Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi.

This discovery raises significant concerns about privacy and the integrity of data handling by public sector organizations.

Data Collection Methods

Silent Push’s investigation began with implementing three core ad tech standards—ads.txt, app-ads.txt, and sellers.json—into their data collection practices.

These standards are crucial for transparency in digital advertising, providing clear information about which companies are authorized to sell or resell ad inventory.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

By utilizing a custom query language, SPQL, Silent Push was able to identify unique ad account IDs linked to the advertising vendors on public websites.

Their analysis revealed that 18 UK public organizations, including local councils like Havant Borough Council, South Gloucestershire Council, and the Met Office, have been using services provided by Yeahmobi to serve advertisements on their domains.

Notably, Yeahmobi has previously been flagged by Google for malicious practices related to ad fraud and attribution abuse.

The involvement of Yeahmobi, a company previously blacklisted for malicious SDKs (Software Development Kits), in handling data from UK government websites poses serious privacy concerns.

The exact volume and nature of the collected data remain unclear, but the potential for misuse or unauthorized access to sensitive information cannot be ignored.

This situation is particularly alarming given the public’s trust in government platforms to safeguard their personal information.

UK Government Response

As of now, the UK government has not issued a formal response to these findings.

The revelation that local council websites, which are not prohibited from engaging in programmatic advertising, have partnered with a questionable foreign entity demands urgent attention and action.

It is imperative for public sector organizations to ensure compliance with national data protection laws and uphold the highest standards of transparency and security in their digital operations.

Chinese Ad Vendors Involved

Yeahmobi, the Chinese ad vendor at the center of this controversy, has a checkered past, including being implicated in ad fraud and the use of malicious software.

Despite these issues, Yeahmobi has managed to infiltrate the digital advertising space on UK government websites, prompting questions about these public organizations’ oversight and due diligence processes.

The findings by Silent Push serve as a crucial wake-up call for the UK public sector to reevaluate its digital advertising partnerships and prioritize the privacy and security of citizen data.

As the situation develops, it will be essential to monitor any governmental actions taken to address these serious concerns and ensure that similar risks are mitigated.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

The post Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Go to source

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player.

This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise.

Potential Acquisition Details

Sources close to the matter indicate that IBM could soon reach an agreement to acquire San Francisco-based HashiCorp.

While the discussions are advanced, there remains a possibility that the talks could fall through without resulting in a deal.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

The acquisition would likely command a premium over HashiCorp’s current market valuation if successful.

As of the latest trading session, HashiCorp’s market capitalization is approximately $4.9 billion, reflecting a 4% increase in its stock price since the beginning of the year.

According to the Wall Street Journal report, the acquisition by IBM would mark a significant premium on this value, acknowledging HashiCorp’s strategic importance and its robust performance in the market.

HashiCorp’s Strategic Value

HashiCorp is renowned for its innovative software solutions that facilitate cloud infrastructure setup for companies.

It has established partnerships with numerous technology giants, including Cisco, Datadog, and RedHat, which is owned by IBM.

This existing relationship between HashiCorp and IBM’s subsidiary could provide a smoother integration of technologies and corporate cultures.

IBM’s Strategic Transformation

Under the leadership of CEO Arvind Krishna, IBM has been aggressively pursuing a transformation into a hybrid cloud and AI powerhouse.

This strategy has been marked by significant acquisitions and divestitures, including the purchase of Apptio for approximately $5 billion last June, which enhanced IBM’s automation capabilities, and the sale of the Weather Company assets to Francisco Partners.

Krishna’s focus on key technology areas such as quantum computing and blockchain highlights IBM’s commitment to remaining at the forefront of technological innovation.

The acquisition of HashiCorp would represent a strategic, albeit relatively small, expansion for IBM, which currently has a market capitalization of around $170 billion.

This move comes when mergers and acquisitions in the tech sector appear to be slowing down, as evidenced by Salesforce’s recent withdrawal from negotiations to acquire Informatica.

IBM’s potential acquisition of HashiCorp could significantly enhance its capabilities in cloud infrastructure, further solidifying its position as a leader in the hybrid cloud and AI sectors.

As the tech world watches closely, the outcome of these negotiations could have far-reaching implications for the competitive dynamics within the cloud services market.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

The post IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Go to source

The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals.

These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies.

The announcement underscores the gravity of cyber threats and the U.S. government’s commitment to countering such illegal activities.

The indictment, unsealed in a Manhattan federal court, names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab as the perpetrators behind a concerted effort to compromise the U.S. government and business networks.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

This cyber campaign is believed to be part of a larger strategy by Iranian actors to exert influence and gain unauthorized access to critical information and systems.

The Reward for Justice has recently tweeted about a lucrative opportunity for information related to Iranian hackers.

The reward for such information has been set at a maximum of $10 million.

Charges

The charges laid out by the Justice Department are severe and reflect the serious nature of the offenses.

The four individuals are accused of engaging in a cyber-enabled campaign that targeted U.S. infrastructure.

While the specific charges have not been detailed in the press release, such indictments typically include counts of unauthorized access to computer systems, data theft, and potentially espionage-related activities.

Impact

The impact of these cyber-attacks is far-reaching.

They represent a direct threat to the security of sensitive U.S. government and corporate information and undermine trust in digital infrastructure.

The announcement of rewards, which can reach $10 million, clearly signals that the U.S. is taking a proactive stance in deterring such cyber threats and is willing to invest significant resources in bringing the perpetrators to justice.

The Justice Department’s move also serves as a deterrent to other would-be cyber attackers, demonstrating that the U.S. will pursue and potentially prosecute individuals involved in cyber espionage and cybercrime, regardless of location.

The unsealing of the indictment and the subsequent reward offer marks a critical step in the fight against international cybercrime.

The U.S. government’s approach reflects an understanding that cyber threats require a robust and multi-faceted response, combining legal action, international cooperation, and public-private partnerships.

As the digital landscape continues to evolve, such measures will be vital in safeguarding national interests and maintaining the integrity of global cyberinfrastructure.

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

The post Rewards Up to $10 Million for Information on Iranian Hackers appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Go to source