By Owais Sultan
Nomad Crypto incident was reported in August 2022 in which $190 million were stolen in a series of hacks.
This is a post from HackRead.com Read the original post: The Lessons to Learn from Nomad Crypto Hack

In what sounds like a case of gross negligence, Nomad, a new start-up in the cryptocurrency space, lost $190 million in a series of hacks. But in this instance, calling it hacks is being too nice. Usually, hackers require skills and strategies that take time and effort to execute. 

Apparently, in Nomad’s case, the attacks were a “free-for-all” crypto spree where anyone, even people with no prior **IT skills**, could seize on the platform’s shortcomings and withdraw crypto from its accounts. To make matters worse, the hackers could even withdraw more that was available in the accounts. 

If you’re baffled like we are, grab onto your socks and keep reading to learn more about what might have transpired at Nomad.

**What is Nomad Crypto Startup?**

Nomad is a crypto wallet or bridge that lets you transfer crypto from one blockchain network to another safely and conveniently. Obviously, not. But **crypto bridges** work by wrapping tokens on one network to an equivalent amount on another. This might sound complicated, but it’s really not. Think of wrapped tokens as representations of the value of the original token on other platforms. 

Furthermore, Nomad is a blockchain messaging platform that allows players such as developers to share arbitrary data across chains and even make **smart contracts**. The service makes online collaborations when developing blockchain applications while working from different regions much more convenient. 

**What Safety Considerations Should You Have When Buying Crypto?**

It’s unfortunate, but the world of **cryptocurrency** is cutthroat in every sense of the word. On the business side, hundreds of currencies exist, and more are joining the market every day, driving up the competition. There are also hundreds of different crypto products at various stages of their development process. Furthermore, we are also only starting to understand the real implications of blockchain technology and cryptocurrencies.

Unfortunately, this has also created the perfect storm for scammers and players with malicious intent to thrive. For instance, **in the case of Nomad**, even though we still maintain that this is a case of gross negligence, it also reflects the prevalent evils in this space. However, vulnerabilities, where anyone can just walk into a platform and withdraw more than there is, should not exist in the first place. 

The pill is easier to swallow when you hear hackers went on a phishing expedition or discovered a system flaw that moves the industry’s security forward. As such, you should be very keen with any dealings or transactions you make with crypto to avoid being one of the victims. 

One way to protect yourself is to **buy crypto with a prepaid card** that does not link back to your primary accounts or personal information. This will limit your risk of losing more than is on the prepaid card if you get hacked or compromised somehow. 

You should also only sign on to crypto services like bridges, wallets, exchanges, and currencies on reputable platforms with a proven safety record. As important as first adapters are to the product introduction cycle, we can all agree it’s safer to step back from new ones in the crypto scene. This will ensure you’re not one of the people who lose their investments from hacks like the one witnessed at Nomad.

**A problem to Solve**

The truth is that stories of people invested in a new crypto venture losing their money are **common in the news today**, and we have all but grown numb and accustomed to them. But it should not be this way. 

For far too long, hackers and ill-prepared crypto platforms have cost far too many their crypto investments and confidence in the system. And even though, in Nomad’s case, they have attempted to recover the lost funds, we think it’s time authorities take a hard look at the **crypto industry** and provide lasting solutions to the problems that plague it.

1.  **United States Blacklists the Infamous Tornado Cash**
2.  **MetaMask to Apple Users: Disable iCloud Backup for Wallets**
3.  **If the Ethereum Merge Fails, L2s Will Be More Vital Than Ever**
4.  **Scammers Made Deepfake AI Hologram of Binance Executive**
5.  **$625 million from Axie Infinity stolen in fake LinkedIn job scam**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The Lessons to Learn from Nomad Crypto Hack

By Waqas
Samsung says the data breach took place in July 2022 however it was only discovered on August 4th, 2022.
This is a post from HackRead.com Read the original post: Samsung Data Breach Exposed Private Data of US Customers

**Samsung** has announced that it suffered a data breach in July 2022 involving the personal data of US customers. The incident happened in late July this year and was discovered on August 4th, 2022.

According to the South Korean technology giant, the incident resulted in the breach of private user data such as names, dates of birth, product registration data, demographic information, and contact numbers.

Samsun sent out an email alert to its users after a hacker managed to breach the security of the tech giant’s US systems and stole customers’ data.

The company assured that the breach didn’t impact its customers’ credit card numbers and social security data, which was also stored in the system. The company has yet to disclose the number of affected customers but has notified them through an email sent on Friday.

