08 Jun 2021
By Mary

InfoSec News Nuggets 06/08/2021

US truck and military vehicle maker Navistar discloses data breach Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. The company disclosed the attack in an 8-K report filed with the Securities and Exchange Commission (SEC) on Monday. Navistar says that its operations haven't been affected despite the security breach as its IT…
Read More
07 Jun 2021
By Mary

InfoSec News Nuggets 06/07/2021

Colonial Pipeline Hackers Used Unprotected VPN to Access Network The ransomware attack that took down the Colonial Pipeline and caused fuel shortages on the East Coast worked because of an unprotected Virtual Private Network (VPN). The criminal gang of hackers known as DarkSide who took responsibility for the attack gained access to the Pipeline's system through an unprotected VPN account that had been set up to allow employees to access the company's computer networks remotely, according to…
Read More
04 Jun 2021
By Mary

InfoSec News Nuggets 06/04/2021

1 - NY transit officials confirm cyberattack; say harm limited Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America's largest transit system, MTA officials confirmed on Wednesday. The officials said in a statement that that agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk. The MTA insisted that…
Read More
03 Jun 2021
By Mary

InfoSec News Nuggets 06/03/2021

1 - Russian underground forums launch competitions for cryptocurrency, NFT hacks Cybercriminals in underground forums have been soliciting techniques for compromising cryptocurrency services. Capture the Flag competitions, conference calls for papers, and gamification in cybersecurity courses designed to equip learners with hands-on skills are all common in the white hat realm, but in opposition, contests are also being launched by cybercriminals to create new offensive techniques.  Over the past month, according to Intel 471, operators of…
Read More
02 Jun 2021
By Mary

InfoSec News Nuggets 06/02/2021

1 - Hackers are targeting employees returning to the post-COVID office With COVID-19 restrictions lifting and employees starting to make their way back into offices, hackers are being forced to change tack. While remote workers have been scammers’ main target for the past 18 months due to the mass shift to home working necessitated by the pandemic, a new phishing campaign is attempting to exploit those who have started to return to the physical workplace.…
Read More
01 Jun 2021
By Mary

InfoSec News Nuggets 06/01/2021

1 - Cryptocurrency scam attack on Twitter reminds users to check their app connections Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it’s possible that you’ve overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers. That’s a lesson that internet entrepreneur…
Read More
28 May 2021
By Mary

InfoSec News Nuggets 05/28/2021

1 - NASA Identified Over 6,000 Cyber Incidents in Past 4 Years The U.S. National Aeronautics and Space Administration (NASA) identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA’s Office of Inspector General. NASA has institutional systems, which are used for the day-to-day work of employees — these include data centers, web services, computers and networks. It also has mission systems, which support its…
Read More
27 May 2021
By Mary

InfoSec News Nuggets 05/27/2021

1 - Bitdefender’s Position on Ransomware Attacks and Decryptors This week Bitdefender was named in a press article regarding our decision to release a free decryptor in January 2021 to help those affected by Darkside ransomware. The authors of the article assert that publicly releasing a ransomware decryptor enables malicious actors to modify their methods to evade future decryption, thus increasing the risk of successful future attacks. This assertion is flawed from a common sense…
Read More
26 May 2021
By Mary

InfoSec News Nuggets 05/26/2021

1 - Russia makes good on its threat to fine Google over 'illegal' internet content Russian authorities on Tuesday fined Google 6 million rubles, or just under $82,000, after the company failed to comply with Moscow's demands to delete prohibited online content. On Monday, Russia's internet watchdog, Roskomnadzor, gave Google 24 hours to delete more than 26,000 instances of online media considered to be illegal in the country. If their demands weren't met, authorities threatened to…
Read More
25 May 2021
By Mary

InfoSec News Nuggets 05/25/2021

1 - Audio maker Bose discloses data breach after ransomware attack Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March. In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that it "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment." "Bose first detected the malware/ransomware on Bose's U.S. systems on March 7,…
Read More
24 May 2021
By Mary

