27 Aug 2020
By Mary

InfoSec News Nuggets 08/27/2020

Tomorrow’s Fortnite Update Won’t Be Coming for Apple Users, Epic Says It’s a 'Matter of Principle' In its first statement since Monday’s captivating hearing, this morning Epic Games sought to further clarify its position against Apple while also admitting that the latest chapter of Fortnite would not be appearing on either iOS or macOS when it launches August 27. If you listened in on Monday’s trial, Epic’s latest statement will sound like a refrain. “Apple is asking that Epic…
Read More
26 Aug 2020
By Mary

InfoSec News Nuggets 08/26/2020

A Chrome feature is creating enormous load on global root DNS servers The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results. The Intranet Redirect Detector, which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root…
Read More
25 Aug 2020
By Mary

InfoSec News Nuggets 08/25/2020

Here's how to turn your old phone into a home security camera for free If you have some old phones collecting dust in a drawer somewhere, don't sell them for a fraction of what you bought them for. If they still turn on, you can put them to good use in your home. You could turn one into a baby monitor or a makeshift Google Home speaker, for example. Those are good ideas and you can find more in the link…
Read More
24 Aug 2020
By Mary

InfoSec News Nuggets 08/24/2020

Vishing Becomes Suspect in Recent Social Media Breach for Major Influencers The ZeroFOX Alpha Team has been assisting industry and threat-sharing partners in tracking a large-scale vishing (voice phishing) campaign targeting financial institutions, cryptocurrency exchanges, telecommunication companies and single-sign-on (SSO) providers. The actors target employees of a company and do an extensive amount of research on the employees and the company to build a convincing persona of an IT contractor working with the victim company.…
Read More
19 Aug 2020
By Mary

InfoSec News Nuggets 08/19/2020

Carnival Cruises into Danger After Ransomware Attack British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing. The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15. Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on…
Read More
18 Aug 2020
By Mary

InfoSec News Nuggets 08/18/2020

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel's, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach;…
Read More
17 Aug 2020
By Mary

InfoSec News Nuggets 08/17/2020

Instagram Retained Deleted Photos and Messages on Its Servers for Over a Year Instagram has awarded a security researcher a $6,000 bug bounty payout after he found photos and private direct messages on the platform's servers that he had deleted more than a year ago (via TechCrunch). Saugat Pokharel discovered that his content hadn't been removed in October after downloading a copy of his data from the photo-sharing app. Instagram introduced the download option two years ago to…
Read More
14 Aug 2020
By Mary

InfoSec News Nuggets 08/14/2020

Network intruders selling access to high-value companies Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the…
Read More
13 Aug 2020
By Mary

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More
12 Aug 2020
By Mary

InfoSec News Nuggets 08/12/2020

Twitter 'looking' at a possible TikTok tie-up Twitter has approached TikTok's Chinese owner ByteDance to express an interest in buying its US operations, according to reports. Video-sharing platform TikTok has been at the centre of fierce debate in recent weeks and takeover talk. Last week US Donald Trump ordered firms to stop doing business with TikTok within 45 days over security concerns. Tech giant Microsoft is the front-runner to buy TikTok but now Twitter has…
Read More
11 Aug 2020
By Mary

InfoSec News Nuggets 08/11/2020

#DEFCON: How the International Space Station Enables Cybersecurity Like any other IT environment, there are potential cyber-risks to the International Space Station (ISS), though the station is quite literally like no environment on Earth. In a session on August 9 at the Aerospace Village within the DEFCON virtual security conference, former NASA astronaut Pamela Melroy outlined the cybersecurity lessons learned from human spaceflight and what still remains a risk. Melroy flew on two space shuttle missions during her tenure…
Read More
10 Aug 2020
By Mary

InfoSec News Nuggets 08/10/2020

TikTok threatens to sue the Trump administration over the executive order barring US firms from doing business with its parent TikTok has threatened to sue the Trump administration over Thursday's executive order that bans US citizens and companies from doing business with its Chinese parent company ByteDance. TikTok responded to the order on Friday, saying it was issued "without any due process." The executive order prohibits US individuals and companies from making "any transactions" with…
Read More
07 Aug 2020
By Mary

InfoSec News Nuggets 08/07/2020

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. A subsequent investigation into…
Read More
06 Aug 2020
By Mary