> “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
> 
> Samsung

Samsung noted that the breached data may vary according to relevant customers and that none of the consumer devices were hacked by this breach. It also stated that its business operations or customers stayed unaffected.

Nevertheless, the company claims to have implemented necessary measures to prevent similar incidents and offers uninterrupted services to its customers. Samsung has also hired a private cybersecurity and law enforcement agency to investigate the latest incident.

Those impacted in this breach are advised to remain cautious of phishing scams, track their credit profiles, and check Samsung’s privacy policy and **FAQs section**.

**Second Data Breach in 2022**

It is currently unclear who perpetrated this attack. But, it is certainly not the first time the tech vendor has suffered a data breach. In fact, Samsung has been a victim of several data breaches in the recent past. In March 2022, **the company confirmed** suffering a data breach after the Lapsus$ hackers leaked 189 GB worth of sensitive data online.

1.  **Hackers used Samsung website to access Sprint’s customer data**
2.  **Killnet Claim They’ve Stolen Employee Data from Lockheed Martin**
3.  **Flawed Encryption Feature Affected 100M Samsung Galaxy Phones**
4.  **Samsung asks users to scan their Smart TVs for malware – Here’s how to**
5.  **Hackers Compromise Employee Accounts to Access Twilio Internal Systems**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Samsung Data Breach Exposed Private Data of US Customers

By Deeba Ahmed
Reports of the supposed hacking of TikTok appeared on September 3rd, 2022 on the Breach Forums which surfaced as an alternative to popular and now-sized Raidforums. 
This is a post from HackRead.com Read the original post: TikTok Denies Data Breach After Hackers Claim Stealing 2 Million Records

Several IT security analysts tweeted about **TikTok** becoming a data breach victim over the weekend. Security analysts stated that the platform’s security was breached through an internal server that allowed the hackers access to its data storage that contained users’ data.

Reports of the supposed hacking of TikTok appeared on September 3rd, 2022 on the Breach Forums, a hacker, cybercrime forum which surfaced as an alternative to popular and **now-sized Raidforums**.

As seen by Hackread.com a member of the forum using the handle “AgainstTheWest” posted screenshots of the WeChat and TikTok data breach and stated that they hadn’t yet decided whether to leak the data or sell it publicly.

Screengrab: Hackread.com

The hacker also published links to two data samples and a video of one set of database samples. The hacker also claimed to have stolen TikTok’s internal backend source code. However, the company’s spokesperson has claimed no evidence of a security breach. 

> “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.”
> 
> TikTok

**­ Analysis of Data Samples**

Troy Hunt of HaveIbeenPwned examined data samples available in the leaked documents and was able to match user profiles and videos posted under the IDs. However, Hunt also found that some of the details in the leak were already publicly available and would not require a breach for access.

Hunt tweeted that his analysis was inconclusive. Some data matched production information, but it was publicly available, whereas some data was junk and could either be a test or non-production data. Hunt regarded the data as “a mixed bag.”

Nonetheless, it is always a good idea to change your password regularly and keep an eye on any suspicious activity on your social media accounts.

1.  **TikTok vulnerability allowed hackers to send SMS with malware**
2.  **Data analytics firm exposed 2m Instagram and TikTok users’ data**
3.  **New smishing scam spreads fake TikTok App loaded with malware**
4.  **TikTok vulnerability allowed hackers to access users’ phone numbers**

TikTok Denies Data Breach After Hackers Claim Stealing 2 Million Records

By Owais Sultan
Given the potent and rising threat of phishing, enterprises need an effective program that delivers real results.
This is a post from HackRead.com Read the original post: Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise

Increasing phishing awareness requires developing the right mindset, behavior, and engagement in employees. This is where cybersecurity awareness training platform Hoxhunt looks to make a significant impact, by offering personalized and gamified training experiences that enhance workers’ cybersecurity awareness.

Through automated phishing attack simulations used as micro-learning opportunities, the platform takes workers as close to experiencing real-world phishing attacks as possible. It sends targeted emails to employees within an organization, which are highly personalized to mimic the deception used in modern phishing attacks.

The simulated attacks go out in varying frequency as opposed to regular intervals, making the attacks more unpredictable. There is also a variation on who receives these messages to keep everyone on their toes.

The rise of a training platform like Hoxhunt comes as a welcome addition to the cyber defense arsenal. ”Email is the biggest threat to enterprise security,” Hoxhunt CEO Mika Aalto shared. “That’s why human nature is the most important cybersecurity challenge to solve, instead of building incrementally better mousetraps at the technical perimeter.”

