Google plans to restrict apps that offer loans to individuals from accessing confidential user information, including contacts, photos, and videos, to prevent inappropriate behavior from lenders that threaten borrowers.
On Wednesday, Google updated its Personal Loans policy for Play Store apps, imposing new limitations that prevent apps from accessing external storage, photos, videos, contacts, the precise location, and call logs.
“Apps that provide personal loans, or have the primary purpose of facilitating access to personal loans (i.e. lead generators or facilitators), are prohibited from accessing sensitive data, such as photos and contacts,” Google said.
The modification will take effect from May 31. Google is stepping up its efforts to address the problem with this action.
Recent reports indicate a worrying trend in which some people who obtained credit using mobile apps have been subjected to debt collection harassment.
These debt collectors allegedly accessed the borrowers’ personal contacts and informed family members of unpaid debts.
Agents have used modified photographs more severely to intimidate further and torment persons who owe money.
Unfortunately, a number of those who were targeted have given in to the pressure and committed suicide. Many victims have complained that lenders have blackmailed them or harassed their friends and family using embarrassing or altered photos in places like India and Mexico.
Google Implemented Regulations to Block Unregistered Loan Apps
After being notified by law enforcement and central banks, Google initially removed thousands of personal loan apps from the Play Store. The company also implemented regulations to prevent unregistered loan apps from appearing in the Android app store.
According to Google, apps that advertise personal loans in Pakistan on the Play Store must submit particular license papers to prove their ability to provide or facilitate credit.
Additionally, the company mandated that all non-banking financial institutions in the nation maintain only a single digital lending app on the Play Store.
“We’re introducing additional requirements for personal loan apps targeting users in Pakistan. Personal loan apps in Pakistan must submit country-specific licensing documentation to prove their ability to provide or facilitate personal loans”, Google.
“Each non-banking finance company (NBFC) lender can only publish one digital lending app (DLA). Developers who attempt to publish more than one DLA per NBFC risk the termination of their developer account and any other associated accounts”.
Google updated its policies in several markets, including the Philippines, Nigeria, Kenya, Indonesia, and India.
We take a look at a ransomware group that doesn’t produce any ransomware, only threats.
Fake it till you make it ransomware groups are trying to get rich off the backs of genuine ransomware authors. Why are they “fake it till you make it”? Because they don’t actually create ransomware or compromise networks in any way. They’re simply lying through their teeth and hoping that recipients of their messages don’t realise until it’s too late.
As reported by Bleeping Computer, a group named Midnight has been using this tactic since at least March 16, and the organisations affected all seem to be located in the US.
The battle plan of a fake ransomware group
The general approach is as follows:
Claim to be a different, genuine ransomware group. If the scammers claim to be some sort of obscure (but known) affiliate or spin-off, so much the better. The target will confirm the group exists with a quick Google search, but won’t be able to do much more beyond that.
Use a panic inducing email subject. “Notifying you about your business’s security case, we accessed your information” is one example given.
The bigger the theft claim, the better. They talk of accessing HR records, employee records, personal and medical data. In one “attack” 600GB of data was supposedly taken from business servers.
Targeting genuine victims by accident or design. Some businesses targeted by the fakers had indeed suffered a ransomware attack of some kind previously. Either the scare tactic mails are being blasted out to a large audience to see what comes back, or there is some deliberate targeting of organisations going on.
Nothing new, but potentially disastrous all the same
Fake mails are nothing new. 18 years of one 419 mail is as good an example as any. Send enough emails out and somewhere will fall for it eventually. The bogus ransomware extortion attempt even has a name, in the form of “Phantom Incident Scam”.
Even so, this is an area of attack where having a good response strategy for people hoping you’ll fall for a technology based lie is very effective. If your incident response consists of opening up one of these missives, panicking, and racing to pay fraudsters, it could end up being a very costly and needless mistake. Whether you’re aware of your organisation having had a genuine breach or not, someone on a chart as a point of contact for such an eventuality will come in very handy indeed.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The NBA season is almost over, which means one thing – Playoffs. The NBA Playoffs will kick off next weekend on April 15. And Sling TV is making it easier than ever for NBA fans to enjoy the first round of the playoffs. It is offering free access to NBA TV during the first round.
