will oversee the distribution of refunds. Eligible users will receive email notifications outlining the process and available payment options, including checks, Zelle, and PayPal. The deadline to choose a preferred payment method is June 10, 2024, with all refunds expected to be distributed this summer.

loading..   09-May-2024
loading..   2 min read
loading..

Ransomware Attack

Wichita's IT network crippled by ransomware attack! Emergency services may be im...

The City of Wichita, Kansas, faced a severe ransomware attack, leading to the shutdown of its IT network. This incident underscores the critical need for robust ransomware attack measures in municipal systems. #### Attack Details The attack occurred on May 5th, encrypting the city's IT systems with ransomware. Despite being one of the largest cities in Kansas, Wichita fell victim to this cyber assault, highlighting the indiscriminate nature of ransomware attacks. #### Response Measures In response, the city promptly shut down its computer network to contain the spread of the ransomware. This proactive approach is crucial in preventing further damage and minimizing the attack's impact. #### Data Breach Concerns While it's uncertain if data was stolen, the possibility remains high. Ransomware groups often exfiltrate data before encryption, potentially compromising sensitive information. This underscores the need for robust data protection mechanisms. #### Assessment and Investigation Government officials are conducting a thorough review to assess the extent of the attack and its implications. Such assessments require meticulous attention to detail and may take considerable time to complete. #### Impact on Services The attack disrupted essential services, with online payment systems, including water bills and court citations, rendered inaccessible. This underscores the cascading effects of ransomware attacks on public infrastructure. #### Continuity Measures Despite the network shutdown, first responders continue to deliver critical services. The police and fire departments have implemented business continuity measures to ensure public safety. #### Law Enforcement Involvement The city has reported the incident to local and federal law enforcement agencies. Collaborating with law enforcement is essential for a comprehensive response and investigation into the attack.

loading..   07-May-2024
loading..   2 min read
loading..

Authentication

Data Breach

Change your Dropbox Sign password now! Hackers accessed emails, usernames, and m...

In the wake of a recent data breach, Dropbox, the popular online storage service, faces critical scrutiny over compromised customer credentials and authentication data. This breach, infiltrated by a threat actor, targeted the production environment of Dropbox Sign (formerly HelloSign), the platform's service for e-signatures and document storage. #### Breach Overview The unauthorized access occurred within the production environment of Dropbox Sign, facilitated by compromised service account credentials. These credentials enabled the threat actor to infiltrate the system, accessing sensitive customer data and authentication details. #### Customer Data Exposure The breach resulted in the exposure of a significant amount of customer information, including emails, usernames, phone numbers, and hashed passwords. Even individuals who interacted with Dropbox Sign without creating an account had their data compromised. #### Impact on Service Infrastructure Furthermore, the threat actor gained access to critical data within the service infrastructure, including API keys, OAuth tokens, and multifactor authentication (MFA) details. This compromised data poses risks not only to Dropbox Sign users but also to third-party partners integrating with the service. #### Mitigation Measures In response to the breach, Dropbox swiftly implemented mitigation measures to minimize its impact. These measures included password resets, logouts from connected devices, and the rotation of API keys and OAuth tokens. Additionally, users are prompted to reset their passwords upon logging in, and API customers must generate new keys and configure them accordingly. #### Additional Precautions To enhance security further, Dropbox has imposed restrictions on certain API functionalities until key rotation is completed. Users utilizing authenticator apps for MFA are advised to reset their entries. Additionally, users are encouraged to change passwords used across multiple services and to enable MFA wherever possible. #### Investigation and Future Steps Dropbox initiated a thorough investigation into the breach, enlisting forensic experts to uncover the extent of the intrusion. The company remains committed to protecting its customers against similar threats in the future, promising continued efforts to bolster security measures and support affected users.

loading..   04-May-2024
loading..   2 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303