**A Global Growth Trajectory**

Today, the Helsinki-based company is setting its sights on helping enterprises avoid becoming phishing victims by making its platform more widely accessible. The startup recently received an additional $40 million in funding through a Series B round.

This influx of funds will be used to accelerate Hoxhunt’s growth through wider adoption in new markets like North America. The region needs to raise its cybersecurity awareness profiles since countries like the United States and Canada continue to be active targets of phishing campaigns.

Indeed, phishing attacks have been escalating, and businesses need to shore up their defenses against them. It is not enough to rely on conventional defenses like spam and web filters, because phishing is evolving. Today’s malicious actors are able to ensure that their fake emails and links to spoofed websites get through even the latest filters of sophisticated providers.

Once they do, workers become the enterprise’s last line of defense against devastating cyberattacks.

**Continuous Upskilling as a Pivotal Defense**

With this in mind, enterprises must focus on consistently upgrading their employees’ cybersecurity skills and reporting habits on an ongoing basis. Workers should not just be able to tell legitimate and fake messages apart, they should also react accordingly. Reporting phishing messages help improve spam filters, stops the messages from spreading, and prevents their potential malware attachments from getting into the network.

Interacting with the Hoxhunt button in their email client to flag any suspicious email they encounter allows employees to receive immediate feedback. Beyond Hoxhunt-generated simulations, actual threats can also be reported should employees encounter any of them.

Through this real-time feedback mechanism, employees can know if they have done the right thing every time they encounter suspicious messages. Deploying Hoxhunt is extremely simple, as administrators only need to integrate the platform and distribute the Hoxhunt button via the company’s designated email app.

Hoxhunt uses artificial intelligence at the core of its technology to make these simulations personalized, adaptive, and dynamic. The platform also provides a gamified experience. It uses data to map out each employee’s performance and progression and provides personalized training tracks. The feedback is not only designed to be informative but also positive and motivational to enhance the stickiness of the training program.

**A Refreshing and Engaging Alternative**

Corporate cybersecurity training is often viewed as tedious and cumbersome. Sessions are usually done through lectures and manuals which can be disengaging and do not provide opportunities for learners to apply and use what they have learned. The one-size-fits-all strategy of traditional training methods also discounts the individual differences of learners.

Given the potent and rising threat of phishing, enterprises need an effective program that delivers real results. Most security incidents are caused by human error, and phishing looks to exploit the human vulnerability for its success.

Phishing has been effective in creating the initial breach into enterprise systems, allowing hackers to further infiltrate the network. Some 91 percent of system breaches originate from phishing emails.

Following a successful phishing attack, hackers can perform various other attacks such as installing and spreading ransomware and stealing confidential and sensitive data. They can also conveniently execute scams like business email compromise (BEC) to siphon funds from companies. These cyberattacks cost businesses billions worldwide.

Knowing what is at stake for enterprises, building comprehensive security strategies to allay threats. Upgrading their workers’ cybersecurity skills will be a crucial element in achieving this.

1.  4 Ways For Employees To Distinguish Phishing Attacks
2.  SANS InfoSec institute loses 28,000 records in phishing attack
3.  “Get Your Free Omicron PCR test” is the latest Omicron phishing scam
4.  Spider-Man: No Way Home exploited to push phishing and malware scams
5.  Spear phishing attacks underline how much dangerous phishing has gotten

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise

By Deeba Ahmed
In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject reads: “Important Notification About Your Account.”
This is a post from HackRead.com Read the original post: ‘Important Notification’ Phishing Scam Targeting American Express Customers

Armorblox security researchers have uncovered a **new phishing campaign** in which attackers are targeting American Express customers.

As per researchers, in this phishing scam, scammers lure American Express cardholders into opening an attachment and try to steal confidential data to access their accounts.

In this financially motivated campaign, attackers first send a **spoofed email** of the much-recognized card brand and ask the customers to click on the link included in the email attachment. 

Using **social engineering** and brand impersonation, the attackers lure their targets onto fake and malicious landing pages.

When the victim clicks on this link, they are redirected to a fake American Express landing page. This page is also crafted smartly to resemble the original American Express login page, including the company’s genuine logo, navigational links, and a link to download the American Express app.

In reality, scammers are using a customised domain for this attack. Once there, victims are prompted to sign in to verify their accounts. They enter their user ID and password.