InfoSec News Nuggets 05/24/2021

1 - The Cybersecurity 202: Cybersecurity pros are split on banning ransomware payments Some cybersecurity pros want to ban ransomware victims from paying hackers to unlock their computer systems. They argue it’s the only way to halt a wave of debilitating and increasingly brazen cyberattacks for profit. But such bans could do more harm than good, forcing companies out of business if they can’t get back online, other experts warn. They could also endanger lives…
Read More
21 May 2021
By Mary

InfoSec News Nuggets 05/21/2021

1 - Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents Toyota has admitted to a pair of cyber-attacks. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. In a statement [PDF] dated May 16th, Daihatsu said it “experienced a problem in accessing its file server in the internal system on 14 May 2021.” “After a brief investigation, a cyber-attack by an unauthorized access…
Read More
20 May 2021
By Mary

InfoSec News Nuggets 05/20/2021

1 - Introducing Site Isolation in Firefox When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it was clear that with the evolving techniques of malicious actors on the web, we needed to redesign Firefox to mitigate future variations of such vulnerabilities and to keep you safe when browsing the web! We are excited to announce that Firefox’s new Site Isolation…
Read More
19 May 2021
By Mary

InfoSec News Nuggets 05/19/2021

1 - iPhone calendar spam attacks on the rise Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as “calendar spam.” Calendar spam became a big problem for Apple’s iCloud calendars back in 2016. At…
Read More
18 May 2021
By Mary

InfoSec News Nuggets 05/18/2021

1 - Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service. As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time…
Read More
17 May 2021
By Mary

InfoSec News Nuggets 05/17/2021

1 - Bitcoin And Alternative Cryptos In The Cybercriminal Underground The popularity of Bitcoin and cryptocurrencies continue to progress in the modern-day, with drastically surging valuations. Notably, Bitcoin surpassed its all-time high of USD 20,000 (in 2017) to achieve an eye-watering USD 60,000 at the time of writing (April 2021). And while legislation and law enforcement continue to try to get a stranglehold on the growing cryptocurrency space, cybercriminality has been at the forefront of…
Read More
14 May 2021
By Mary

InfoSec News Nuggets 05/14/2021

1 - I Mailed an AirTag and Tracked Its Progress I live near Stratford-upon-Avon, in the United Kingdom, and I sent the AirTag to a friend south of London. I mailed this AirTag on Friday afternoon, and, with first-class postage, I expected the envelope to be delivered the next day. The AirTag weighs a mere 11g, so I put one taped to a card, then in a small bubble envelope for protection. I dropped it…
Read More
13 May 2021
By Mary

InfoSec News Nuggets 05/13/2021

1 - US Questions Whether Businesses Should Pay Cyberattack Ransom In the wake of a situation last weekend in which a group of hackers shut down a U.S. oil pipeline, the White House is thinking about whether there’s merit to making ransom payments to cyberattackers, the Financial Times (FT) reported. The oil pipeline situation highlighted a serious threat to critical infrastructure, according to FT. The FBI has long been opposed to making ransom payments to attackers saying that doing so would only…
Read More
12 May 2021
By Mary

InfoSec News Nuggets 05/12/2021

1 - Amazon Fake Reviews Scam Exposed in Data Breach The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities.…
Read More
11 May 2021
By Mary

InfoSec News Nuggets 05/11/2021

1 - Thousands of Tor exit nodes attacked cryptocurrency users over the past year For more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites. The attacks, which began in January 2020, consisted of adding servers to the Tor network and marking them as “exit relays,” which are the servers through which traffic…
Read More
10 May 2021
By Mary

