InfoSec News Nuggets 4/24/2024

Mandiant: Orgs are detecting cybercriminals faster than ever The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today. The cyber shop says the downward trend continues from last year's 16 days and should be seen as "a big victory for the good guys," but a deeper look into the underlying data shows there are still some obvious issues at play. For one, the…
Read More

InfoSec News Nuggets 4/23/2024

Three suspected Chinese spies arrested in Germany — caught stealing sensitive tech secrets Three people suspected of stealing "innovative technologies for military use" for China have been arrested in Germany. Prosecutors say the individuals, referred to as Thomas R, Herwig F, and Ina F, acted for Chinese intelligence from around June 2022 onwards via a company in Dusseldorf. One of the individuals, Thomas R, was allegedly an agent for an employee of China's Ministry of…
Read More

InfoSec News Nuggets 4/22/2024

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals. The Register was contacted by a member of the GhostR group on Thursday, claiming responsibility for the theft. The authenticity of the claims was later verified by a spokesperson for the London Stock Exchange Group (LSEG), which maintains the database. A spokesperson said…
Read More

InfoSec News Nuggets 4/19/2024

Law enforcement infiltrates fraud platform used by thousands of criminals worldwide A website used by more than 2,000 criminals to defraud victims worldwide has been infiltrated in the Met’s latest joint operation to tackle large-scale online fraud. ‘LabHost’ is a service which was set up in 2021 by a criminal cyber network. It enabled the creation of “phishing” websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.…
Read More

InfoSec News Nuggets 4/18/2024

MGM says FTC can't possibly probe its ransomware downfall MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently. The biz on Monday sued [PDF] the US regulator and its chair, noting the computer network intrusion in September 2023 "cost MGM dearly." That legal complaint, filed in…
Read More

InfoSec News Nuggets 4/17/2024

Giant Tiger breach sees 2.8 million records leaked Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of that forum. In March, one of Giant Tiger‘s vendors, a company used to manage customer communications…
Read More

InfoSec News Nuggets 4/16/2024

Cisco Duo warns third-party data breach exposed SMS MFA logs Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. Cisco Duo is a multi-factor authentication and Single Sign-On service used by corporations to provide secure access to internal networks and corporate applications. Duo's homepage reports that it serves 100,000 customers and handles over a billion authentications monthly, with over 10,000,000 downloads on…
Read More

InfoSec News Nuggets 4/15/2024

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. "Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," warns the Palo Alto security bulletin. The flaw, which has been discovered by Volexity and is tracked as CVE-2024-3400, is a command injection vulnerability…
Read More

InfoSec News Nuggets 4/12/2024

Zambia Busts 77 People in China-Backed Cybercrime Operation Law enforcement in Zambia this week raided a Chinese company that hired unsuspecting young Zambian citizens purportedly for positions at a call center that instead was a front for cybercrime and money laundering. The so-called Golden Top Support services company directed the employees "with engaging in deceptive conversations with unsuspecting mobile users across various platforms such as WhatsApp, Telegram, chatrooms and others, using scripted dialogues," Nason Banda,…
Read More

InfoSec News Nuggets 4/11/2024

Prudential Insurance says data of 36,000 exposed during February cyberattack Prudential Insurance — one of the largest insurers in the United States — said hackers stole the sensitive information of more than 36,000 during a February incident. In a filing on Friday with regulators in Maine, the company said it detected unauthorized access on February 5, prompting an investigation. “Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024…
Read More

InfoSec News Nuggets 4/10/2024

Over 90,000 LG Smart TVs may be exposed to remote attacks Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection.  Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The…
Read More

InfoSec News Nuggets 4/9/2024

FCC to vote on net neutrality rules on April 25 The Federal Communications Commission is preparing to vote to restore net neutrality at the commission’s open meeting later this month. If adopted by the commission, restoring net neutrality would bring back a national standard for broadband reliability, security and consumer protection as well as reclassify the internet as a telecommunications service under Title II of the Communications Act of 1934. Net neutrality rules were first put in…
Read More

InfoSec News Nuggets 4/8/2024

Magecart-style hackers charged by Russia in theft of 160,000 credit cards  Russia has taken the rare step of publicly charging six people suspected of stealing the details of 160,000 credit cards as well as payment information from foreign online stores. According to the statement published by Russia's Prosecutor General's Office earlier this week, the suspects used malware to bypass the websites' security measures and gain access to their databases. Then, using malicious code, they copied the necessary account…
Read More

InfoSec News Nuggets 4/4/2024

Missouri county declares state of emergency amid suspected ransomware attack  Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been…
Read More