InfoSec News Nuggets 08/06/2020

New feature lets you easily fact-check WhatsApp messages After addressing those who just mindlessly forward messages to all their contacts, the company is now targeting those who want to be responsible and fact-check WhatsApp messages before forwarding them. We’re piloting a simple way to double check these messages by tapping a magnifying glass button in the chat. Providing a simple way to search messages that have been forwarded many times may help people find news results or…
Read More
05 Aug 2020
By Mary

InfoSec News Nuggets 08/05/2020

US government sites abused to redirect users to porn sites In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. An open redirect is an URL that anyone can use to redirect a visitor to a website of their choosing. Blackhat SEO scammers use these open redirects to get listings in search engines, such as Google, that show the page's title…
Read More
04 Aug 2020
By Mary

InfoSec News Nuggets 08/04/2020

Hackers Broke Into Real News Sites to Plant Fake Stories OVER THE PAST few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents—both real and fabricated—to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they’re…
Read More
31 Jul 2020
By Mary

InfoSec News Nuggets 7/31/2020

US provides new expanded set of espionage charges against former Twitter employees The two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, and the third person named Ahmed Almutairi were originally charged with fraudulently accessing private information and acting as illegal agents of a foreign government for allegedly spying on Twitter users critical of the Saudi royal family. This time around, the individuals have been charged with seven offences instead of two. The charges include acting as…
Read More
30 Jul 2020
By Mary

InfoSec News Nuggets 7/30/2020

A Cyberattack on Garmin Disrupted More Than Workouts ON THURSDAY, HACKERS hit the navigation and fitness giant Garmin with a ransomware attack that took down numerous services across the company. Garmin Connect, the cloud platform that syncs user activity data, went dark, as did portions of Garmin.com. But as athletes found themselves unable to record runs and workouts, pilots who use Garmin products for position, navigation, and timing services in airplanes were dealing with their own problems.  …
Read More
29 Jul 2020
By Mary

InfoSec News Nuggets 7/29/2020

Dave ShinyHunters hack exposes 7.5 million user records Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group ShinyHunters, included personal user information including names, emails, birth dates, physical addresses and…
Read More
28 Jul 2020
By Mary

InfoSec News Nuggets 7/28/2020

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation. According to Cryptolaemus, a group of white-hat security researchers tracking…
Read More
27 Jul 2020
By Mary

InfoSec News Nuggets 7/27/2020

Slack credentials abundant on cybercrime markets, but little interest from hackers Slack credentials are abundant on hacking forums and the dark web; however, an analysis of the cybercrime underworld shows there's little interest in the platform among hacker groups. The conclusion belongs to cybersecurity firm KELA, who scoured the cybercrime market for Slack credentials following last week's Twitter hack and shared their findings with ZDNet this week. The credentials belonged to more than 12,000 different…
Read More
24 Jul 2020
By Mary

InfoSec News Nuggets 7/24/2020

First American Title Accused Of Exposing Millions Of Customers’ Personal Data First American Title, one of the largest providers of title insurance in the U.S., is facing allegations that it exposed the personal data of millions of its customers. The New York State Department of Financial Services (DFS) filed charges on Wednesday (July 22) against the Santa Ana, California-based company, which wrote more than 50,000 policies in New York last year. Regulators allege violations of the state’s cybersecurity…
Read More
23 Jul 2020
By Mary

InfoSec News Nuggets 7/23/2020

TikTok might be sold to US investors to ward off security concerns Chinese short video platform TikTok is currently facing close scrutiny and risks being booted out of the US — which is home to some of its most popular content creators — but the app may find a lifeline there. The Information reports that a number of US-based investors who already have a stake in TikTok‘s parent company, ByteDance, are considering purchasing the subsidiary company to…
Read More
22 Jul 2020
By Mary

InfoSec News Nuggets 7/22/2020

Tech Firms Begin to Abandon Hong Kong Over Security Law China’s sweeping national security law has forced technology firms to reconsider their presence in Hong Kong. The nimblest among them -- the city’s startups -- are already moving data and people out or are devising plans to do so. Beijing’s polarizing law, which took effect this month, upended Hong Kong’s tech scene just as it seemed on a path to becoming a regional hub. Entrepreneurs…
Read More
21 Jul 2020
By Mary

InfoSec News Nuggets 7/21/2020

Seven 'no log' VPN providers accused of leaking A string of "zero logging" VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet. This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon. It all came to light this week after Comparitech's Bob…
Read More
20 Jul 2020
By Mary