InfoSec News Nuggets 05/10/2021

1 - Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable ON THURSDAY, TWITTER continued its grand tradition of embracing features users had unofficially pioneered (see also: the @-reply, the retweet, the hashtag) by instituting a Tip Jar. Enjoy someone’s tweet? Send them some money straight from the app, via the online payment processor of their choice. Simple enough. And yet, predictably, not so simple, especially for those who value their anonymity online. Within a few hours…
Read More
07 May 2021
By Mary

InfoSec News Nuggets 05/07/2021

1 - Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know A new SMS malware campaign capable of stealing passwords and banking credentials has started spreading like wildfire in recent weeks. So much so that mobile carriers and law enforcement agencies alike have been prompted to issue warnings about the so-called FluBot campaign. "What's unique about the campaign is that it has different kill chains depending on whether the target uses…
Read More
06 May 2021
By Mary

InfoSec News Nuggets 05/06/2021

1 - Vishing — Phone Call Attacks and Scams When you think of a cyber criminal you probably think of an evil mastermind sitting behind a computer, launching sophisticated attacks over the internet. While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims. There are two big advantages to using a phone: Unlike other attacks, there are fewer security technologies that can detect and stop a…
Read More
05 May 2021
By Mary

InfoSec News Nuggets 05/05/2021

1 - IoT privacy and security concerns There is a famous hacking story that’s become something of an urban legend in the cyber security industry - about a casino that had its IT network infiltrated via an internet-connected fish tank. It’s said that the tank's IoT thermometer was used to access the casino’s entire system and extract data on its clientele. It's a rather extreme example of what could happen, but serves to highlight an important…
Read More
04 May 2021
By Mary

InfoSec News Nuggets 05/04/2021

1 - Ford's Ever-Smarter Robots Are Speeding Up the Assembly Line IN 1913, HENRY Ford revolutionized car-making with the first moving assembly line, an innovation that made piecing together new vehicles faster and more efficient. Some hundred years later, Ford is now using artificial intelligence to eke more speed out of today’s manufacturing lines. At a Ford Transmission Plant in Livonia, Michigan, the station where robots help assemble torque converters now includes a system that uses AI to learn from previous attempts how to…
Read More
03 May 2021
By Mary

InfoSec News Nuggets 05/03/2021

1 - European Commission finds Apple's App Store in violation of EU competition rules Apple is currently facing several antitrust battles across the US, Europe, and Australia, for allegedly exerting monopolistic power over the App Store and using it to put competitors at a disadvantage. This has even led to the creation of a "Coalition for App Fairness" to promote freedom of choice and the idea of alternative app stores in the Apple ecosystem. Following a…
Read More
30 Apr 2021
By Mary

InfoSec News Nuggets 04/30/2021

1 - US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web’s most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog’s mastermind, according to court documents. Created in…
Read More
29 Apr 2021
By Mary

InfoSec News Nuggets 04/29/2021

1 - Instagram rolls out new features to help prevent cyberbullying Instagram has unveiled new tools to help combat cyberbullying and other abusive behavior on the platform – a filter that will prevent users from seeing abusive Direct Messages (DMs) and a tool to stop someone a user has blocked from contacting them from another account. “We understand the impact that abusive content – whether it’s racist, sexist, homophobic, or any other kind of abuse – can…
Read More
28 Apr 2021
By Mary

InfoSec News Nuggets 04/28/2021

1 - Reverb discloses data breach exposing musicians' personal info Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online. Reverb is the largest online marketplace devoted to selling new, used, and vintage musical instruments and equipment. Today, Reverb customers began receiving data breach notifications stating that customer information was exposed, including customers' names, addresses, phone numbers, and email addresses. While Reverb's notification does not…
Read More
27 Apr 2021
By Mary

InfoSec News Nuggets 04/27/2021

1 - Password manager Passwordstate hacked to deploy malware on customer systems A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users’ devices, most of which are enterprise customers. Click Studios, the Australian software firm behind Passwordstate, has notified its 29,000 customers earlier today via email. According to a copy of the company’s communications, obtained by Polish tech news site Niebezpiecznik, the malware-laced update was live for…
Read More
26 Apr 2021
By Mary