**The Legit-looking Phishing Email**

In this **phishing scam**, the email is designed to appear as an authentic American Express notification. The email subject, according to Armorblox’s **blog post**, reads: “Important Notification About Your Account.”

It informs the recipient to verify their account. Otherwise, the company will suspend it.   The phrase “This is your last chance to confirm it before we suspend it” is included to create a sense of urgency. Victims are requested to complete a one-time verification process to update their credentials and prevent suspension of their accounts.

The email content is created wisely so that a sense of trust is evoked in the recipient.   For instance, it includes the American Express logo on the top left, and a signature is featured at the end to deceive the users into believing that the company’s customer service team sent the email.

Phishing email and the phishing page (Screenshots via Armorblox)

**Prime Targets**

Armorblox co-founder and CEO DJ Sampath stated that financial firms are more frequently targeted with credential phishing scams. The main targets of this scam are holders of American Express charge cards.

What’s note worthy is that the phishing scam has bypassed **Google Workspace Security** successfully, and so far, the email has been sent to around 16,000 email addresses of American Express employees.

**How to Identify a Phishing Scam?**

Most people are familiar with the term “phishing” but may not know how to identify a phishing scam. Phishing is a type of online fraud that involves tricking someone into giving personal information such as passwords, credit card numbers, or banking information. Scammers do this by sending fake emails or setting up fake websites that look like the real thing.

Here are some tips to help you spot a phishing scam:

*   Be suspicious of any email or website that asks for personal information such as your password, Social Security number, or credit card number. Legitimate companies will never ask for this information via email or an online form.  
    
*   Phishing attempts almost always contain a link, downloadable attachment, or directive telling people to do something ASAP.  
    
*   There are often a lot of spelling mistakes, but not always.  
    
*   The email or message can instill a sense of urgency to get people to act quickly without thinking.  
    
*   It may be a threat or even blackmail, as is the case with sextortion phishing scams.  
    
*   The email signature will usually look strange or different from normal.  
    
*   Phishing emails or messages aren’t always from strangers. Sometimes they’re sent from the compromised accounts of friends, coworkers, or other contacts.  
    
*   Inspect the URL of any website you’re directed to from an email before entering any information on it.

**More AmEx Security News**

1.  American Express Card Data Stolen by Cyber Criminals
2.  American Express Users Hit with ‘Unusual Activity’ Phishing Scam
3.  Unprotected Snapchat and Amex sites lead to credential harvesting
4.  Phishing Scam: Crooks Using FB Messenger Chatbots to Steal Login Data
5.  Spider-Man: No Way Home exploited to push phishing and malware scams

‘Important Notification’ Phishing Scam Targeting American Express Customers

By Waqas
Anonymous has confirmed to Hackread.com that the attack on the Yandex Taxi app was carried out in cooperation with the IT Army of Ukraine.
This is a post from HackRead.com Read the original post: Anonymous hacked Russian Yandex taxi app causing a massive traffic jam

Russia has been one of the **prime targets of hackers** since the country waged war against Ukraine. The latest attack was targeted against a ride-hailing service Yandex Taxi. The news was first **published** on Reddit.com.

For your information, Yandex Taxi is owned by **Yandex**, Russia’s leading IT corporation, also called Russian Google. It is worth noting that the EU sanctioned the company’s co-founder Arkady Volozh for “de-ranking and removing” content related to Russian aggression against Ukraine.

**Incident Details**

After hacking the Yandex Taxi app, the unknown hackers created a massive traffic jam in Moscow, Russia. On September 1st, 2022, motorist complaints emerged after they witnessed an unusual accumulation of taxis in the Russian capital’s western area. 

What happened was that the attackers ordered all available taxis to a particular address, and an unprecedented traffic jam ensued as dozens of Yandex drivers were stuck due to being in the exact location.

**According to** Forbes Russia, the cabs were directed to one of the main avenues in Moscow, Kutuzovsky Prospekt, which is widely known for the Stalinist-era building called Hotel Ukraina (Hotel Ukraine).

The traffic jam lasted three hours. Yandex’s security team quickly addressed the standstill and promised to improve the algorithm to prevent such attacks in the future.

