InfoSec News Nuggets 10/23/2020

Quibi is shutting down Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the…
Read More

InfoSec News Nuggets 10/22/2020

PayPal to support Bitcoin and other crypto — but merchants must use fiat PayPal is ready to let users to buy, sell, and hold Bitcoin $BTC▲4.15% and other cryptocurrencies, according to Reuters. PayPal chief exec Dan Schulman told Reuters the company hopes this will “encourage global use of virtual coins,” and ready its network in anticipation of digital currencies issued by central banks. The US payments giant said it plans to allow users to actually spend their cryptocurrency with the…
Read More

InfoSec News Nuggets 10/21/2020

Seven mobile browsers vulnerable to address bar spoofing attacks An "address bar spoofing" vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there…
Read More

InfoSec News Nuggets 10/20/2020

Albion Online game maker discloses data breach A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes, the game maker disclosed on Saturday.  "The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts," said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also harvested encrypted passwords. Sandbox Interactive said the passwords were hashed with…
Read More

InfoSec News Nuggets 10/19/2020

Minneapolis Will Consider Facial Recognition Ban A Minneapolis City Council member filed a motion that could result in a citywide ban on law enforcement use of facial recognition technology. If successful, the motion, which was filed on October 2 and will be officially introduced Friday, could signal a wave of reforms over the use of military and surveillance equipment following the murder of George Floyd by Minneapolis police. As calls to defund and disband police forces reverberate…
Read More

InfoSec News Nuggets 10/16/2020

World’s fastest AI supercomputer is coming to Italy Nvidia today announced that its accelerated computing platform will be used to build the world’s fastest AI supercomputer. The new system — called Leonardo — is being constructed by French IT firm Atos for Italian inter-university consortium Cineca. It’s expected to deliver 10 exaflops of FP16 AI performance, which will be harnessed by Cineca researchers to simulate planetary forces behind climate change and molecular movements inside a coronavirus molecule. Nvidia…
Read More

InfoSec News Nuggets 10/15/2020

DuckDuckGo, EFF, and others just launched privacy settings for the whole internet A group of tech companies, publishers, and activist groups including the Electronic Frontier Foundation, Mozilla, and DuckDuckGo are backing a new standard to let internet users set their privacy settings for the entire web. “Before today, if you want to exercise your privacy rights, you have to go from website to website and change all your settings,” says Gabriel Weinberg, CEO of DuckDuckGo, the…
Read More

InfoSec News Nuggets 10/14/2020

Largest cruise line operator Carnival confirms ransomware data theft Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack. "While the investigation is ongoing, early indications are that the unauthorized third-party gained access to certain personal information relating to some guests, employees, and crew for some of our operations," Carnival said. "There is currently no indication of any misuse…
Read More

InfoSec News Nuggets 10/13/2020

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have…
Read More

InfoSec News Nuggets 10/12/2020

Comcast says gigabit downloads and uploads are now possible over cable Comcast's cable Internet still has a heavy emphasis on download speeds, as even its gigabit-download service only comes with 35Mbps uploads. But that may not be the case forever, as today Comcast announced a "technical milestone" that can deliver gigabit-plus download and upload speeds over existing cable wires. Specifically, Comcast said it conducted "a trial delivering 1.25Gbps upload and download speeds over a live production network using Network Function…
Read More

InfoSec News Nuggets 10/09/2020

Facebook rebuts ‘The Social Dilemma,’ a popular Netflix documentary The movie revealed, perhaps for the first time to some viewers, how social networks use algorithms to keep people coming back. It also addressed how tech companies have influenced elections, ethnic violence and rates of depression and suicide. Some viewers said they were deleting Facebook and Instagram after watching it. The rebuttal suggests that Facebook may be worried about the documentary’s effects on usage. “The Social Dilemma” appeared…
Read More

InfoSec News Nuggets 10/08/2020

Twitter is testing how its misinformation labels can be more obvious, direct Twitter’s Yoel Roth said the company is exploring changes to the small blue notices that it attaches to certain false or misleading tweets, to make these signals more ‘overt’ and be more ‘direct’ in giving users information. But he did not say whether any new versions would be ready before the U.S. election in the next four weeks, a period that experts say…
Read More

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More

InfoSec News Nuggets 10/06/2020

SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it.…
Read More

InfoSec News Nuggets 10/05/2020

Russian state hackers appear to have breached a federal agency Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack. The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely…
Read More

InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More

InfoSec News Nuggets 09/29/2020

Federal Judge Temporarily Blocks Trump's TikTok Ban A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. starting Monday. Judge Carl Nichols of the U.S. District Court for the District of Columbia issued his decision Sunday - a few hours before the Trump administration's ban would have forced Apple and Google to remove the TikTok video-sharing app from…
Read More

InfoSec News Nuggets 09/28/2020

Google adds a COVID-19 layer to Google Maps Google continues to work on improving Google Maps and on Wednesday a "COVID-19 layer" started rolling out. With this layer, users can see areas where the virus is spreading and it is coded by color based on the number of people with the coronavirus in each region. The layer produces these color codes based on the seven-day average for the number of new COVID-19 cases per 100,000…
Read More

