InfoSec News Nuggets 7/26/2024

Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest. Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information…
Read More

InfoSec News Nuggets 7/25/2024

UNVEILING THE SCAM: HOW FRAUDSTERS ABUSE LEGITIMATE BLOCKCHAIN PROTOCOLS TO STEAL YOUR CRYPTOCURRENCY WALLET Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens on Ethereum and other popular blockchains, locking over $1.8 trillion in trading volume and 350 million swaps. As…
Read More

InfoSec News Nuggets 7/24/2024

Fake CrowdStrike repair manual pushes new infostealer malware CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows…
Read More

InfoSec News Nuggets 7/23/2024

CrowdStrike aftermath: Microsoft claims it cannot legally implement the same protections as Apple The CrowdStrike aftermath is seeing IT teams around the world struggle to restore the 8.5 million Windows PCs taken out by the bug. The mess included thousands of flights cancelled, health centers unable to make appointments, retailer payment terminals down, and even some 911 services unavailable. Macs weren’t affected thanks to protections put in place by Apple, but Microsoft has reportedly claimed that antitrust law means it’s unable…
Read More

InfoSec News Nuggets 7/22/2024

Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet A notorious cybercriminal group known as FIN7 advertises its custom tool for security evasion on darknet forums and sells it to other criminal gangs, researchers have found. The tool, known as AvNeutralizer, is used by criminal hackers to bypass threat detection systems on victims' devices. Researchers have previously discovered that the tool was used exclusively for six months by another hacker group,…
Read More

InfoSec News Nuggets 7/19/2024

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years An elusive and highly covert Chinese hacking group tracked as GhostEmperor — notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia — has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. Cybersecurity company Sygnia, in a report published Wednesday, said it…
Read More

InfoSec News Nuggets 7/18/2024

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls Well known for targeting victims with fake job postings, North Korea state-sponsored hackers have been discovered using a new variant of their BeaverTail malware to trick macOS users into downloading a malicious version of Microtalk, a video-calling service. Details about the latest campaign were published by cybersecurity researcher Patrick Wardle, who explained in his writeup that the threat actors likely lured their victims into downloading the…
Read More

InfoSec News Nuggets 7/17/2024

Email addresses of 15 million Trello users leaked on hacking forum A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists. In January, BleepingComputer reported that a threat actor known as 'emo' was selling profiles for 15,115,516 Trello members on a…
Read More

InfoSec News Nuggets 7/16/2024

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year. The theory is that cybercriminals may have picked up on a flaw in the method Squarespace used to migrate Google Domains customer data over to its servers, allowing them to guess the email addresses associated with admin accounts and register the account…
Read More

InfoSec News Nuggets 7/15/2024

Banks in Singapore to phase out one-time passwords in 3 months The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and other scams. "The use of OTP was introduced in…
Read More

InfoSec News Nuggets 7/10/2024

Roblox vendor data breach exposes dev conference attendee info  Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. Roblox is an online gaming and game creation platform popular among younger audiences that design, create, and share games with a large community of over 200 million active users. The company hosts an annual Roblox Developer Conference (RDC) event that helps developers network, learn, and share…
Read More

InfoSec News Nuggets 7/8/2024

OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report  A hacker reportedly stole information on OpenAI's new technologies last year by breaking into the company's internal messaging systems. The messages from a company-wide meeting in April last year had employees discussing details of new artificial intelligence technologies, the New York Times reported, citing unnamed sources. The hacker did not access systems housing or building its applications, it said. OpenAI did not respond to a request…
Read More

InfoSec News Nuggets 7/5/2024

Twilio says hackers identified cell phone numbers of two-factor app Authy users Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. On Tuesday, Twilio confirmed to TechCrunch that “threat actors” were able to identify the phone number of people who use Authy, a popular two-factor authentication app owned by Twilio. In a post on a well-known hacking forum, the hacker or hackers known as ShinyHunters wrote that…
Read More