InfoSec News Nuggets 4/2/2024

India rescues 250 citizens enslaved by Cambodian cybercrime gang  The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. The government explains that these people were tricked into believing that lucrative job opportunities were waiting for them in the Southeast Asian nation, yet they were forced into becoming cybercriminals once they arrived there. After several nationals informed India's Embassy in Cambodia of their…
Read More

InfoSec News Nuggets 4/1/2024

Amazon reverses course, revokes police access to Ring footage via Neighbors app  Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly…
Read More

InfoSec News Nuggets 3/29/2024

Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 While 2023 was a difficult year for cybersecurity teams, 2024 is likely to be worse. In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. By Flashpoint’s numbers, there were 6,077 recorded data breaches in 2023, with attackers accessing more than 17 billion personal records (up 34.5% on 2022’s figures). In the…
Read More

InfoSec News Nuggets 3/28/2024

Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov The US Justice Department on Monday unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering an economic espionage and foreign intelligence gathering by the Chinese government. All seven defendants, federal prosecutors alleged, were associated with Wuhan Xiaoruizhi Science & Technology Co., Ltd. a front company created by the Hubei State Security…
Read More

InfoSec News Nuggets 3/27/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More

InfoSec News Nuggets 3/26/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More

InfoSec News Nuggets 3/25/2024

Senators push to declassify TikTok briefings Democratic Senator Richard Blumenthal and Republican Senator Marsha Blackburn are calling for TikTok briefings to be declassified so the government can “better educate the public on the need for urgent action.” The briefings come as support grows for a forced sale of TikTok due to national security concerns around ByteDance, the Chinese company that owns the app. “We are deeply troubled by the information and concerns raised by the intelligence community…
Read More

InfoSec News Nuggets 3/22/2024

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it…
Read More

InfoSec News Nuggets 3/21/2024

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were…
Read More

InfoSec News Nuggets 3/20/2024

We’re one step closer to a global cybersecurity standard for smart home devices As useful as connected devices like video doorbells and smart lights are, it’s wise to exercise caution when using connected tech in your home, especially after years of reading about security camera hacks, fridge botnet attacks, and smart stoves turning themselves on. But until now, there hasn’t been an easy way to assess a product’s security chops. A new program from the Connectivity Standards Alliance (CSA), the group…
Read More

InfoSec News Nuggets 3/19/2024

NHS Dumfries and Galloway Warns of “Significant” Data Theft An NHS Scotland trust has warned of disrupted services and possible data compromise after being breached by threat actors. NHS Dumfries and Galloway issued a brief statement on Friday that it “has been the target of a focused and ongoing cyber-attack.” The healthcare provider is still investigating the incident, in tandem with the National Cyber Security Centre (NCSC), Police Scotland and the Scottish Government. Healthcare is…
Read More

InfoSec News Nuggets 3/16/2024

Former telecom manager admits to doing SIM swaps for $1,000 A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. SIM swapping is an unauthorized porting of a targeted person's phone number to another physical SIM card or eSIM chip controlled by the attacker. These types of attacks are usually conducted via social engineering attacks against…
Read More

InfoSec News Nuggets 3/15/2024

The software at the center of debate over Chinese cyber threat inside the biggest ports in US Cybersecurity risks associated with Chinese-made cranes at U.S. ports are not new, and recent White House action and hearings on Capitol Hill have escalated the claims about potentially serious national security vulnerabilities embedded in key infrastructure. But the Biden administration, lawmakers and ports management continue to differ in their views of the true nature of the threat. In…
Read More

InfoSec News Nuggets 3/13/2024

VR headsets can be hacked with an Inception-style attack In the Christoper Nolan movie Inception, Leonardo DiCaprio’s character uses technology to enter his targets’ dreams to steal information and insert false details into their subconscious.  A new “inception attack” in virtual reality works in a similar way. Researchers at the University of Chicago exploited a security vulnerability in Meta’s Quest VR system that allows hackers to hijack users’ headsets, steal sensitive information, and—with the help of generative…
Read More

InfoSec News Nuggets 3/12/2024

Elon Musk says xAI will open-source Grok this week Elon Musk’s AI startup xAI will open-source Grok, its chatbot rivaling ChatGPT, this week, the entrepreneur said, days after suing OpenAI and complaining that the Microsoft-backed startup had deviated from its open-source roots. xAI released Grok last year, arming it with features including access to “real-time” information and views undeterred by “politically correct” norms. The service is available to customers paying for X’s $16 monthly subscription. Musk, who didn’t elaborate on…
Read More

