14 Feb 2020
By Mary

InfoSec News Nuggets 2/14/2020

1 - Apple joins Microsoft, Samsung, Intel in FIDO security alliance Apple has now joined the FIDO or "Fast Identity Online" Alliance, several years after competitors including Microsoft, Samsung, Intel and Google. FIDO is concerned with fostering and promoting higher security for users, and specifically using authentication technology such as biometric sensors rather than passwords. FIDO was formed in July 2012 by a small group of companies including PayPal and Lenovo. Its open specifications called…
Read More
13 Feb 2020
By Mary

InfoSec News Nuggets 2/13/2020

1 - Robot with coronavirus advice hits Times Square Worried about the spread of coronavirus? A five-foot tall (1.5 meter) Promobot might have your answer. The robot with a friendly face rolled into Times Square on Monday to help provide information about the new virus. Curious passersby stopped, filled out a short questionnaire on an iPad-like touch screen attached to the robot’s chest, and even had a conversation with the machine. Promobot was created by…
Read More
12 Feb 2020
By Mary

InfoSec News Nuggets 2/12/2020

1 - Software errors plague Boeing's Calamity Capsule Troubled aerospace giant Boeing will "re-verify" the flight software code for its calamity capsule, the CST-100 Starliner, after it was revealed that December's anomaly could have been a lot, lot worse. Boeing had already coughed to a timer error that made the spacecraft's internal clock 11 hours out of whack while sat on the Atlas V. The result was that the Starliner managed to burn through its attitude control…
Read More
11 Feb 2020
By Mary

InfoSec News Nuggets 2/11/2020

1 -  FBI is investigating more than 1,000 cases of Chinese theft of US technology Members of the US government held a conference in Washington this week on the topic of Chinese theft of intellectual property from US technology firms and the US academic sector. Officials said the purpose of the conference -- named the China Initiative Conference -- was to bring the US private sector and the academic and research communities up to speed…
Read More
10 Feb 2020
By Mary

InfoSec News Nuggets 2/10/2020

1 - Data Breach at Mitsubishi Electric Caused by Zero-Day Vulnerability in Antivirus Software When antivirus software is installed and activated, there is usually an assumption that the system is automatically safer. Antivirus software can be penetrated just like any other software can, however, as a 2019 data breach at Japanese electronics giant Mitsubishi Electric demonstrates. Mitsubishi Electric did not disclose what software they were using or exactly what the nature of the data breach…
Read More
07 Feb 2020
By Mary

InfoSec News Nuggets 2/7/2020

1 - No expectation of privacy in an IP address, Alberta judge rules Police in Alberta don’t need a court order to get an external IP address from a service provider in trying to identify an internet user, according to a recent Calgary judicial ruling. The decision is a first in Canadian privacy law. The precedent applies for now only in Alberta but it will be cited in other courts across the country and could be…
Read More
06 Feb 2020
By Mary

InfoSec News Nuggets 2/6/2020

1 - Maze ransomware publicly shaming victims into paying At least five law firms have been hit and held hostage by the Maze ransomware group in the last four days with these attacks being part of a wider campaign possibly affecting between 45 and 180 total victims in January. Maze is using a somewhat unique tactic with its latest victims. Instead of simply placing a ransom note on the infected system and waiting for payment,…
Read More
05 Feb 2020
By Mary

InfoSec News Nuggets 2/5/2020

1 - Magecart group jumps from Olympic ticket website to new wave of e-commerce shops A Magecart group has expanded its operations by compromising not only an Olympic ticket reseller but also a number of other websites referencing a single malicious domain hosting the underlying skimmer code. Magecart is a term used to describe the use of skimmer code to compromise e-commerce payment platforms. Legitimate websites seemingly fine to trust -- the British Airways portal and Ticketmaster being prime examples…
Read More
04 Feb 2020
By Mary