InfoSec News Nuggets 09/25/2020

Shopify discloses security incident caused by two rogue employees Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees. The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants). Shopify estimated the number of stores that might be affected by the employees' actions at less than 200. The company boasted more…
Read More

InfoSec News Nuggets 09/24/2020

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active.…
Read More

InfoSec News Nuggets 09/23/2020

FBI hopes a more aggressive cyber strategy will disrupt foreign hackers Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services. The Department of Treasury issued sanctions, the Department of Homeland Security advised companies on how to fend off hackers and U.S. intelligence agencies likely kept a close eye on possible reactions from Beijing and Tehran. At the center of the coordinated crackdowns, though, were…
Read More

InfoSec News Nuggets 09/22/2020

ByteDance says it will not transfer algorithm and technology to Oracle as part of TikTok deal ByteDance will not transfer algorithms and technologies to Oracle as part of a deal announced over the weekend to keep social media app TikTok operating in the U.S. President Donald Trump said he approved a deal on Saturday that will see the creation of a U.S.-headquartered firm called TikTok Global with Oracle and Walmart taking minority stakes. Oracle will become TikTok’s secure cloud…
Read More

InfoSec News Nuggets 09/21/2020

CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas…
Read More

InfoSec News Nuggets 09/18/2020

Privacy-focused search engine DuckDuckGo is growing fast DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also…
Read More

InfoSec News Nuggets 09/17/2020

Schools remain 'easy target' for ransomware as Maze targets big K-12 systems Actors using the Maze ransomware are claiming credit for a recent string of attacks against large public school districts across the United States, just as students and teachers are returning to their mostly virtual learning environments. Last Friday, the school system in Fairfax County, Virginia, which enrolls nearly 200,000 students, reported that it had been compromised by Maze, which posted a file containing…
Read More

InfoSec News Nuggets 09/16/2020

Staples discloses data breach exposing customer info Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization. Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email. It is important to note that Staples’ main business is selling office supplies and related products using retail channels and through business-to-business engagements. The office…
Read More

InfoSec News Nuggets 09/15/2020

Apple's carbon-neutral goal is a giant task, could echo through big tech An examination into Apple's environmentalism asks whether Apple could truly reach its pledge of making the iPhone carbon neutral, with comments from Apple's executive leadership along with other environmentalists suggesting it is possible, but a very big task. Apple has made numerous strides in its bid to make itself more environmentally friendly, as part of an initiative to become carbon neutral across the entirety of its…
Read More

InfoSec News Nuggets 09/14/2020

Walmart begins testing drone deliveries for household goods and groceries Walmart has started making its first deliveries by drone, launching a small pilot program this week in Fayetteville, North Carolina. The retailer will be delivering “select grocery and household essential items” using automated drones operated by Israeli startup Flytrex. Each of the drones can fly at speeds of 32 mph, travel distances of 6.2 miles in a round trip, and carry up to 6.6 pounds (that’s roughly…
Read More

InfoSec News Nuggets 09/11/2020

Ransomware accounted for 41% of all cyber insurance claims in H1 2020 Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats. "Ransomware doesn't…
Read More

InfoSec News Nuggets 09/10/2020

‘Willful, brazen, and unlawful’: Apple files breach-of-contract countersuit against Epic Apple  has filed a countersuit against Epic over the latter’s attempt to circumvent App Store rules and avoid paying millions in fees. The lawsuit alleges that Epic is deliberately in breach of contract and asks the court to award damages and prohibit Epic from attempting anything like this again. A brief refresher: Epic in mid August slipped in a new way to buy in-game currency for…
Read More

InfoSec News Nuggets 09/09/2020

Amazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch Project Connected Home over IP — the ambitious attempt to bring together Amazon, Apple, Google, and the Zigbee Alliance with a unified, open-source smart home platform — has just posted its latest update on the project. The group has announced (in the first major update since the standard was revealed) that work on the project is still ongoing, and it’s targeting a…
Read More

InfoSec News Nuggets 09/08/2020

Apple delays privacy feature to opt out of online ad tracking until 2021 Apple is delaying the rollout of a proposed privacy tweak in iOS 14 that allows users to opt out of ad tracking until early next year. In a statement shared with TechCrunch and The Information, the iPhone maker said it’s doing so “to give developers the time they need to make the necessary changes.” The exact date when the policy would be enforced is expected…
Read More

InfoSec News Nuggets 09/04/2020

Verizon spends big in FCC auction ahead of mid-band 5G launch Verizon (Engadget’s parent company) was the biggest winner in the FCC’s recently concluded auction for licenses in the 3.5 GHz band. In its announcement, the commission has revealed that Verizon placed $1.89 billion in winning bids, followed by Dish Network (under the name Wetterhorn Wireless) with total winning bids worth $912 million. The FCC started auctioning off 70 megahertz of Priority Access Licenses in a band…
Read More