InfoSec News Nuggets 7/20/2020

Iran-linked hackers recently targeted coronavirus drugmaker Gilead Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers, as the company races to deploy a treatment for the COVID-19 virus. In one case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs, according…
Read More
17 Jul 2020
By Mary

InfoSec News Nuggets 7/17/2020

Mozilla project exposes YouTube's recommendation 'bubbles' We’ve all seen social media posts from our climate change-denying cousin or ultra-liberal college friend, and have wondered how they came to certain conclusions. Mozilla’s new project, “TheirTube,” created by Amsterdam-based designer Tomo Kihara, is offering a glance at theoretical YouTube homepages for users in six different categories. Those personas include: fruitarian, doomsday prepper, liberal, conservative, conspiracist and climate denier.  Through these different personas, Mozilla hopes to demonstrate how…
Read More
16 Jul 2020
By Mary

InfoSec News Nuggets 7/16/2020

Twitter lost control of its internal systems to Bitcoin-scamming hackers Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that’s growing increasingly influential. The first signs of compromise occurred around 1 PM California time when hijacked accounts—belonging to Vice President Joe Biden, Elon Musk, Bill Gates, and other people with millions or tens of millions of…
Read More
15 Jul 2020
By Mary

InfoSec News Nuggets 7/15/2020

MIT creates a soft-fingered robotic gripper than could eventually tie knots and sew stitches MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) has shared the results of a new project in which it built a two-fingered robotic gripper, which has soft pads for dedicated and fine manipulation of objects like cables, sheets and more. The robot’s design is based on how humans use their fingers to do things like untangle wires and tie knots. To…
Read More
14 Jul 2020
By Mary

InfoSec News Nuggets 7/14/2020

The real reason Apple is warning users about MacBook camera covers Earlier this month, Apple published a support document that warned MacBook owners against closing their laptop with a camera cover fitted. And just as with the whole wearing masks in public debate, there are some people who don't like being told what to do, even it is for their own good. First off, some clarity. Apple didn't say, "don't use a camera cover." Apple clearly…
Read More
13 Jul 2020
By Mary

InfoSec News Nuggets 7/13/2020

Secret Service merging electronic and financial crime task forces to combat cybercrime The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous…
Read More
10 Jul 2020
By Mary

InfoSec News Nuggets 7/10/2020

Mozilla suspends Firefox Send service while it addresses malware abuse Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a "Report abuse" button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send's increasing prevalence in current malware operations. Mozilla launched Firefox Send in March 2019. The service provides secure and private file-hosting and file-sharing capabilities for Firefox…
Read More
09 Jul 2020
By Mary

InfoSec News Nuggets 7/9/2020

Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says Authorities in Germany have seized a server used by the organization that published a trove of US police internal documents commonly known as BlueLeaks, according to the organization’s founder. On Tuesday, Emma Best, the founder of Distributed Denial of Secrets or DDoSecrets, a WikiLeaks-like website that has published the police data, said that prosecutors in the German town of Zwickau seized the organization’s “primary public download server.” “We are working…
Read More
08 Jul 2020
By Mary

InfoSec News Nuggets 7/8/2020

Companies start reporting ransomware attacks as data breaches Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.…
Read More
07 Jul 2020
By Mary

InfoSec News Nuggets 7/7/2020

Smartphone Apps Are Now a Weapon in International Disputes IN THE IPHONE age, your smartphone home screen can be a geopolitical battleground. Earlier this month, 20 Indian soldiers died in a skirmish with Chinese troops on the countries’ contested Himalayan border. Monday, India struck a blow in the digital realm of its own citizens’ mobile devices. The country’s Ministry of Information Technology banned 59 mobile apps, all Chinese, for allegedly endangering data security and privacy. They include China’s dominant…
Read More
06 Jul 2020
By Mary

InfoSec News Nuggets 7/6/2020

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix. Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized applications. Software engineer and app…
Read More
03 Jul 2020
By Mary

InfoSec News Nuggets 7/3/2020

Facebook admits to improperly giving user data to third-party developers, again In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users' non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.  We…
Read More
02 Jul 2020
By Mary

InfoSec News Nuggets 7/2/2020

Creepto Cash: personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage bitcoin scam. Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs used to redirect people to websites posing…
Read More
01 Jul 2020
By Mary

InfoSec News Nuggets 7/1/2020

Roblox accounts being hacked in support of Trump reelection A hacking campaign is targeting Roblox accounts to support President Trump in the upcoming U.S. Presidential elections in November. Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform. While used by people of all…
Read More
30 Jun 2020
By Mary