InfoSec News Nuggets 2/4/2020

1 - $20,000 up for grabs in Xbox Live security hole hunt Microsoft is inviting gamers, security researchers, and technologists to pit their wits against the Xbox network in the search for security vulnerabilities. With a newly-announced bug bounty, Microsoft is inviting bug hunters to responsibly disclose bugs and flaws that could potentially be exploited by criminals. The company’s hope is clearly that by strengthening the Xbox Live network it will improve the experience for the…
Read More
03 Feb 2020
By Mary

InfoSec News Nuggets 2/3/2020

1 - Tinder and Bumble under investigation over underage use, sex offenders, and data handling Yesterday, the US House Oversight and Reform subcommittee announced an investigation into popular dating apps including Tinder, Grindr, and Bumble for allegedly allowing minors and convicted sex offenders to use their services. In a press release issued yesterday, the Chairman of the subcommittee, Raja Krishnamoorthi, sent letters to Match Group, Inc — the parent company of major dating apps — seeking…
Read More
31 Jan 2020
By Mary

InfoSec News Nuggets 1/31/2020

1 - Avast Antivirus Is Shutting Down Its Data Collection Arm, Effective Immediately Avast, an antivirus program with more than 435 million users worldwide, said it will stop collecting and selling the private web browsing histories of its users following a joint investigation by Motherboard and PCMag into the sale of that data. In addition, Avast said it will completely shut down Jumpshot, the subsidiary company it used to sell this data. Our investigation found that Avast,…
Read More
30 Jan 2020
By Mary

InfoSec News Nuggets 1/30/2020

1 - Hackers stole $13,103.91 from me. Learn from my mistakes. It began with dumplings. When I got an email at midnight last March from Grubhub notifying me that my order from Dumpling Depot was on its way to an address 3,000 miles away from my location in New York City, I thought there must have been some mistake. And there was: mine. Because I didn’t take a few basic internet security precautions, hackers robbed…
Read More
29 Jan 2020
By Mary

InfoSec News Nuggets 1/29/2020

1 - Watch out Google. You've got competition. Verizon has a new 'privacy-focused' search engine Verizon has slung out a new, privacy-focused search engine in an effort to win over customers who prefer not to have their browsing habits tracked by ad-slingers and the like. Verizon said the new search engine, named One Search, won't share user's personal information with advertisers, or store their search history. A new "Advanced Privacy Mode" will encrypt search terms…
Read More
28 Jan 2020
By Mary

InfoSec News Nuggets 1/28/2020

1 - Leaked Documents Expose the Secretive Market for Your Web Browsing Data An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in…
Read More
27 Jan 2020
By Mary

InfoSec News Nuggets 1/27/2020

1 - Canadian teen calls cops after fake ID doesn’t arrive, prompts police warning on identity theft scams A Canadian teen’s bizarre call to police on Tuesday to report that the fake ID they ordered online never arrived has authorities stepping up efforts to warn of potential identity theft scams. Const. Ed Sanchuk, of the Ontario Provincial Police, West Region, shared in a video message Wednesday that an unnamed Norfolk County teenager reported the fraud. An investigation determined the teen found an online seller who…
Read More
24 Jan 2020
By Mary

InfoSec News Nuggets 1/24/2020

1 - Soft robotic hands may soon have a firm grip on the industry Soft Robotics, a company that develops enterprise level soft robotic grippers for a variety of materials handling and pick and place applications, is on a roll. After securing a high level strategic partnership in 2019, the company has announced an oversubscribed Series B worth $23M. Back in December, Soft Robotics rolled out an innovative adaptable gripper system designed especially to work with FANUC robots…
Read More
23 Jan 2020
By Mary

InfoSec News Nuggets 1/23/2020

1 - FBI Warns Job Applicants of Scams Using Spoofed Company Sites FBI's Internet Crime Complaint Center (IC3) today issued a public service announcement to warn about scammers using spoofed company websites and fake job listings to target applicants. "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores," the FBI says. "While hiring…
Read More
22 Jan 2020
By Mary