InfoSec News Nuggets 7/3/2024

Prudential Data Breach Victim Count Soars to 2.5M  After initially disclosing a data breach in February to the Securities and Exchange Commission (SEC) that it said was not materially impacting, Prudential Financial has updated its notice with a revised total number of affected residents — a number staggeringly higher than anticipated. More than 2.5 million individuals have been compromised by this data breach attack, rather than the 36,000 the insurance company originally said were affected. The stolen information includes…
Read More

InfoSec News Nuggets 7/2/2024

Indonesian government didn't have backups of ransomwared data, because DR was only an option Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up. The audit and revelation that Indonesia lacks a backup plan came in aftermath of ransomware attack on the nation’s Temporary National Data Center (PDNS) that took place on June 20th and resulted in widespread disruption of digital…
Read More

InfoSec News Nuggets 7/1/2024

Former IT employee accessed data of over 1 million US patients Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. Geisinger is a non-profit organization that operates 134 care sites, ten hospitals, and the Geisinger Health Plan, serving a total of 1.2 million people. It employs 26,000 staff, including 1,600 doctors, and is considered one of Pennsylvania’s most…
Read More

InfoSec News Nuggets 6/28/2024

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's…
Read More

InfoSec News Nuggets 6/27/2024

New tool detects AI-generated videos with 93.7% accuracy Earlier this year, an employee at a multinational corporation sent fraudsters $25 million. The instructions to transfer the money came—the employee thought—straight from the company's CFO. In reality, the criminals had used an AI program to generate realistic videos of the CFO and several other colleagues in an elaborate scheme. Videos created by AI have become so realistic that humans (and existing detection systems) struggle to distinguish between…
Read More

InfoSec News Nuggets 6/26/2024

French police shut down chat website reviled as 'den of predators' French law enforcement has shut down the chat website Coco, which authorities said has allowed offenders to coordinate child sexual abuse, rapes, homicides and other serious crimes. As of Tuesday, the website is no longer available and only displays a seizure notice from the French national police. According to a statement by the Paris prosecutor's office, the investigation into Coco’s operation was initiated in December 2023. France…
Read More

InfoSec News Nuggets 6/25/2024

CDK suffered another data breach as it was attempting to recover Car dealer software provider CDK has allegedly suffered a second cyberattack - as it was trying to recuperate from the first one. As a result of this follow-up attack, the company was forced to turn most of its services back offline and now says it doesn’t know how long it will take for it to restore the system. In the meantime, many major car…
Read More

InfoSec News Nuggets 6/24/2024

Australia alters CSAM detection rules after tech firms push back These rules aim to tackle CSAM content online, but changes have been made after critics said there were no safeguards to keep encryption protected. Australia’s independent online safety regulator has amended upcoming online safety rules to keep encryption protected, after the original draft faced criticism from tech companies. The rules aim to make online services do more to tackle child sexual abuse material (CSAM) and…
Read More

InfoSec News Nuggets 6/20/2024

Clever macOS malware delivery campaign targets cryptocurrency users Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorded Future’s researchers are warning. The threat actor behind this complex scheme is going after both Windows and Mac users, and leverages social media and messaging platforms to trick them into installing the apps, i.e., the malware. Vortax – supposedly in-browser virtual meeting software – looks like a legitimate app at first…
Read More

InfoSec News Nuggets 6/19/2024

Security bug allows anyone to spoof Microsoft employee emails A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team. Last week, Vsevolod Kokorin, also known online as…
Read More

InfoSec News Nuggets 6/18/2024

Genetic testing firm 23andMe investigated over hack The data watchdogs of the UK and Canada will investigate genetic testing company 23andMe over a data breach in October 2023. Hackers gained access to personal information of 6.9 million people, which in some cases included family trees, birth years and geographic locations, by using customers' old passwords. One of the things the joint taskforce will investigate is whether adequate safeguards had been put in place to protect such…
Read More

InfoSec News Nuggets 6/17/2024

Ascension hacked after employee downloaded malicious file Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension says this was likely an "honest mistake" as the employee thought they were downloading a legitimate file. The attack impacted the MyChart electronic health records system, phones, and systems used to order tests, procedures, and medications, prompting the…
Read More