That means from April 15 through April 30, if you’re a Sling TV subscriber, you can get NBA TV for free. Typically, NBA TV would cost you $11 per month as part of the Sports Extra Pack add-on. So this is a nice gesture from Sling.
All of the NBA Playoff games will be available on ABC, ESPN and TNT. Which are all available on Sling, though it is fragmented. ESPN and TNT are available on the Orange package. While ABC and TNT are on the Blue package. So to get all of them, you’ll need to the combined Sling Orange and Blue package.
Sling recently raised its prices, so it now starts at $40 for either the Orange or Blue plan. You can also combine them and get Orange and Blue together for $55 per month. Still a lot cheaper than its competitors like YouTube TV and Fubo. Sling also offers a 50% discount for your first month when you sign up.
While this might look like a gesture of goodwill, the real reason for this is to get more people to subscribe to the Sports Extra Pack add-on. Giving users a taste of NBA TV, in hopes that it’ll get you to subscribe to the add-on. It is only $11 per month, and does offer some great channels, so it might actually work.
The Sports Extra Pack comes with the SEC Network, ACC Network, Longhorn Network, Pac-12 Network, ESPNU, ESPNEWS, MLB Network, NBA TV, BEIN Sports, Tennis Channel, NHL Network and the MLB Strike Zone. So if you’re big into college sports, baseball, basketball or hockey, then this is worth the $11 per month.
Despite all of the controversy and investigations into TikTok, Apple remains one of the top ad spenders on the platform. According to the Financial Times, Apple is one of the top four companies spending the most for an ad on TikTok. They are right up there with Pepsi, DoorDash, and Amazon. Which, if you’ve spent any time on TikTok, you’ve likely seen all of them in your feed.
Not it is likely that Apple already paid for these ads before Congress started investigating TikTok. As ad spending does typically get paid out months in advance. Analysts have stated that they don’t think anyone is responding in a panic or pulling advertising from their plans, in regards to TikTok.
China is mocking the US’ TikTok concerns
In a separate report, it seems that China’s State Media is actually mocking the US’ concerns over TikTok. The non-partisan Alliance for Securing Democracy has found that there is an increase in posts about TikTok, with an aggressive tone.
The agency found that between March 20 and March 26, 2023, Chinese diplomats and state media tweeted about TikTok nearly 200 times. Those same accounts mentioned the company fewer than 150 times over the entirety of January and February 2023. So it’s a sizable increase here.
The posts accuse Congress of technical illiteracy, hypocrisy and xenophobia. Which, no matter what you’re opinion is on TikTok being banned, these are quite true things. The CEO of TikTok was asked if his app connects to the users’ WiFi, you know, like every other app on your phone. And then we can’t forget about American companies like Facebook and Google doing the exact same thing with users data, and virtually nothing happening to them. So China does have a point here.
Will TikTok ever get fully banned in the US? Likely not. Though, China is also being hypocritical here, as they have banned almost every American website and service in their country. Including Google, Twitter, Facebook and others.
A new phishing email scam has started to slither its way to YouTube’s users, with a high potential of misleading many into making a mistake. Tech influencer called Kevin Breeze was supposedly the first to raise this issue on Twitter but was far from the only person that came in contact with this malicious attempt.YouTube, which is owned by Google, was quick on its feet and soon released its own warning to all who use the platform. The email in question is particularly confusing because the sender’s address is called no-reply@youtube.com, making it seem like it is legitimately coming from the video streaming giant itself.