> “On the morning of September 1, Yandex Taxi encountered an attempt by attackers to disrupt the service — several dozen drivers received bulk orders to the Fili region,” the press service noted. Due to fake orders, drivers spent about 40 minutes in a traffic jam.
> 
> Forbes Russia

**Who’s Responsible for the Hack?**

The online hacktivist collective **Anonymous** has taken the responsibility for the cyber attack. In an exclusive conversation with Hackread.com, one of the collective’s active Twitter handles @YourAnonTV (Anonymous TV) said that the attack was carried out by anonymous in cooperation with the IT Army of Ukraine

> Anonymous breached the app, sending dozens of cars to the exact location, forming a traffic jam that lasted up to three hours.
> 
> Anonymous

> ‼️#Moscow had a stressful day yesterday. The largest taxi service in Russia 'Yandex Taxi' was hacked by the #Anonymous collective. A traffic jam took place in the center of Moscow when dozens of taxi were sent by the hackers to the address on Kutuzovsky Prospekt. #OpRussia pic.twitter.com/6fp1hp0f7r
> 
> — Anonymous TV 🇺🇦 (@YourAnonTV) September 2, 2022

**How Did the Breach Happen?**

**According to** Oleg Shakirov, a Russian cyber policy expert, someone hacked the Yandex app and did a frustrating mix-up of taxis. The hackers bypassed the company’s security mechanisms and created multiple bogus orders, sending all the drivers to the same place.

1.  **Someone Hacked Swedish Radio Station to Play Pro-ISIS Song**
2.  **Someone DDoSed Ukraine’ national postal service for 48 hours**
3.  **Someone hacked N. Korean Radio Station to Play “The Final Countdown”**
4.  **Someone hacked 50,000 printers to promote PewDiePie YouTube channel**
5.  **Anonymous & its affiliates hacked 90% of Russian misconfigured databases**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Anonymous hacked Russian Yandex taxi app causing a massive traffic jam

By Waqas
The IP addresses used in the attack originated from Vietnam, while the campaign’s primary targets were located in the USA.
This is a post from HackRead.com Read the original post: Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms

**Snake Keylogger** is back in action with a brand new malspam campaign spreading via phishing emails sent to corporate IT enterprises’ managers. Bitdefender Antispam Labs discovered the campaign on 23 August 2022.

**What is a Keylogger?**

A keylogger is a type of malicious software that records your keystrokes and sends them to a hacker. Keyloggers can be installed on your computer without your knowledge, usually through a malicious email attachment or infected website.

In some cases, attackers may use a physical keylogger on your device in shape of a **malicious USB drive** or a customized **phone charging cable**, etc.

**Campaign Analysis**

According to Bitdefender analysts, the IP addresses used in the attack originated from Vietnam, while the campaign’s primary targets were located in the USA, and thousands of inboxes have received the **phishing email**.

Attackers leverage the corporate profile of one of Qatar’s leading IT and cloud services providers to trap victims into opening a ZIP archive. This archive has an executable file titled “CPMPANY PROFILE.exe.”

This file, according to Bitdefender’s **blog post**, loads the notorious Snake Keylogger payload on the targeted system’s host. The data is exfiltrated through SMTP.

Screengrab: Bitdefender

**What is Snake Keylogger?**

It is an infamous credential and **info-stealing malware** that exfiltrates sensitive data from infected machines. It has screenshot capturing and keyboard logging capabilities. It is a huge threat to enterprises because of its spying and data harvesting features.

In addition to that, it can steal information from system clipboards. It is also called **404 Keylogger**. The trojan surfaced in 2020 and is currently available at underground marketplaces/message boards for a few hundred dollars. The malware is used commonly in financially motivated campaigns, including identity theft and fraud-based campaigns.

**How to Protect Yourself?**

A keylogger records every keystroke you make, giving hackers access to your personal information, passwords, and financial data. But there are steps you can take to protect yourself.

The best way to protect your device is by verifying the validity and origin of correspondence before clicking on any attachment. Also, install the industry’s most **reliable security solutions** and protect your accounts with 2FA or MFA processes.

1.  **US Warns Firms About North Korean Hackers Posing as IT Workers**
2.  **Cisco Confirms Breach After Employee’s Google Account was Hacked**
3.  **Twitter Confirms Data Breach as 5.4M Accounts Sold on Hacker Forum**
4.  **Hackers posing as LinkedIn recruiters to scam military, aerospace firms**
5.  **Hackers hit Europe’s largest healthcare provider with Snake ransomware**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms

By Waqas
There are many different parental control apps available, so it is important to research which one will best fit the needs of your family.
This is a post from HackRead.com Read the original post: What is a parental control app and what are your options

A parental control app is a software application that parents can use to monitor their children’s activities on their smartphones. SMS, or short message service, is a way for parents to track their children’s text messages and see who they are communicating with. Smartphone parental control apps can also track the child’s location, restrict access to certain websites, and set time limits for app usage.