InfoSec News Nuggets 3/11/2024

Microsoft says Russian hackers stole source code after spying on its executives Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. “In recent weeks, we have seen evidence that Midnight Blizzard…
Read More

InfoSec News Nuggets 3/8/2024

Fidelity customers' financial info feared stolen in suspected ransomware attack Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys.   Google…
Read More

InfoSec News Nuggets 3/7/2024

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the…
Read More

InfoSec News Nuggets 3/6/2024

Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but…
Read More

InfoSec News Nuggets 3/5/2024

Ransomware ban backers insist thugs must be cut off from payday Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators. Ciaran Martin, founding CEO of the UK's National Cyber Security Center (NCSC), reiterated his stance on the matter a week after LockBit started to get back on its feet again following the efforts of Operation Cronos to bring its servers…
Read More

InfoSec News Nuggets 3/4/2024

Hugging Face, the GitHub of AI, hosted code that backdoored user devices Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come. In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-user device.…
Read More

InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement…
Read More

InfoSec News Nuggets 2/29/2024

Registrars can now block all domains that resemble brand names Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. GlobalBlock, a solution already in use by leading registrars like GoDaddy Corporate Domains, 101domain, and MarkMonitor lets businesses pay a subscription fee to reserve a part of the domain space, as a means to protect their trademark. But, is there more to…
Read More

InfoSec News Nuggets 2/28/2024

Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring “high-risk” vulnerabilities, according to a new study from Synopsys. The chip design tool company’s ninth annual Open Source Security and Risk Analysis (OSSRA) report analyzed anonymized findings from over 1000 commercial codebase audits in 17 industries. It found that the share featuring high-risk open source bugs – that is, ones that have been actively exploited, have documented proof-of-concept exploits or are…
Read More

InfoSec News Nuggets 2/27/2024

Lockbit cybercrime gang says it is back online following global police bust Lockbit, the cybercrime gang that was knocked offline by a comprehensive international police operation earlier this month, says it has restored its servers and is back in business. The group, notorious on the internet's criminal underground for using malicious software called ransomware to digitally extort its victims, was the target of an unprecedented international law enforcement operation last week which saw its members arrested and indicted. Lockbit's…
Read More

InfoSec News Nuggets 2/26/2024

U-Haul says hacker accessed customer records using stolen creds U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and…
Read More

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last…
Read More

InfoSec News Nuggets 2/22/2024

Reward Offers for Information on LockBit Leaders and Designating Affiliates The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group. Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and…
Read More

InfoSec News Nuggets 2/21/2024

Reddit sells training data to unnamed AI company ahead of IPO On Friday, Bloomberg reported that Reddit has signed a contract allowing an unnamed AI company to train its models on the site's content, according to people familiar with the matter. The move comes as the social media platform nears the introduction of its initial public offering (IPO), which could happen as soon as next month. Reddit initially revealed the deal, which is reported to be worth…
Read More

InfoSec News Nuggets 2/20/2024

Using AI in a cyberattack? DOJ’s Monaco says criminals will face stiffer sentences The Justice Department’s No. 2 official directed federal prosecutors to impose stiffer penalties on cybercriminals who use AI in their crimes. “We have to put AI at the top of [our] enforcement priorities list,” Lisa Monaco told an audience Friday at the Munich Cyber Security Conference. “We’re looking quite hard at how AI can enhance quite literally the danger associated with crimes.…
Read More

InfoSec News Nuggets 2/16/2024

  European Court of Human Rights declares backdoored encryption is illegal The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "the contested legislation providing for the retention of all internet communications of all users, the security services’ direct…
Read More

InfoSec News Nuggets 2/15/2024

Romanian hospital ransomware crisis attributed to third-party breach The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All…
Read More

InfoSec News Nuggets 2/14/2024

Meta says risk of account theft after phone number recycling isn't its problem to solve Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out. The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period –…
Read More

InfoSec News Nuggets 2/13/2024

Europe's largest caravan club admits wide array of personal data potentially accessed  The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen. According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the…
Read More

InfoSec News Nuggets 2/12/2024

Google unmasks 5 spyware firms from Italy, Greece and Spain that infect phones all over the world  Wow, that Mediterranean climate sure is something! Five companies from Southern Europe have been called out by Google and accused of producing spyware software that infects and affects phones all over the world. The search engine giant said these five companies from Italy, Greece and Spain were “enabling the use of dangerous hacking tools”, and urged the United…
Read More

InfoSec News Nuggets 2/9/2024

Half of polled infosec pros say their degree was less than useful for real-world work Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot. The Moscow-headquartered multinational revealed those figures today in the first part of a multi-stage…
Read More