InfoSec News Nuggets 01/19/2021

Nine Attention-Grabbing Inventions Unveiled at This Year’s CES Like school, work conferences and visiting your grandparents, this year’s Consumer Electronics Show (CES) has been virtual-only. So instead of gathering in hangar-sized Las Vegas expo halls, those wishing to check out the year’s crop of tech and gadget debuts can simply tune in online. Some of these technologies will never catch on. Others may one day be as ubiquitous as the Xbox, satellite radio and 3D printers, all…
Read More

InfoSec News Nuggets 01/15/2021

Apple drops 'exclusion list' which allowed its own apps to bypass firewalls The latest beta of macOS Big Sur has reportedly removed the contentious ability for Apple's own apps to bypass firewalls, and hide their network use. Apple's release of the macOS Big Sur 11.2 beta appears to show that the company is dropping a controversial network feature. In the current public version of Big Sur, 56 of Apple's own apps and system processes can use the internet…
Read More

InfoSec News Nuggets 01/14/2021

The billionaires' brawl over satellite broadband Elon Musk is under siege by fellow billionaires at Amazon and Dish as he tries to get his fledgling space-based broadband service off the ground, with clashes involving airwave overload and the threat of satellite collisions. Musk's Starlink service could extend broadband to unconnected customers in hard-to-reach rural areas. But competitors are pressing the Federal Communication Commission to stymie Musk's plans. The Federal Communications Commission voted Tuesday evening to explore letting companies…
Read More

InfoSec News Nuggets 01/13/2021

Mac malware uses 'run-only' AppleScripts to evade analysis A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. Yet, analyzing it is difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code a tall order. A recently observed variant…
Read More

InfoSec News Nuggets 01/12/2021

Securing Wi-Fi at Home To create a secure home network, you need to start by securing your Wi-Fi access point (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi-Fi to create a far more secure home network for you and your family.   Can Artificial Intelligence Help Us Fight Fake News? Fake news and…
Read More

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More

InfoSec News Nuggets 01/08/2021

Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That? On Wednesday, hundreds of Donald Trump supporters rioted and stormed the Capitol, getting into the Senate and the offices of some lawmakers, who were hastily evacuated. Given how quickly some staffers and lawmakers had to leave, some of them left their computers unlocked and unattended, and some of the terrorists were photographed in front of them. Cybersecurity experts now worry that the rioters had a chance to get their…
Read More

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More

InfoSec News Nuggets 01/06/2021

One Million Compromised Accounts Found at Top Gaming Firms Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue. After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side. This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal…
Read More

InfoSec News Nuggets 01/05/2021

20 years of tech with Jeff: From green iMacs and DVDs to the iPhone era My stint started in 2000 – I began at USA TODAY earlier, covering entertainment – when we spent a lot of time talking about the big three tech companies: AOL, Yahoo and Microsoft. AOL had just shocked the world by buying Time Warner for $165 billion. (You know how well that turned out. But I digress.) We did use computers, yes indeed,…
Read More

InfoSec News Nuggets 01/04/2021

Apply brakes to Apple Car expectations, analyst says The idea of an Apple Car landing in showrooms hit the headlines again last week when a Reuters report suggested the tech giant is aiming to have an electric vehicle (EV) with autonomous capabilities ready for market in 2024. But a new research note from respected Apple analyst Ming-Chi Kuo suggests the car’s precise design specifications have yet to be decided, adding that any such vehicle may not arrive until 2028…
Read More

InfoSec News Nuggets 12/28/2020

Five Solution Providers Breached By SolarWinds Hackers Deloitte, Stratus Networks, Digital Sense, ITPS and Netdecisions were breached via SolarWinds and then specifically targeted by the hackers for additional internal compromise, according to a cybersecurity consultancy. The Sweden-based firm, Truesec, analyzed the malware — as well as historical network data — to determine which firms were explicitly selected by the SolarWinds hackers for further activities, meaning that additional internal compromise could have taken place. Nearly 18,000 firms were…
Read More

InfoSec News Nuggets 12/24/2020

FireEye's Mandia on SolarWinds hack: 'This was a sniper round' The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special…
Read More

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio,…
Read More

InfoSec News Nuggets 12/22/2020

Zoom Says It’s Being Probed by SEC, Two U.S. Attorneys Offices Zoom Video Communications Inc. said it has provided information to multiple U.S. prosecutors and regulators regarding interactions with China and other overseas governments, as well as security and user privacy matters. The U.S. Securities and Exchange Commission and two U.S. Attorney’s offices have been investigating Zoom for months, the San Jose, California-based company said Friday in a blog post and a filing. The videoconferencing company disclosed the…
Read More