While some parents may feel comfortable trusting their children with a smartphone, others may want to have more control over what their children can do on their devices. For parents who want to monitor their child’s smartphone usage, a parental control app can be a helpful tool.

There are many different parental control apps available, so it is important to research which one will best fit the needs of your family. Here is a list of some of the parental control apps popular among users worldwide.

When it comes to keeping tabs on their children, parents have a lot of options these days. One such option is the mSpy parental control app. This app allows parents to track their child’s SMS messages, phone calls, and location. It can also be used to block certain apps and websites.

mSpy is a reliable and affordable option for parents who want to keep a close eye on their children’s activities. The app is easy to use and can be installed on most smartphones. Parents can also set up alerts so they’re notified if their child attempts to access something they’re not supposed to.

If you’re concerned about your child’s safety or want to make sure they’re not spending too much time on their phone, the mSpy parental control app is definitely worth considering.

**Google Family Link**

Did you know there is a parental control app offered by Google? Yes, Google Family Link is an app that helps parents manage their children’s online activity. It lets parents set up restrictions on what apps and websites their children can use, and also allows them to see how much time their children are spending on their devices.

Google Family Link can be a helpful tool for parents who want to make sure their children are staying safe online. The app is available for Android and iOS devices. Parents can also control the app on their web browser.

**Kidslox**

Kidslox is a parental control app that helps parents manage their children’s screen time. It allows parents to set limits on how much time their children can spend on devices, as well as what apps and websites they can access. Kidslox also has features that allow parents to monitor their children’s activity and whereabouts.

Kidslox is available for Android and iOS devices.

**Boomerang**

Boomerang is a parental control app that helps parents manage their children’s screen time. Boomerang lets parents set limits on how much time their children can spend on their devices, as well as track their child’s activity and internet usage.

Boomerang also provides parents with insights into their child’s online activity, helping them to better understand what their child is doing online. The app is available on App Store for iOS devices, on Google Play Store for Android devices, and on Galaxy Store as well.

**eyeZy**

The eyeZy parental app is a great way for parents to keep track of their children’s whereabouts and activities. The app is simple to use and easy to navigate, making it a great choice for anyone who wants to stay organized while they are away from home. The app includes features like an activity log, location history, and a message board where parents can communicate with each other.

**XNSPY**

The focus of the XNSPY application is mainly on parental control or monitoring a group of employees. It has a control panel designed to monitor various devices easily. Available in a version without root and with root; as well as without jailbreak and with jailbreak.

Seeing the functionality of this application, the general impression is that its developers designed it so that the user can monitor their company’s devices at the same time. Moreover, its control panel allows you to easily switch between all the devices added to the account.

**Choosing The Best Parental Control App**

When it comes to choosing parental control app, there are a few things you need to take into consideration. Here are some factors that you should look for:

*   **Ease of use**: The app should be easy to use and understand. Even if you’re not tech-savvy, you should be able to use it with ease.
*   **Reliability**: The app should be reliable and provide accurate information. You don’t want a parental control app that provides inaccurate information.
*   **Customer support**: If you run into any problems while using the app, you’ll want to ensure that customer support is available to help you.
*   **Value for money**: Make sure you’re getting an app worth the price. Some apps are expensive but don’t offer desired features. Choose an app that has an excellent price-to-feature ratio.
*   **Sharing Data:** Make sure that the app you are about to use does not store your data or sell it to the advertisement of malicious third parties. You must ensure your child’s data does not end up with an outsider.

1.  5 Ways to Ensure Your Child’s Online Safety
2.  Parents lose custody of kids after YouTube pranks
3.  Teen “Hackers” on Discord Selling Malware for Quick Cash
4.  Germany bans kids smartwatches, asks parents to destroy them
5.  Parental control spyware app Family Orbit hacked; 281 GB of data exposed

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

What is a parental control app and what are your options

By Owais Sultan
If your MS Access database is corrupted or is in an inconsistent state, you can use the Compact…
This is a post from HackRead.com Read the original post: Stellar Repair for Access – Software Review

If your MS Access database is corrupted or is in an inconsistent state, you can use the Compact and Repair utility. However, sometimes, this inbuilt MS Access utility does not bring the desired results or fails to repair the database.