InfoSec News Nuggets 1/22/2020

1 - Smart homes will turn dumb overnight as Charter kills security service Charter is killing its home-security service and telling customers that security devices they've purchased will stop working once the service is shut down on February 5. The impending shutdown and customers' anger at Charter—a cable company also known by the brand name "Spectrum"—has been widely reported over the past month. Over the years, some customers have spent large sums on products that will no longer work.…
Read More
21 Jan 2020
By Mary

InfoSec News Nuggets 1/21/2020

1 - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices…
Read More
20 Jan 2020
By Mary

InfoSec News Nuggets 1/20/2020

1 - Georgia election server showed signs of tampering, expert says A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. The server was left exposed to the open internet for at least six months, a problem the same expert discovered in August 2016. It was subsequently wiped clean in mid-2017 with no notice, just…
Read More
17 Jan 2020
By Mary

InfoSec News Nuggets 1/17/2020

1 - Proof-of-concept exploits published for the Microsoft-NSA crypto bug Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher…
Read More
16 Jan 2020
By Mary

InfoSec News Nuggets 1/16/2020

1 - Production company data breach exposes personal data of Dove ‘real people’ ad participants A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign. The company inadvertently exposed the data, which included bank details and passport scans, by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket. This meant…
Read More
15 Jan 2020
By Mary

InfoSec News Nuggets 1/15/2020

1 - Texas school district falls for email scam, hands over $2.3 million A successful phishing scam has left a Texan school district $2.3 million out of pocket. Last week, the Manor Independent School District, in Manor, Texas, said an inquiry is underway to track down the cybercriminals responsible for the fraudulent email campaign. Phishing emails were sent to the organization in November, leading to three separate transactions taking place. An employee uncovered the scheme a month later,…
Read More
14 Jan 2020
By Mary

InfoSec News Nuggets 1/14/2020

1 - Australia Bushfire Donors Affected by Credit Card Skimming Attack Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off…
Read More
13 Jan 2020
By Mary

InfoSec News Nuggets 1/13/2020

1 - Facebook Is Forcing Its Moderators to Log Every Second of Their Days — Even in the Bathroom When Valera Zaicev began working in Dublin as one of Facebook’s moderators a couple years ago, he knew he’d be looking at some of the most graphic and violent content on the internet. What he didn’t know was that Facebook would be counting the seconds of his bathroom breaks. “People have to clock in and clock…
Read More
10 Jan 2020
By Mary

InfoSec News Nuggets 1/10/2020

1 - Jussie Smollett investigation: Judge orders Google to turn over a full year of the actor’s data as part of special prosecutor probe A Cook County judge has ordered Google to turn over Jussie Smollett’s emails, photos, location data and private messages for an entire year as part of the special prosecutor’s investigation into the purported attack on the actor. Two sweeping search warrants, obtained by the Chicago Tribune, provide the first public glimpse…
Read More
09 Jan 2020
By Mary

InfoSec News Nuggets 1/9/2020

1 - U of O gives notice of potential privacy breach impacting 188 people The University of Ottawa has given notice of a potential privacy breach impacting 188 people, including elementary and high school students who attended a summer program on campus. The breach stems from an incident in late November 2019 when a password-protected laptop was stolen from a university employee’s vehicle, the administration said in a press release on Friday. The laptop was used for Destination Clic,…
Read More
08 Jan 2020
By Mary

InfoSec News Nuggets 1/8/2020

1 - Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say. Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when customers pay inside, the pump…
Read More
07 Jan 2020
By Mary

InfoSec News Nuggets 1/7/2020

1 - U.S. Government Issues Warning About Possible Iranian Cyberattacks Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq. "Given recent developments, re-upping our statement from the summer," Krebs said in a rare warning on Twitter.  "Bottom line: time to brush up on Iranian TTPs and pay close…
Read More
06 Jan 2020
By Mary