InfoSec News Nuggets 04/26/2021

1 - Costco Issues Scam Warning Costco Wholesale Corporation is warning American internet users to be wary of more than a dozen digital scams targeting its customer base. On its website, the American multinational corporation has published screenshots of 14 "prominent fraudulent emails, texts, and posts" in which cyber-criminals are impersonating Costco. The majority of the traps use financial benefits to lure victims, promising free products, financial reimbursements, exclusive offers, cash-back rewards, and gift cards worth $50. Many try to…
Read More
23 Apr 2021
By Mary

InfoSec News Nuggets 04/23/2021

1 - Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned The Linux kernel is one of the largest software projects in the modern history; with a gigantic 28 millions lines of code. Contributors from all over the world and from different fields submit a large number of patches each day to the Linux kernel maintainers, so that they get reviewed before being officially merged to the official Linux kernel tree.…
Read More
22 Apr 2021
By Mary

InfoSec News Nuggets 04/22/2021

1 - Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’ An internal email accidentally leaked by Facebook to a journalist has revealed the firm's intentions to frame a recent data scraping incident as "normalized" and a "broad industry issue." Facebook has recently been at the center of a data scraping controversy. Earlier this month, Hudson Rock researchers revealed that information belonging to roughly 533 million users had been posted online, including phone numbers, Facebook…
Read More
21 Apr 2021
By Mary

InfoSec News Nuggets 04/21/2021

1 - EFF Will Tell Copyright Office That Consumers Should Have the Freedom to Fix, Modify Digital Devices They Own On Tuesday, April 20, and Wednesday, April 21, experts from the Electronic Frontier Foundation (EFF) fighting copyright abuse will testify at virtual hearings held by the Copyright Office in favor of exemptions to the Digital Millennium Copyright Act (DMCA) so people who have purchased digital devices—from cameras and e-readers to smart TVs—can repair or modify them,…
Read More
20 Apr 2021
By Mary

InfoSec News Nuggets 04/20/2021

1 - “Huge upsurge” in DDoS attacks during pandemic Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at length. And even a record-breaking year in Distributed Denial of Service (DDoS) attacks might have been expected as it follows the upward trend over the years.…
Read More
16 Apr 2021
By Mary

InfoSec News Nuggets 04/16/2021

1 - Capcom: Ransomware gang used old VPN device to breach the network Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network. In typical fashion for human-operated…
Read More
15 Apr 2021
By Mary

InfoSec News Nuggets 04/15/2021

1 - DuckDuckGo can now block the Google Chrome tracking method, FLoC In an attempt to better track users and predict their search habits, Google Chrome has developed FLoC (Federated Learning of Cohorts). FLoC provides visibility into user data to any website that desires this information. In fact, FLoC places each user in an ID group to help websites recognize and target individuals. In response, the alternative search engine DuckDuckGo has come out with an extension for…
Read More
14 Apr 2021
By Mary

InfoSec News Nuggets 04/14/2021

1 - Clubhouse CEO says user data was not leaked, contrary to reports Clubhouse CEO Paul Davison said Sunday that a report claiming personal user data had been leaked was “false.” Cyber News reported a SQL database with users’ IDs, names, usernames, Twitter and Instagram handles and follower counts were posted to an online hacker forum. According to Cyber News, it did not appear that sensitive user information such as credit card numbers were among the leaked info. Clubhouse did…
Read More
13 Apr 2021
By Mary

InfoSec News Nuggets 04/13/2021

1 - LinkedIn confirmed that it was not a victim of a data breach LinkedIn has issued a formal statement to deny that the recent leak that exposed the account details of more than 500 million of its registered users was caused by a security breach. A threat actor has put for sale on a popular hacker forum an archive containing data purportedly scraped from 500 million LinkedIn profiles, with another 2 million records leaked as a proof-of-concept…
Read More
12 Apr 2021
By Mary