In such a case, the best solution is to use an advanced Access repair tool. One such tool is Stellar Repair for Access which can repair severely corrupt Access database (MDB and ACCDB) files and recover all the data. Let’s talk in detail about Stellar Repair for Access and see how it works.

**About Stellar Repair for Access**

Stellar Repair for Access is a powerful software that is designed to repair corrupt or damaged MS Access database (.mdb /.accdb) files. It recovers all the database objects, like queries, linked lists, forms, tables, reports, etc. with 100% integrity.

It can also recover deleted records from corrupted Access database files. The software is compatible with all MS Access versions, including 2007, 2010, 2013, 2016, and 2019. 

**Salient Features of Stellar Repair for Access**

Here are some key features of Stellar Repair for Access:

*   **Repairs ACCDB and MDB Files:** The software repairs corrupted or damaged ACCDB files (created in recent versions of MS Access) and also MDB files (of MS Access 2007 and earlier versions). The software can repair database files irrespective of the MS Access version you’re using.

*   **Repairs Database Objects:** After repairing the file, the software recovers all the database objects, like tables, queries, macros, linked tables, modules, forms, etc. It allows you to save the recovered data in a new database file.

*   Repairs Split Database: The software also allows to repair of split databases. It also recovers the data stored in the corrupt linked tables connected to different databases.

*   **Recovers Deleted Data:** Stellar Repair for Access offers a feature to recover deleted records from the corrupt Access database file.
*   **Helps Fix Various Database Errors:** The Stellar repair tool helps fix different errors that arise from database corruption, like Access update query is corrupt, database filename.mdb needs to be repaired, unrecognized database format, and others.

**How to Install Stellar Repair for Access?**

Installation of Stellar Repair for Access is quite easy and requires only a few steps. However, before installing the software, your system must meet the following minimum requirements:

*   Processor: Intel compatible (x86, x64)
*   Operating System: Windows 11, 10, 8.1, 8, and 7
*   Memory: 8 GB (recommended), 4 GB (minimum)
*   Hard Disk: 250 MB of free space
*   Version Support: MS Access 2019, 2016, 2013, 2010, 2007, 2003, 2002, and  Office 365.

Here are the steps to install the software:

*   Download the **StellarRepairforAccess.exe** from the official website and double-click on it to open the Setup dialog box.  
    
*   Click **Next** and the License Agreement dialog box appears.  
    
*   Choose the **I accept the agreement** option and click **Next**.  
    
*   It will display the **Select Destination Location** dialog box.  
    
*   Click **Browse** to choose the destination path and click **Next.**  
     
*   The “**Select Start Menu folder**” dialog box appears. Click **Next.**   
    
*   Then, the **Ready to install dialog box** is displayed. Click **Install.**  
    
*   Once installation is complete, click Finish

**How to Use Stellar Repair for Access to Repair the Database?**

Stellar Repair for Access has an intuitive interface that makes the repair process easy and simple. Even users with little or no technical expertise can easily operate the software and repair the database.

Here are the steps to repair corrupted Access file using the software:

*   Launch the software and click the **Select** **Database** tab on the main menu. It will open a new window. 

*   You will see two options: **Browse** and **Find**. Click **Browse** if you know the path of the corrupted file. If you don’t know the location of the file, click **Find.** The software will search and list all the database files on your system.  
    
*   After selecting the file, click **Repair**.  
    
*   It will start the repair process. Wait for a few minutes till the process completes.  
    
*   Once the process finishes, it will provide a preview of all the objects in the repaired database.  
    
*   You can select the specific object to preview its data.

*   Now, go to the **Home** ribbon and click **Save Database** to save the repaired database. 

*   Choose the desired destination to save the repaired file and click **OK**.

*   The message “**Repaired file saved successfully**” is displayed. Click **OK.**

**Verdict**

Stellar Repair for Access is an excellent choice when it comes to repairing corrupt Access database files. The software is easy-to-use and recovers all the components from the corrupt file. So, if your database is severely corrupt, use Stellar Repair for Access to save your time and effort as well.

1.  Stellar Repair for Outlook Software Review
2.  Product Review – Stellar Repair for MS SQL
3.  Software Review: Stellar Repair for Exchange
4.  Stellar Converter for OST – OST to PST Conversion?
5.  Software Review – Stellar Data Recovery Professional

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Stellar Repair for Access – Software Review

By Deeba Ahmed
Sephora claims it respects consumer privacy and "strives to be transparent about how their personal information is used" to improve customer experience.
This is a post from HackRead.com Read the original post: Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

The world’s leading cosmetics and beauty products manufacturer Sephora will pay a fine of $1.2 million to settle claims with a California district court.