InfoSec News Nuggets 12/21/2020

Nuclear weapons agency breached amid massive cyber onslaught The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said. On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by…
Read More

InfoSec News Nuggets 12/18/2020

Google sued by 10 states for alleged "anti-competitive conduct" in advertising Ten states on Wednesday brought a lawsuit against Google, accusing the search giant of "anti-competitive conduct" in the online advertising industry, including a deal to manipulate sales with rival Facebook. Texas Attorney General Ken Paxton announced the suit, which was filed in a federal court in Texas, saying Google is using its "monopolistic power" to control pricing of online advertisements, fixing the market in…
Read More

InfoSec News Nuggets 12/17/2020

Microsoft and industry partners seize key domain used in SolarWinds hack Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. According…
Read More

InfoSec News Nuggets 12/16/2020

Amazon, TikTok, Facebook, Others Ordered To Explain What They Do With User Data The Federal Trade Commission is demanding that nine social media and tech companies share details on how they harness users' data and what they do with the information. Amazon.com, TikTok owner ByteDance, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp (also owned by Facebook), and YouTube were sent orders by the FTC on Monday to provide the commission with details on their data collection and advertising…
Read More

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More

InfoSec News Nuggets 12/14/2020

Facebook links APT32, Vietnam's primary hacking group, to local IT firm In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today's most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users. "Our investigation linked this activity to CyberOne Group, an…
Read More

InfoSec News Nuggets 12/11/2020

Hackers steal data on Pfizer Covid-19 vaccine The manufacturers of one of the leading Covid-19 vaccines has admitted that it has been targeted in an apparent cyberattack. US firm Pfizer and its German partner BioNTech, which collectively have developed the first Covid vaccine to achieve approval in the West, confirmed that documents related to the vaccine’s development had been “unlawfully accessed.” Little information is known about the attack, including likely instigators, or when and how the attack…
Read More

InfoSec News Nuggets 12/10/2020

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers at Forescout and dubbed Amnesia-33, are buried deep in the supply chain: third-party software used in components…
Read More

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe…
Read More

InfoSec News Nuggets 12/08/2020

China bans encryption exports – including quantum and key management tech China has restricted export of encryption technologies in the first list on new items published under new export control laws. The list, which The Register has passed through two machine translation services, restricts exports of VPNs, chips with encryption functions used in finance industry applications, key management products and cryptanalysis equipment. Dedicated password-generating hardware also cannot leave the Middle Kingdom without approval. Quantum cryptographic equipment is also…
Read More

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners…
Read More

InfoSec News Nuggets 12/04/2020

IBM warns hackers targeting COVID vaccine 'cold chain' supply process IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus. The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with…
Read More

InfoSec News Nuggets 12/03/2020

5G rollout faster than expected; will reach a billion people this year The super-fast technology reached more customers this year than expected and will cover about 60% of the global population by 2026, according to a new report from Ericsson. That makes 5G the fastest deployed mobile network ever, the Swedish networking giant said. By the end of this year, there will be 218 million 5G subscriptions around the world, up from Ericsson’s forecast in…
Read More

InfoSec News Nuggets 12/02/2020

Developers can now run macOS apps in an Amazon EC2 instance running on an Intel Mac mini Amazon EC2 Mac instances enable customers to run on-demand macOS workloads in the cloud for the first time, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. With EC2 Mac instances, developers creating apps for iPhone, iPad, Mac, Apple Watch, Apple TV, and Safari can provision and access macOS environments within minutes, dynamically scale…
Read More

InfoSec News Nuggets 12/01/2020

Gift card hack exposed – you pay, they play As you probably know, gift cards that you purchase online are typically delivered by email to a recipient of your choosing as a secret code and a registration link. So, receiving a gift card code is a bit like getting hold of the number, expiry date and security code from a prepaid credit card – loosely speaking, whoever has the code can spend it. Although gift…
Read More

InfoSec News Nuggets 11/30/2020

Networking equipment vendor Belden discloses data breach American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.  The intrusion was detected after the company's IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well…
Read More

InfoSec News Nuggets 11/25/2020

Top Biden adviser seen as making tech regulation more likely President-elect Joe Biden’s top technology adviser helped craft California’s landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two key tech policy issues.  Bruce Reed, a former Biden chief of staff who is expected to take a major role in the new administration, helped negotiate with the…
Read More