InfoSec News Nuggets 6/30/2020

Chinese bank requires foreign firm to install app with covert backdoor A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor. The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it…
Read More
29 Jun 2020
By Mary

InfoSec News Nuggets 6/29/2020

TikTok caught copying iOS users' clipboard contents, claims it's an anti-spam feature As the Telegraph notes, TikTok was one of several applications discovered to be reading users’ clipboards back in March. A couple of developers found popular applications such as AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon, and Google News were all snooping on both Android and iOS. ByteDance told Forbes this was related to the use of an outdated Google advertising SDK that was being replaced. At…
Read More
26 Jun 2020
By Mary

InfoSec News Nuggets 6/26/2020

NVIDIA and Mercedes partner to create a next-gen car computer During a joint press conference held Wednesday, NVIDIA and Mercedes Benz announced that they are teaming up to develop a “revolutionary in-vehicle computing system” for the automakers next generation of luxury automobiles in 2024. Touted as “the most sophisticated and advanced computing architecture ever deployed in an automobile,” per an NVIDIA press release, this new software system will enable Level 2 and 3 driving autonomy…
Read More
25 Jun 2020
By Mary

InfoSec News Nuggets 6/25/2020

Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected male from Kazakhstan who claimed to have broken…
Read More
24 Jun 2020
By Mary

InfoSec News Nuggets 6/24/2020

Four California Hotels Redefine Social Distancing with Robots Delivering Groceries, Towels and Pet Treats As the California economy reopens, four California hotels have created a safe environment with elevated cleanliness and Social Distancing Robot Ambassadors.  With many guests preferring a touchless experience, the three-foot robots provide guests with peace of mind as they can deliver everything from pillows and pet treats to towels and groceries. Since the robots have no arms, they do not replace…
Read More
23 Jun 2020
By Mary

InfoSec News Nuggets 6/23/2020

Activists publish 269GB of hacked US police force data Dubbed BlueLeaks, the group known as Distributed Denial of Secrets (DDoSecrets) has published 269GB of material providing insights into law enforcement and a wide array of US government activities. The public can also access the information in its entirety. These files include hundreds of thousands of images, as well as documents, tables, text files, videos and emails, with the complete dataset available to download by anybody…
Read More
22 Jun 2020
By Mary

InfoSec News Nuggets 6/22/2020

To evade detection, hackers are requiring targets to complete CAPTCHAs CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an…
Read More
19 Jun 2020
By Mary

InfoSec News Nuggets 6/19/2020

Amazon owes answers on facial recognition moratorium, lawmaker says Amazon's move to stop providing facial recognition to law enforcement until June 2021 has left more questions than answers. The company's announcement, limited to 102 words in a blog post, left out a lot of details on what the moratorium actually means, and a House representative is demanding answers from Amazon founder Jeff Bezos. In a letter sent to Bezos and Amazon on Wednesday, Rep. Jimmy Gomez, is asking the…
Read More
18 Jun 2020
By Mary

InfoSec News Nuggets 6/18/2020

SPACEX INTERNET SERVICE STARLINK ASKS FOR PEOPLE TO TRY IT OUT SpaceX has announced that it is looking for beta testers for its Starlink low-earth orbit internet service. The company, owned by Tesla CEO Elon Musk, was launched in 2015, with the first prototype satellites launched in 2018. Since then, the company has launched a host of new satellites from Nasa's Kennedy Space Center in Florida. There are currently 540 Starlink satellites in orbit. Eventually, they will form part…
Read More
17 Jun 2020
By Mary

InfoSec News Nuggets 6/17/2020

GitHub to replace "master" with alternative term to avoid slavery references GitHub is working on replacing the term "master" on its service with a neutral term like "main" to avoid any unnecessary references to slavery, its CEO said on Friday. The code-hosting portal is just the latest in a long line of tech companies and open source projects that have expressed support for removing terms that may be offensive to developers in the black community.…
Read More
16 Jun 2020
By Mary

InfoSec News Nuggets 6/16/2020

Amazon CEO Jeff Bezos agrees to testify before antitrust hearing Amazon and a handful of other major tech companies are facing increased pressure from a series of investigations from the US House and Senate, the Justice Department and Federal Trade Commission into their potential monopolistic practices. For Amazon, the investigations have often focused on Amazon's use of private label items to compete against much smaller retailers on its platform. Calls for Bezos to testify before…
Read More