InfoSec News Nuggets 09/03/2020

Uber to require mask selfies for riders who haven’t been covering up Uber drivers have long had to take a selfie to show they're wearing a mask before accepting rides. Now the same scanning software will be used on  passengers. By the end of September in the U.S. and Canada, Uber passengers that have been flagged for not wearing a mask will have to scan their face through the app before they can request another ride. The…
Read More

InfoSec News Nuggets 09/02/2020

Former engineer pleads guilty to Cisco network damage, causing Webex Teams account chaos A former Cisco engineer has admitted to illegally accessing Cisco's network and wiping 456 virtual machines as well as causing disruption to over 16,000 Webex Teams accounts. Sudhish Kasaba Ramesh has taken a plea agreement in a federal court in San Jose after being accused of intentionally accessing a protected computer without authorization and recklessly causing damage, according to the US Department of Justice…
Read More

InfoSec News Nuggets 09/01/2020

Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows Thousands of stolen Fortnite accounts are selling like hotcakes in underground marketplaces, amassing around $1.2 million a year for cybercriminals, a new report shows. The Fortnite Underground Cybercrime Economy report sheds light on a million-dollar business that capitalizes on the popularity of the free-to-play video game that managed to attract over 350 million players within three years of its launch. According to researchers from Night Lion Security,…
Read More

InfoSec News Nuggets 08/31/2020

US sues to recover cryptocurrency funds stolen by North Korean hackers The United States government has filed a lawsuit today seeking to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds North Korean hackers stole from two cryptocurrency exchanges. Court documents did not identify the hacked exchanges, but officials said the two hacks took place in July 1, 2019, and September 25, 2019. During the first incident, North Korean…
Read More

InfoSec News Nuggets 08/28/2020

Tesla Insider Works with FBI to Turn the Tables on Russia’s Million Dollar Attempt to Hijack the Network On August 25, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a citizen of Russia for conspiring to breach the network of a U.S. company, which media has identified as Tesla (their GigaFactory in Sparks, NV) and introduce malware into the company’s network. Kriuchkov was arrested on August 22 as he tried to depart…
Read More

InfoSec News Nuggets 08/27/2020

Tomorrow’s Fortnite Update Won’t Be Coming for Apple Users, Epic Says It’s a 'Matter of Principle' In its first statement since Monday’s captivating hearing, this morning Epic Games sought to further clarify its position against Apple while also admitting that the latest chapter of Fortnite would not be appearing on either iOS or macOS when it launches August 27. If you listened in on Monday’s trial, Epic’s latest statement will sound like a refrain. “Apple is asking that Epic…
Read More

InfoSec News Nuggets 08/26/2020

A Chrome feature is creating enormous load on global root DNS servers The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results. The Intranet Redirect Detector, which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root…
Read More

InfoSec News Nuggets 08/25/2020

Here's how to turn your old phone into a home security camera for free If you have some old phones collecting dust in a drawer somewhere, don't sell them for a fraction of what you bought them for. If they still turn on, you can put them to good use in your home. You could turn one into a baby monitor or a makeshift Google Home speaker, for example. Those are good ideas and you can find more in the link…
Read More

InfoSec News Nuggets 08/24/2020

Vishing Becomes Suspect in Recent Social Media Breach for Major Influencers The ZeroFOX Alpha Team has been assisting industry and threat-sharing partners in tracking a large-scale vishing (voice phishing) campaign targeting financial institutions, cryptocurrency exchanges, telecommunication companies and single-sign-on (SSO) providers. The actors target employees of a company and do an extensive amount of research on the employees and the company to build a convincing persona of an IT contractor working with the victim company.…
Read More

InfoSec News Nuggets 08/19/2020

Carnival Cruises into Danger After Ransomware Attack British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing. The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15. Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on…
Read More

InfoSec News Nuggets 08/18/2020

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel's, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach;…
Read More

InfoSec News Nuggets 08/17/2020

Instagram Retained Deleted Photos and Messages on Its Servers for Over a Year Instagram has awarded a security researcher a $6,000 bug bounty payout after he found photos and private direct messages on the platform's servers that he had deleted more than a year ago (via TechCrunch). Saugat Pokharel discovered that his content hadn't been removed in October after downloading a copy of his data from the photo-sharing app. Instagram introduced the download option two years ago to…
Read More

InfoSec News Nuggets 08/14/2020

Network intruders selling access to high-value companies Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the…
Read More

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More

InfoSec News Nuggets 08/12/2020

Twitter 'looking' at a possible TikTok tie-up Twitter has approached TikTok's Chinese owner ByteDance to express an interest in buying its US operations, according to reports. Video-sharing platform TikTok has been at the centre of fierce debate in recent weeks and takeover talk. Last week US Donald Trump ordered firms to stop doing business with TikTok within 45 days over security concerns. Tech giant Microsoft is the front-runner to buy TikTok but now Twitter has…
Read More