️ heads up: we’re seeing reports of a phishing attempt showing no-reply@youtube.com as the sender
be cautious & don’t download/access any file if you get this email (see below)
The fake message reads that there are changes in YouTube’s monetization policy, which “requires” you to click on a link and download a document. For those who have experience with phishing emails, once this sentence is read it is easy to get at least a little suspicious, but there is a good probability that many would miss it. Downloading this file would most likely compromise your device’s security and privacy, so it must be avoided!There is no word from YouTube stating that the company is doing anything specific to combat this wave of phishing emails so far. At some point, especially with the issue gaining more popularity, scammers will likely stop using this method, but they always find a workaround.
General safety measures against phishing emails
So, what can you do to protect yourself from falling for one of these tactics? One way is to do a quick Google search and see if it is something common or well-known. Even if the email does not look suspicious, it is still worth it to do a quick check online.
Another common trait is that such emails usually make you download a file or go to a web page implying some kind of urgency that usually does not make sense. A legitimate business would seldom require you to download something random or head to a page that seems out of place.
In other words, if you think something doesn’t seem right or looks odd, make sure to do some digging before taking any kind of action. You can even wait about a week to check if any reports pop up online.
Google has introduced a new data deletion policy for the Google Play Store with the intention of giving customers more knowledge and control over their in-app data.
Because Google wants users to be able to delete their data without reinstalling each app, developers who provide an in-app account deletion experience will also have to provide a web-based option.
“As the new policy states, when you fulfill a request to delete an account, you must also delete the data associated with that account,” Google.
“The feature also gives developers a way to provide more choice: users who may not want to delete their account entirely can choose to delete other data only where applicable (such as activity history, images, or videos).”
“For developers that need to retain certain data for legitimate reasons such as security, fraud prevention, or regulatory compliance, you must clearly disclose those data retention practices.”
The company stated that by December 7, it will ask developers to answer questions about their app’s data deletion in the Data Safety form.
The developer responses in the form are reflected in Google Play’s Data Safety section, which provides users with labels containing information about an app’s data collection practices.
Next year, the new Play Store policy will be fully implemented, but until then, developers must give more information by the given time regarding their data deletion procedures.
✨🔐 We’re empowering users with greater transparency and control over their data.
Introducing our latest account deletion policy and Data deletion feature to help improve privacy of our platform.
— Google Play business community (@GooglePlayBiz) April 5, 2023
No one will be permitted to publish new apps or release app updates any longer if they fail to provide the necessary deletion procedure information on time.
Beginning in early 2024, users can see the submitted data deletion information in the app store listings, including updated data deletion badges in the new Data deletion area and the Data safety area.
Also, after May 31, 2024, non-compliant apps may be removed from Google Play; however, developers may still request an extension through the Play Console.
The company behind My Cloud and SanDisk says it has experienced a security incident. Little is still known about what happened and who attacked it.
Western Digital, a big brand in digital storage, says it has suffered a “network security incident—potentially ransomware—which resulted in a breach and some system disruptions in its business operations.
The company identified the incident on March 26 and said an unnamed third party unlawfully accessed several computer systems to steal data. The investigation is ongoing and Western Digital has yet to learn how much was taken.
Since the incident, Western Digital’s consumer cloud and backup service My Cloud has experienced outages, preventing customers from accessing their files. My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, and SanDisk Ixpand Wireless Charger all experienced service interruptions.
Westen Digital said in its press release:
“The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.”
Western Digital is a billion-dollar company, making it a target for criminals aiming to cash in. In the first quarter of 2023 alone, it received a revenue of $3.1B.
We’ll update this story as we learn more.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Samsung Galaxy Z Fold 5 and Galaxy Z Flip 5 are expected to arrive later this year, and a new rumor just shared some camera info. This information comes from Yogesh Brar, a tipster.
The Galaxy Z Fold 5 & Flip 5 camera info leaks to reveal different sensors will be used
He claims that the Galaxy Z Fold 5 will feature a 50-megapixel main camera, a 12-megapixel ultrawide camera, and a 10-megapixel telephoto camera. The Galaxy Z Flip 5, on the other hand, will allegedly include a 12-megapixel main camera, and a 12-megapixel ultrawide unit.