The fine was brought under the California Consumer Privacy Act (**CCPA**) 2018 after more than a hundred retailers were examined for compliance with the act. The law was implemented primarily to ensure consumers can control the kind of data businesses can collect.

**The Accusation**

The company allegedly breached the California Consumer Privacy Act by ignoring to inform its customers that it sold their data. The company also failed to honor consumer requests to avoid selling their data by using the opting-out feature on its website.

Furthermore, Sephora ignored customers’ requests who signed through a Global Privacy Control supporting browser/extension and didn’t want to sell their private data. Instead, it allowed third-party firms, including marketing, advertising, and data analytics companies, to access its customers’ online activities in exchange for their services.

To do so, third parties created profiles of customers and accessed personal data like their shopping cart items, device details, and location, **court documents** revealed. The court was further informed of the following:

> “Consumers are constantly tracked when they go online. Sephora, like many online retailers, installs third-party companies’ tracking software on its website and in its app so that these third parties can monitor consumers as they shop. Third parties track all types of data; in Sephora’s case, third parties can track whether a consumer is using a MacBook or a Dell, the brand of eyeliner that a consumer puts in their “shopping cart,” and even the precise location of the consumer.”

> “Some of these third-party companies create entire profiles of users who visit Sephora’s website, which the third parties then use for Sephora’s benefit. For example, the third party might provide detailed analytics information about Sephora’s customers and provide that to Sephora, or offer Sephora the opportunity to purchase online ads targeting specific consumers, such as those who left eyeliner in their shopping cart after leaving Sephora’s website. This data about consumers is frequently kept by companies and used for the benefit of other businesses, without the knowledge or consent of the consumer.”

**Sephora’s Response**

However, Sephora claims it respects consumer privacy and “strives to be transparent about how their personal information is used” to improve customer experience.

> “Sephora was not the target or victim of a data breach, and this agreement with the California Office of the Attorney General (“OAG”) does not constitute an admission of liability or fault by Sephora. We have always cooperated fully with the OAG and Sephora’s practices are already in compliance with the CCPA.”
> 
> Sephora

Furthermore, Sephora explained that it uses data “strictly for Sephora experiences” and that the CCPA doesn’t define SALE in its conventional sense. That’s because traditionally, Sale entails industry-wide implemented standard practices like cookies that allow the company to provide its customers “more relevant Sephora product recommendations,” customized shopping experiences, and advertisements.

Consumers can simply opt-out of this by “CA- Do Not Sell My Personal Information. The link is available on the Sephora website footer, the company said.

In a comment to Hackread.com, Yotam Segev, co-founder, and CEO of a cloud-native data security platform **Cyera** said that “What I find most interesting about the Sephora settlement is that it started with a spot-check audit of more than 100 retailers. This is the sort of thing that keeps security and risk professionals up at night.”

According to Segev, “Business leaders are tasked with finding ways to leverage data to create new revenue streams. Especially with the shift to remote work, permissive access and applications like Google Drive or Slack make it easy to access and spread information across a business.”

“The people or teams involved may have believed they were permitted to monetize this data. How many businesses are prepared for this kind of action? Security and risk teams need a simple way to answer basic questions like What data do I have? Where is it now? Who is accessing it? How should it be governed and secured? Those are questions you need answers to at your fingertips, not something to be found after a lengthy audit process following a security incident,” Segev emphasized.

**CCPA Details**

The law entails that Californian consumers are entitled to know what information a business can collect, how they can use it, and the option to delete the data a company collected from them.

For your information, the act applies to for-profit retailers doing business in California earning gross annual revenue of more than **$25 million** and also to companies that buy, sell, or receive the personal data of 50,000+ devices, residents, and households in California and derive over 50% of their annual revenues from selling the residents’ private data.

The settlement resulted from a year-long Enforcement Sweep channeled by California Attorney General Rob Bonta. He investigated Sephora and many other businesses to check if any of them breached the CCPA.

1.  **Cambridge Analytica scandal: Facebook hit with $1.6 million fine**
2.  **IT guy from FEMA hacked medical center, sold data on dark web**
3.  **Ticketmaster hacked a rival and now it’s paying a $10m fine for it**
4.  **Kids luxury clothing store Melijoe exposed 200GB of customers’ data**
5.  **How much does a data breach cost? + How to prevent it (Best practices)**

Source

HackRead