InfoSec News Nuggets 11/24/2020

Apple accuses Facebook of 'disregard for user privacy' Apple has criticised Facebook for trying to “collect as much data as possible” from users, saying it will push ahead with its planned launch of a new privacy feature despite objections from the advertising industry. The company’s director of global privacy, Jane Horvath, made the criticism in a letter to a coalition of privacy groups, reassuring them that the feature, which will require users to actively allow developers to…
Read More

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world's biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught…
Read More

InfoSec News Nuggets 11/19/2020

Hacking group exploits ZeroLogon in automotive, industrial attack wave The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper. Historically, the threat group -- first discovered in 2009 and one that the US believes may be sponsored by the Chinese government -- has targeted organizations connected to Japan, and this latest attack wave appears to be no different. Symantec researchers have documented companies and their subsidiaries…
Read More

InfoSec News Nuggets 11/18/2020

DarkSide ransomware is creating a secure data leak service in Iran The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack…
Read More

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More

InfoSec News Nuggets 11/16/2020

Microsoft says it’s time for you to stop using SMS and voice calls for multi-factor authentication Multi-factor authentication makes it much harder for hackers to break their way into your online accounts, even if they already know your password. An online account protected by MFA will prompt you to enter a separate one-time code – often constructed out of six random digits that expire after a short period of time – after you have entered…
Read More

InfoSec News Nuggets 11/13/2020

Japan’s creepy robot wolf scares away crop-raiding deer, bears A Japanese town has deployed robot wolves in the hopes of scaring away bears and other wildlife that can damage crops -- or potentially injure residents. The robot, simply named "Monster Wolf," is being tested in a town called Takikawa, located on the Hokkaido island in Northern Japan.  As reported by JAPANkyo, the 'scarecrow' has been created by Ohta Seiki and measures roughly 24-inches long, sporting a furry body, four…
Read More

InfoSec News Nuggets 11/12/2020

Ring doorbell security cameras recalled after some catch fire Amazon-subsidiary Ring is recalling hundreds of thousands of video doorbells after receiving reports of them catching fire. The potential fire hazard impacts around 350,000 2nd generation Ring doorbells sold in the United States and roughly 8,700 more sold in Canada, according to a notice posted by the US Consumer Product Safety Commission (CPSC) on Tuesday. The $100 doorbells were sold on Ring's website and on Amazon…
Read More

InfoSec News Nuggets 11/11/2020

The Double-Edged Sword of Cybersecurity Insurance Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer…
Read More

InfoSec News Nuggets 11/10/2020

Vatican enlists bots to protect library from onslaught of hackers Ancient intellects are now being guarded by artificial intelligence following moves to protect one of the most extraordinary collections of historical manuscripts and documents in the world from cyber-attacks. The Vatican Apostolic Library, which holds 80,000 documents of immense importance and immeasurable value, including the oldest surviving copy of the Bible and drawings and writings from Michelangelo and Galileo, has partnered with a cyber-security firm to…
Read More

InfoSec News Nuggets 11/09/2020

What to do with old online accounts you don't use anymore? Chances are you have old online accounts that you haven’t used for a long time, maybe years. I know I do. I talked to the digital security experts at Sophos, and they say the smart move is to delete these old accounts. “Those old accounts may not seem like they have much value to you, but criminals have been passing around those old passwords and…
Read More

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we…
Read More

InfoSec News Nuggets 11/05/2020

WhatsApp now lets you post ephemeral messages, which disappear after 7 days Facebook recently announced that WhatsApp passed the whopping milestone of 100 billion messages sent per day, but not everyone wants those chats to stick around forever. Now, Facebook’s wildly popular messaging app with 2 billion users is adding a feature to give people more control on how their words and pictures live within the app. From today, messages — including photos and videos…
Read More

InfoSec News Nuggets 11/04/2020

MIT researchers develop an AI model that can detect Covid-19 in asymptomatic individuals Though global economies have begun to open up, the Covid-19 virus is still spreading throughout the world, infecting thousands of new people every day. To help curb the spread of the disease, MIT researchers have developed an AI model that can detect the virus' presence in even asymptomatic individuals. The potential good that such a model could do is probably pretty obvious.…
Read More

InfoSec News Nuggets 11/03/2020

Twitter explains how it will handle misleading tweets about the US election results Twitter recently updated its policies in advance of the U.S. elections to include specific rules that detailed how it would handle tweets making claims about election results before they were official. Today, the company offered more information about how it plans to prioritize the enforcement of its rules and how it will label any tweets that fall under the new guidelines. In…
Read More

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More

InfoSec News Nuggets 10/30/2020

Scammers are spoofing bank phone numbers to rob victims It can be a very convincing trick…“You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you suggest calling them back, they’ll tell you it’s impossible to call their extension directly and…
Read More