InfoSec News Nuggets 04/12/2021

1 - Hackers Hacked as Underground Carding Site is Breached Thousands of cyber-criminals have had their personal data leaked online after a popular carding forum was hacked, according to Group-IB. The Singapore-based security firm said it discovered that data belonging to users of the Swarmshop site was leaked to another underground forum on March 17. “The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and…
Read More
09 Apr 2021
By Mary

InfoSec News Nuggets 04/09/2021

Italian man arrested after allegedly paying hitman in cryptocurrency According to a Europol alert on Wednesday, the suspect dove into the darkest corners of the internet to find a hitman and eventually located a website claiming to offer these services on the dark web. It is necessary to use the Tor network to access the deep web -- an underlayer that is not indexed by typical search engines -- and a sector of this area, known as the…
Read More
08 Apr 2021
By Mary

InfoSec News Nuggets 04/08/2021

Crooks are getting smarter about exploiting SAP software, study finds Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker…
Read More
07 Apr 2021
By Mary

InfoSec News Nuggets 04/07/2021

Microsoft delays full reopening of its offices to at least September Microsoft is joining the chorus of tech companies pushing their office reopenings to late 2021 as the COVID-19 pandemic potentially winds down. The Verge has confirmed a Business Insider report that Microsoft has delayed its full reopening from July to at least September 7th. The move is a response to "continued consultation with health and data experts," a spokesperson said. In an email to staff, executive VP Kurt DelBene said the delay gave "additional…
Read More
06 Apr 2021
By Mary

InfoSec News Nuggets 04/06/2021

Technology could make fighting COVID less restrictive but privacy will take a hit Now that the world has completed a full circuit around the Sun with COVID as a passenger, it is possible to see which jurisdictions responded well, and which are still struggling to come to grips with the virus. Two of the nations held up as exemplars of how to fight COVID were Taiwan and New Zealand, but the approaches were very different: One has…
Read More
05 Apr 2021
By Mary

InfoSec News Nuggets 04/05/2021

Virginia lawmakers unanimously approve bill that bans facial recognition technology In February, Virginia lawmakers from both parties unanimously approved a bill that would restrict the use of facial recognition technology. Right now, law enforcement agencies across the state can use this technology without the knowledge of local or state leaders. Your images could be in these systems without you even knowing it. Under the bill, any law enforcement agency using facial recognition technology must stop, and they…
Read More
02 Apr 2021
By Mary

InfoSec News Nuggets 04/02/2021

Update on campaign targeting security researchers In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.” The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and…
Read More
01 Apr 2021
By Mary

InfoSec News Nuggets 04/01/2021

Research shows Google collects 20x more data from Android than Apple collects from iOS Tech companies have been talking more about privacy in recent years, and Apple proudly says that it protects user data more than anyone else. This week, new research by Douglas Leith from Trinity College showed that Google collects up to 20 times more data from Android users compared to the data Apple collects from iOS users.  As reported by Ars Technica, the…
Read More
31 Mar 2021
By Mary

InfoSec News Nuggets 03/31/2021

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology. A class-action suit (PDF) in the Circuit Court of the Fifth Judicial Circuit In and For Lake County,…
Read More
30 Mar 2021
By Mary

InfoSec News Nuggets 03/30/2021

Ransomware gang leaks data from US military contractor the PDI Group A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack. The victim is the PDI Group, an Ohio-based company that manufactures a wide range of ground support equipment for military needs, such as dollies, trollies, and platforms for transporting weapons, engines, and airplane parts during servicing operations. On Tuesday, the…
Read More
29 Mar 2021
By Mary

InfoSec News Nuggets 03/29/2021

Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned. The data breach allegedly exposed the email addresses, IP addresses, usernames, and hashed passwords of 297,744 users. Have I Been Pwned announced the data breach on Tuesday, saying the breach happened last week. On the Carding Mafia forum and its public…
Read More