Some of you will immediately notice that the Galaxy Z Fold 4 and Flip 4 have the same setups. The thing is, the tipster says that both phones will include new image sensors. He did not share any additional info, though.
We’re not sure if that means that all sensors will be different, or some of them, but the cameras won’t be identical to the ones on their predecessors. Well, at least based on this information.
The tipster also added that an “improved hinge” is coming, along with “larger outer displays”. That’s something we knew already, as it has been in the rumor mill for a long time now. On top of that, both phones will be fueled by the “Qualcomm Snapdragon for Galaxy”.
The Snapdragon 8 Gen 2 for Galaxy will likely fuel both phones
It remains to be seen if only the Galaxy Z Fold 5 will include the Snapdragon 8 Gen 2 SoC, or will the Galaxy Z Flip 5 get it too. We presume it’ll be the latter, as the Galaxy Z Flip 4 includes its predecessor, the Snapdragon 8+ Gen 1.
That being said, both phones are expected to fold flat this time around. That is mainly thanks to the new hinge Samsung will use in both phones. The crease should also be less pronounced, while both devices will retain some sort of water resistance.
Chances are that both of these phones will launch in August this year. Samsung usually hosts its second Unpacked event in August, so there you have it.
Tokenization replaces sensitive card data with jumbled letters and numbers that will be of no use to cybercriminals if they discover them. Hackers break into business computer systems, steal credit card information and use it to extort thousands of dollars. What if hackers end up with meaningless numbers and letters instead of your name, card number, expiration date, and other valuable information? The loss of confidential data is ensured by payment security tools and credit card tokenization, this is an important and most effective way for payment systems to reliably protect confidential bank card data.
What is tokenization and what does it mean?
To tokenize something usually means replacing it with something that represents the original but is useless outside of a certain context. For a better understanding, it is worth giving an example. You went to a carnival and got special coins to play with. Each coin is worth a certain amount while you are in the carnival, you can use coins as money, and with these coins, you can buy balls, video games, or some interesting accessories. But once you leave the carnival venue, these coins can no longer be used. They have no value. How does credit card tokenization work? You buy something from a seller that uses tokenization. In the tokenization system, card data is recorded and replaced with a random string of numbers and letters.
Merchant systems are often the weakest link in the chain of computer networks associated with credit card purchases. The large-scale data breaches that everyone hears about in the news often occur at merchants who store credit card data, not at the banks or payment networks that process bank card transactions. The confidential card data itself is stored on servers with much greater security. A token is a reference to that data. A hacker who steals parts of information that is tokenized is wasting time, credit card tokenization providers provide an adequate level of security during online payments, and customers are reliably protected and can be exposed to hacker cyber attacks.
EMV technology and its application
The EMV chips embedded in modern credit cards work on the same principle. For each purchase, the chip generates a one-time code. It’s worth noting that EMV chips only work for face-to-face transactions. When an online merchant uses tokenization, card data benefits from the protection provided by EMV chips. Think of your smartphone as a system that actively uses the principles of tokenization. Apple Pay, Google Pay, and other digital wallets work with tokenization systems. Your credit card is not actually “stored” in your digital wallet. Token associated with card data. These tokens do not work as trading tokens, but the concept is the same.
Forms of payment tokens
There are three key forms of payment tokenization, each suitable for different use cases. The payment card number is converted into a unique code and stored in the secure environment of the merchant or payment processor. This type of tokenization is mainly actively used for recurring payments and subscription billing. Pay in one click. Merchants and payment systems trade tokens that are created when users link their bank accounts to merchant accounts. These tokens allow the user to identify himself in the payment processing system. E-commerce companies that cater to repeat customers have enabled and prefer one-click payment tokenization. Mobile payment. With the help of tokens, a payment card can be converted into several independent payments. For example, a physical card may have separate labels for different devices. Tokenization is primarily used in NFC mobile wallets such as Apple Pay and Android Pay.
Who benefits from credit card tokenization?