InfoSec News Nuggets 1/6/2020

1 - CCPA Kickoff: What Businesses Need to Know New year, new privacy regulations: The California Consumer Privacy Act (CCPA) went into effect on January 1, marking the start of a widespread law that will likely have implications beyond state lines. For businesses, it's high time to think about what this means and how to get ahead. CCPA, the original version of which was passed in 2018, was introduced to protect the personal data of…
Read More
03 Jan 2020
By Mary

InfoSec News Nuggets 1/3/2020

1 - Apple answers dev concerns that location tracking alerts will upset users When Apple released iOS 13 towards the end of September 2019 it brought with it a new warning that told users when an app repeatedly accessed their location data in the background. A new Wall Street Journal report (via MacRumors) notes that developers are worried that the alerts will make users doubt their apps. But Apple isn't concerned. According to the report…
Read More
02 Jan 2020
By Mary

InfoSec News Nuggets 1/2/2020

1 - Secure New Internet-Connected Devices During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in…
Read More
31 Dec 2019
By Mary

InfoSec News Nuggets 12/31/2019

1 - 160,000 Belgian Allianz Partners clients affected by data theft An Allianz Partners strongbox containing back-up copies of data related to disaster claims was stolen in the Netherlands in August, the insurance and assistance company disclosed on Friday. According to an audit and analysis of the documents concerned, the strongbox contained data on 160,000 Belgian customers who had filed claims for disasters or breakdowns under their assistance contracts or travel insurance. The strongbox was…
Read More
30 Dec 2019
By Mary

InfoSec News Nuggets 12/30/2019

1 - A Twitter app bug was used to match 17 million phone numbers to user accounts A security researcher said he has matched 17 million phone numbers to Twitter  user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. He said…
Read More
27 Dec 2019
By Mary

InfoSec News Nuggets 12/27/2019

1 - Chinese malware broker behind US hacks is now teaching computer skills in China A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on Internet security. Mr Yu Pingan, who spent 18 months in a San Diego federal detention centre, had pleaded guilty to conspiracy to commit computer hacking.…
Read More
26 Dec 2019
By Mary

InfoSec News Nuggets 12/26/2019

1 - Apple eyes satellite internet for data project Apple is reportedly hiring engineers to help deliver a satellite project that would beam internet services directly to devices without the aid of mobile networks. Bloomberg reports that Apple has an early stage project with about 12 engineers from the aerospace, satellite and antenna design industries who hope to launch the project within five years. Exactly what Apple is cooking up is not clear and it could have…
Read More
23 Dec 2019
By Mary

InfoSec News Nuggets 12/23/2019

1 - FBI program offers companies data protection via deception The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some…
Read More
20 Dec 2019
By Mary

InfoSec News Nuggets 12/20/2019

1 - The weird future of brain-computer interfaces: Replacing passwords with thoughts and mind-reading bosses who can tell when you are bored Brain computer interfaces may sound futuristic, but adoption of such systems -- which allow signals from the brain to be recorded or used to control technology -- is on the rise. Much of the development work going on around BCIs is focused on medical uses for the tech, but consumer applications of BCIs…
Read More
19 Dec 2019
By Mary

InfoSec News Nuggets 12/19/2019

1 - ISIS Is Experimenting with This New Blockchain Messaging App The Islamic State has discovered blockchain. The technology that powers cryptocurrencies like bitcoin and ethereum promises to revolutionize almost all facets of society, from payment processing to online voting. Now ISIS is actively testing a blockchain-based messaging app that could provide everything it needs to thrive: secure, anonymous communication, a tamper-proof repository for beheading videos and other ISIS propaganda, and perhaps most ominously, the…
Read More
18 Dec 2019
By Mary

InfoSec News Nuggets 12/18/2019

1 - Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.…
Read More
17 Dec 2019
By Mary