InfoSec News Nuggets 6/14/2024

Cylance clarifies data breach details, except where the data came from BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn't endanger customers, yet it won't say where the information was stored originally. Saying very little about where the data came from, Cylance says it is related to company marketing between 2015 and 2018, before BlackBerry bought it, and it came from an undisclosed "third-party platform."…
Read More

InfoSec News Nuggets 6/12/2024

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI (GenAI) features – collectively dubbed Apple Intelligence, or AI for…
Read More

InfoSec News Nuggets 6/11/2024

New York Times source code stolen using exposed GitHub token Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data. "Basically all source code belonging…
Read More

InfoSec News Nuggets 6/10/2024

Nearly 400,000 affected by data breach at eye care management services company Nearly 400,000 people had sensitive healthcare information stolen by hackers during a 2023 cyberattack on a company that supports eye clinics. Colorado-based Panorama Eyecare told regulators in Maine and Massachusetts that 377,911 current and former patients and employees had data stolen — including names, Social Security numbers, dates of birth, license numbers, financial account information, dates of service and medical provider names.    Microsoft Will Switch Off Recall by Default…
Read More

InfoSec News Nuggets 6/7/2024

London hospitals declare emergency following ransomware attack A ransomware attack that crippled a London-based medical testing and diagnostics provider has led several major hospitals in the city to declare a critical incident emergency and cancel non-emergency surgeries and pathology appointments, it was widely reported Tuesday. The attack was detected Monday against Synnovis, a supplier of blood tests, swabs, bowel tests, and other hospital services in six London boroughs. The company said it has "affected all…
Read More

InfoSec News Nuggets 6/5/2024

EMEA overtakes North America as top DDoS target, says Akamai  For the first time in five years, the EMEA region (Europe, Middle East, and Africa) has surpassed North America as the most targeted area for Distributed Denial-of-Service (DDoS) attacks, according to new research from Akamai Technologies. The report, titled "Fighting the Heat: EMEA’s Rising DDoS Threats," underscores the severity of the situation, revealing that the UK is disproportionately affected, suffering over a quarter (26%) of…
Read More

InfoSec News Nuggets 6/3/2024

Cloud company Snowflake denies that reported breach originated with its products  The cloud storage provider Snowflake is denying that its products were to blame for an apparent data breach impacting the company’s clients, including Ticketmaster and Santander Bank. This week, hackers with the ShinyHunters group claimed to have stolen personal data belonging to 560 million Ticketmaster customers and 30 million Santander customers. On Friday, researchers at the firm Hudson Rock published an analysis of online interactions with hackers who claimed they…
Read More

InfoSec News Nuggets 5/31/2024

  Ukraine signs new security deals as it seeks long-term support from West  Since the start of this week, Ukraine has signed security agreements with Spain, Belgium and Portugal, adding to a list that includes a dozen other nations. The signees are pledging to provide financial, humanitarian, military and cyber support to Kyiv in its fight against Russia. All of the nations are NATO members, but the deals have been negotiated bilaterally.  The security deals are “very important to…
Read More

InfoSec News Nuggets 5/30/2024

How the DOJ is using a Civil War-era law to enforce corporate cybersecurity Amid an onslaught of high-profile cyberattacks showing how companies often neglect basic security measures, the Department of Justice is trying to use a law passed during the Civil War to put businesses on notice that these failures are unacceptable. Under the umbrella of DOJ’s Civil Cyber-Fraud Initiative, federal prosecutors have since early 2022 deployed the pointedly named False Claims Act to punish…
Read More

InfoSec News Nuggets 5/29/2024

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where the threat actor has stolen up to $100,000 a…
Read More

InfoSec News Nuggets 5/28/2024

Stark Industries Solutions: An Iron Hammer in the Cloud Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies…
Read More

InfoSec News Nuggets 5/24/2024

Dutch cybercops tracked a crypto theft to one of the world’s worst botnets After years of hacking servers to swindle millions of dollars, the notorious Ebury malware gang had slipped into the shadows by 2021. Suddenly, they reemerged with a bang. The new evidence surfaced during a police investigation in the Netherlands. A cryptocurrency theft had been reported to the Dutch National High Tech Crime Unit (NHTCU). On the victim’s server, the cybercops found a familiar foe: Ebury. The discovery…
Read More