Everyone except hackers. Let’s start with the user. A data breach may be inevitable, but if there is a data breach at the merchant you use your card with, tokenization will greatly reduce the problem. For merchants, credit card issuers, and payment networks, tokenization significantly reduces fraud and significantly lowers the cost of doing business. Blockchain fans and marketers continue to actively support the enthusiasm for tokenization, the active growth of which is well-known to everyone. The phenomenon of tokenization provides an appropriate level of security to every customer who actively buys and sells online.
Various data breaches and cyber-attacks are common threats to online businesses. Vulnerability to these risks increases when it comes to digital payments. However, tokens can be a key solution to significantly reduce the risk of any online payment fraud. Tokenization of payments can greatly benefit various business companies in ensuring proper security. Payment tokenization replaces confidential information with non-confidential information. Payment companies actively use tokens to securely transmit confidential data, replacing them with a unique sequence of numbers and letters. These combinations are stored separately from the token and cannot be restored to the original data without special keys that cannot be accessed by outsiders.
Payment tokens help securely identify customers and are used by e-commerce merchants and other businesses that need to share sensitive customer data. Note that the token itself contains absolutely no sensitive user information. Use secure web tokens to provide bank details to merchants in open banking services. Instead of sharing confidential information, merchants are provided with completely secure tokens that are used to identify users and share information necessary for successful online payments. Users can link their bank accounts to the trading platform and pay for goods and services in one click. After this process, merchants and payment initiation service providers exchange secure tokens to initiate payments based on confidential data. Tokens allow merchants to identify customers without repeatedly requesting the same payment information for each payment. Various payment service providers are also actively using tokens for the secure transfer of card data for successful online payment. A debit card token transaction looks like this:
The owner of the bank card initiates the purchase and provides card data on the seller’s website;
Bank card data is exchanged for a series of random numbers (tokens) and sent to the receiving bank;
The receiving bank sends the token to the card security system;
After successful authorization, the cardholder’s data is stored in the bank’s virtual safe. The token is tied to the cardholder’s bank account number;
The bank carefully checks the availability of the necessary funds and approves or rejects the operation;
Once the transaction is confirmed, the unique tokens of the current and future transactions are returned to the merchant.
All this happens in the background, so the tokenization process does not affect the user interaction.
Tokenization – where does it come from and where does it go?
The popularity of cryptocurrencies is due to two key factors: their functionality and speculation. A key feature is that with the advent of blockchain, it has become possible to verify transactions across a network of distributed computers. Of course, some coins reward miners whose transactions have been approved by the network, and the miners sell these coins to users who want to use the network. Today, when you create a token or tokenize something, you create it on a blockchain (usually Ethereum) and thus pay for the cryptocurrency of the blockchain. Then came the second factor that made cryptocurrencies so popular: speculation. Blockchain works very well when people understand that the world economy will be built on blockchain in the future, or see the demand in this field and understand how tokenization processes are happening in this field. Of course, the demand is high and the market attracts them.
Now that you know what drives the demand for cryptocurrencies, it is worth answering the following basic questions: What is the need for and why is tokenization being actively used now? Tokenization is a form of corporate digitization based on decentralized technology. It consists of its creation or strict distribution for specific projects, companies, or (specific) individuals. The development and adaptation of blockchain technology through smart contracts have increased the possibility of tokenization, which can be actively used to create all types of assets, which allows and at the same time reduces the costs of their further transfer. Tokenization shares several key features with crowdfunding. You also need to understand what a smart contract is. Tokens are like money in computer games, not just virtual numbers in a virtual wallet. A smart contract is a self-executing contract that an issuer can enter into with a token holder.
B2C companies have more potential than B2B companies. A booming industry is a good sign. It may not be solar energy or artificial intelligence, but the more profitable it seems to investors, the more willing they will be to invest in this field and tokenization in general. The company must make a profit. You must make attractive offers to investors. For example, if your company rents office space, investors may not be comfortable with a 3% annual return on investment. The most important thing is the company’s brand and the owner’s brand. Business scalability. There should be a large market for products and services. If you are running a niche business, scaling your business may be difficult (in some cases), in which case tokenization and its successful implementation may not make sense. Tokenization remains a capital market based on the same principles as the active management of various business processes.