InfoSec News Nuggets 12/17/2019

1 - Prosecutors say a man stole $88,000 from a bank vault. The FBI caught him after he flashed stacks of bills on social media. If you're systematically stealing money from a bank vault, it may not be a good idea to post the evidence on your social media pages. A bank employee in Charlotte, North Carolina, allegedly stole $88,000 from the bank's vault, according to a release from the United States Attorney's Office Western District of…
Read More
16 Dec 2019
By Mary

InfoSec News Nuggets 12/16/2019

1 - Google rolls out Verified SMS and Spam Protection in Android Google announced today two updates for Messages, the default SMS app in the Android mobile operating system. Starting today, Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. As the name of the first feature hints, Verified SMS works by confirming the identity of the SMS sender. "When a message is…
Read More
13 Dec 2019
By Mary

InfoSec News Nuggets 12/13/2019

1 - ‘Canadian eyes only’ intelligence reports say Canadian leaders attacked in cyber campaigns Russia is one of the hostile foreign states that has targeted Canada in recent “cyber influence” campaigns, according to secret intelligence records obtained exclusively by Global News. The records from Canada’s Communications Security Establishment (CSE) — labelled “Secret: Canadian Eyes Only” — say that due to their policies in eastern Europe, then-Minister of Foreign Affairs Chrystia Freeland and Minister of National…
Read More
11 Dec 2019
By Mary

InfoSec News Nuggets 12/11/2019

1 - Bitcoin-hungry hackers broke their own decryption tool, analysts warn Cybersecurity researchers warn that paying Bitcoin $BTC▼2.23% to retrieve files locked by the prolific Ryuk ransomware may still result in data loss. This means that Ryuk‘s latest victims are stuck between a rock and a hard place. If they refuse to send their attackers Bitcoin, they’ll lose access to their data altogether, but if they pay, the hackers will provide them with a decryption tool that doesn’t work. Software…
Read More
10 Dec 2019
By Mary

InfoSec News Nuggets 12/10/2019

1 - Britain investigating whether leaked trade papers were hacked British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.  Beside the fears that Russia could be meddling in another Western election, the disclosure of the classified documents has raised questions about the security of sensitive discussions between the United States and one of its…
Read More
09 Dec 2019
By Mary

InfoSec News Nuggets 12/09/2019

1 - Facebook accuses two Chinese nationals of using hacked accounts to spread ads Facebook is taking action against two Chinese nationals and a Hong Kong advertising firm for allegedly using the social media platform to distribute malware, then push misleading advertisements to try to make money. The lawsuit filed Thursday in the Northern District of California accuses ILikeAd Media International Company Ltd. and two individuals, Chen Xiao Cong and Huang Tao, of involvement with a…
Read More
06 Dec 2019
By Mary

InfoSec News Nuggets 12/06/2019

1 - How Internet resources worth R800 million were stolen and sold on the black market The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC is also a shareholder of a company that received money for selling IP…
Read More
05 Dec 2019
By Mary

InfoSec News Nuggets 12/05/2019

1 - Messaging / Smishing Attacks One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself…
Read More
04 Dec 2019
By Mary

InfoSec News Nuggets 12/04/2019

1 - Apple's tap-and-go Express payments come to London public transport Paying for daily necessities using your phone might feel like the future, but the reality can sometimes be slower as mobile payments require authentication that can take time to approve. To combat this issue, Apple has brought its Express feature to London, making it far quicker and easier to use Apple Pay on services like the Tube. Apple's Express Mode can now be used on all Transport…
Read More
02 Dec 2019
By Mary

InfoSec News Nuggets 12/02/2019

1 - Top Senate Democrats unveil new online privacy bill, promising tough penalties for data abuse Senate Democrats on Tuesday proposed tough new punishments for Facebook, Google and other Silicon Valley tech giants that mishandle their users’ personal data, unveiling a sweeping new online privacy bill that aims to provide people their “Miranda rights” for the digital age. The effort, led by Sen. Maria Cantwell, a Washington state Democrat who previously worked in the tech…
Read More