InfoSec News Nuggets 5/23/2024

BLACKBASTA GROUP CLAIMS TO HAVE HACKED ATLAS, ONE OF THE LARGEST US OIL DISTRIBUTORS Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported. The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department…
Read More

InfoSec News Nuggets 5/22/2024

AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments In a “historic first,” 16 global AI companies have signed new commitments to safely develop AI models. The announcement was made during the virtual AI Seoul Summit, the second event on AI safety co-hosted on May 21-22 by the UK and South Korea. The Frontier AI Safety Commitments’ signatories include some of the biggest US tech giants, such as Amazon, Anthropic, Google, IBM, Microsoft…
Read More

InfoSec News Nuggets 5/21/2024

FBI takes control of notorious BreachForums cybercrime website BreachForums, one of the most popular clearnet forums for sharing stolen data, malware, and other warez, is thought to have been shutdown by the Federal Bureau of Investigation (FBI), with its backend seized, and one of its key operators allegedly arrested. As reported by BleepingComputer, clearnet (publicly accessible internet) domains belonging to BreachForums were, as of Wednesday evening, displaying the usual message from the FBI, stating the…
Read More

InfoSec News Nuggets 5/16/2024

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says  Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question." "The brothers, who studied computer science and math…
Read More

InfoSec News Nuggets 5/15/2024

Cybercriminal puts INC Ransom source code up for sale  A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports. The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in…
Read More

InfoSec News Nuggets 5/14/2024

Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them  Apple and Google announced on Monday that iPhone and Android users will start seeing alerts when it’s possible that an unknown Bluetooth device is being used to track them. The two companies have developed an industry standard called “Detecting Unwanted Location Trackers.” Starting Monday, Apple is introducing the capability in iOS 17.5 and Google is launching it on Android 6.0+…
Read More

InfoSec News Nuggets 5/13/2024

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials  Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The distribution vector for the campaign is currently unclear. However,…
Read More

InfoSec News Nuggets 5/10/2024

Ascension warns of suspected cyberattack; clinical operations disrupted Hospital operator Ascension reported disruptions to its clinical operations on Wednesday due to a suspected cybersecurity incident and advised business partners to temporarily disconnect from its systems. Earlier this year, UnitedHealth (UNH.N), opens new tab, the largest U.S. health insurer, had reported a cyberattack at its technology unit - one of the worst hacks to hit American healthcare - that caused widespread disruptions in payments to doctors and health facilities.…
Read More

InfoSec News Nuggets 5/9/2024

How to escape Honda’s privacy hell There are lots of reasons to want to shut off your car’s data collection. The Mozilla Foundation has called modern cars “surveillance machines on wheels” and ranked them worse than any other product category last year, with all 25 car brands they reviewed failing to offer adequate privacy protections. With sensors, microphones, and cameras, cars collect way more data than needed to operate the vehicle. They also share and sell that information to third parties,…
Read More

InfoSec News Nuggets 5/8/2024

This Mac Malware Can Take Screenshots of Your Computer Apple used to tout the fact that Macs didn't get viruses, and while Apple definitely has good anti-malware software, their machines are far from impervious to infection. And with Macs more popular than ever, there exists even more potential malware out there, ready to steal your data and ruin your day. The latest can even take screenshots of what's on your Mac's monitor without your knowledge. Researchers…
Read More

InfoSec News Nuggets 5/7/2024

RSA Conference 2024: What to expect Artificial intelligence will dominate this week’s RSA Conference 2024 with nearly a dozen keynotes and even more technical sessions dedicated to how the technology is reshaping the industry and fueling innovation. Keynote headliners, such as Secretary of State Antony J. Blinken, are expected to broaden the discussion to include the U.S. government’s efforts to infuse cybersecurity innovation into emerging technologies such as AI, quantum computing and biotechnology. This year’s…
Read More

InfoSec News Nuggets 5/6/2024

NSA warns of North Korean hackers exploiting weak DMARC email policies The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East…
Read More