Why is tokenization important for online payments?
One of the key reasons why tokenization is important for online payments is the proper level of security. Tokenization adds a layer of security to digital transactions. This is a common problem in the digital world that online sellers often fall victim to. Another key benefit is a hassle-free online payment process for customers. Businesses with repeat customers can enhance their experience with account-linking features. Customers can purchase with just one click, ensuring a smooth and efficient checkout process without compromising data security. Active exchange of data using tokens has much more benefits than the obvious security advantage.
Key benefits of tokenization for various businesses and their customers include that tokenization significantly increases conversion rates. Account linking is supported by tokens that securely store user data for future purchases. This feature allows users to securely link their bank account to a retailer’s online store and pay for their order with a single click. It provides users with a simple checkout process and keeps their data safe, which increases conversion. Tokenization ensures compliance with current business rules.
The use of tokens ensures the level of compliance with the current standard PCI DSS (Payment Card Industry Data Security Standard). This is because merchants and third parties do not store confidential information about cardholders, only tokens. PCI compliance can be expensive for businesses, so working with a secure payment processor can reduce compliance costs. Tokenization provides a high level of security. As mentioned earlier, tokens are one of the most important security elements in the payments industry. If a fraudster steals your token, it is securely stored on another server and cannot be linked to any valuable information.
What is the key difference between tokenization and encryption?
The key difference between tokens and encrypted data is that tokens exchange data for an unrelated code, while data encryption uses algorithms to temporarily encode data. Encryption is actively used to protect confidential information. Each character is replaced by another character using an encryption algorithm. When the data reaches its destination, it is decrypted using a password or key. The encrypted code can be changed, but the algorithm cannot be traced back to the initial location of the token. The PCI Security Standards Council recognizes encryption as a sensitive issue and imposes stricter compliance obligations on companies that prefer encryption over tokenization. If you use a physical card for a variety of transactions, encryption is one of the most reliable ways to protect your card data. Tokenization is a more secure option for cardless payments. Some companies use both encryption and tokenization for maximum security.
The popular VPN service Mullvad has now stepped in with another privacy venture. In collaboration with Tor, Mullvad VPN has launched the Mullvad browser – its very own privacy-focused web browser for the public.
Mullvad VPN And Tor Launched A Private Browser
Announcing the move via a blog post, Mullvad VPN has shared details about its new product.
As elaborated, the Mullvad browser is a standalone, open-source, web browser that ensures the utmost privacy to the end-user. Unlike conventional browsers like Google Chrome, the Mullvad browser is similar to the Brave browser, protecting users from intrusive online tracking.
Specifically, the Mullvad browser is a spinoff of the Tor browser with a simplistic touch. It has a user-friendly interface, easy-to-grasp options, and inbuilt support for VPN instead of running on the Tor network. However, it doesn’t come with a built-in VPN (unlike Opera), instead, supports Mullvad VPN or any other VPN service to spoof users’ IPs. While it remains possible to use the browser without a VPN, doing so won’t hide the users’ IP.
Nonetheless, the other privacy features will remain active even without VPN. That’s because Mullvad has many features disabled by default, such as Firefox Sync, password management, Deceptive Content and Dangerous Software Protection (popular in Chrome), fingerprint blockers with spoofed time zone, and white spaces around websites.
But it doesn’t mean using Mullvad will be an awkward experience. Users can still make changes to it, install add-ons (though the provider doesn’t recommend it), and download files.
Mullvad VPN developed this browser together with the Tor Project, leveraging their expertise to develop a browser that runs on a VPN. It is available for free for all users, including non-Mullvad VPN subscribers. Users can also use this browser with any other VPN service of their choice. Currently, the browser supports desktop systems (Windows, macOS, and Linux) without smartphone support, and is available for download here.
