10 Dec 2019
By Mary

InfoSec News Nuggets 12/10/2019

1 - Britain investigating whether leaked trade papers were hacked British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.  Beside the fears that Russia could be meddling in another Western election, the disclosure of the classified documents has raised questions about the security of sensitive discussions between the United States and one of its…
Read More
09 Dec 2019
By Mary

InfoSec News Nuggets 12/09/2019

1 - Facebook accuses two Chinese nationals of using hacked accounts to spread ads Facebook is taking action against two Chinese nationals and a Hong Kong advertising firm for allegedly using the social media platform to distribute malware, then push misleading advertisements to try to make money. The lawsuit filed Thursday in the Northern District of California accuses ILikeAd Media International Company Ltd. and two individuals, Chen Xiao Cong and Huang Tao, of involvement with a…
Read More
06 Dec 2019
By Mary

InfoSec News Nuggets 12/06/2019

1 - How Internet resources worth R800 million were stolen and sold on the black market The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC is also a shareholder of a company that received money for selling IP…
Read More
05 Dec 2019
By Mary

InfoSec News Nuggets 12/05/2019

1 - Messaging / Smishing Attacks One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself…
Read More
04 Dec 2019
By Mary

InfoSec News Nuggets 12/04/2019

1 - Apple's tap-and-go Express payments come to London public transport Paying for daily necessities using your phone might feel like the future, but the reality can sometimes be slower as mobile payments require authentication that can take time to approve. To combat this issue, Apple has brought its Express feature to London, making it far quicker and easier to use Apple Pay on services like the Tube. Apple's Express Mode can now be used on all Transport…
Read More
02 Dec 2019
By Mary

InfoSec News Nuggets 12/02/2019

1 - Top Senate Democrats unveil new online privacy bill, promising tough penalties for data abuse Senate Democrats on Tuesday proposed tough new punishments for Facebook, Google and other Silicon Valley tech giants that mishandle their users’ personal data, unveiling a sweeping new online privacy bill that aims to provide people their “Miranda rights” for the digital age. The effort, led by Sen. Maria Cantwell, a Washington state Democrat who previously worked in the tech…
Read More
27 Nov 2019
By Mary

InfoSec News Nuggets 11/27/2019

1 - Louisiana Motor Vehicles Offices Reopening After Cyberattack Eight regional locations for Louisiana’s Office of Motor Vehicles have reopened after a cyberattack crippled agency operations last week. Other branch locations will resume operations after technical staff ensures the computer systems are functioning properly. The regional offices that opened Monday are in Baton Rouge, New Orleans, Shreveport, Lake Charles, Alexandria, Monroe, Lafayette and Thibodaux. State officials asked people to delay their visits unless they have time-sensitive…
Read More
26 Nov 2019
By Mary

InfoSec News Nuggets 11/26/2019

1 - The California DMV Is Making $50M a Year Selling Drivers’ Personal Information In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18. The document doesn't name the commercial requesters, but some specific companies…
Read More
25 Nov 2019
By Mary

InfoSec News Nuggets 11/25/2019

1 - Google ups bug bounties for Android flaws, exploits ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as…
Read More
22 Nov 2019
By Mary

InfoSec News Nuggets 11/22/2019

1 - Midwest Gets First Cybercrime-Fighting Dog Police in Nebraska have recruited a highly trained dog to assist them in the fight against cybercrime. Two-year-old black Labrador Quinn has joined the Bellevue Police Department as the Midwest's first-ever electronic storage device K-9 officer. Unlike most sniffer dogs, who are taught to detect drugs, Officer Quinn has been specially trained to sniff out a particular chemical used in electronic devices like SIM cards, cell phones, and micro SD…
Read More
21 Nov 2019
By Mary

InfoSec News Nuggets 11/21/2019

1 - NTSB blames Uber’s 'inadequate safety culture' for self-driving fatality The NTSB has lambasted Uber's "inadequate safety culture" and "lack of risk assessment mechanisms" before its self-driving fatality. In March 2018, an autonomous 2017 Volvo XC90 struck and killed pedestrian Elaine Herzberg as she crossed the street in Tempe, Arizona. Officials have also assigned blame to the safety driver, who at the time was watching The Voice on her smartphone. NTSB chair Robert L. Sumwalt said "the collision was the last…
Read More
20 Nov 2019
By Mary

InfoSec News Nuggets 11/20/2019

1 - Wikipedia co-founder offers a Facebook/Twitter wannabe How much would you pay for a Facebook- or Twitter-like social network experience, but one in which you’re not tracked, your personal information and web history aren’t gobbled up, and you aren’t e-hounded by targeted ads? For those of us who haven’t already jumped the Facebook ship and might still be interested in relinquishing our roles as products, Wikipedia co-founder Jimmy Wales has set up a social…
Read More
19 Nov 2019
By Mary

InfoSec News Nuggets 11/19/2019

1 - Phishers Targeting Microsoft Office 365 Admin Credentials Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations. The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from validated domains that don’t belong to Microsoft. Digital fraudsters are stealing Microsoft Office 365…
Read More
18 Nov 2019
By Mary

InfoSec News Nuggets 11/18/2019

1 - PrankDial.com Exposes 138 Million Records via Unprotected Database Prank calling service “PrankDial.com” has exposed 138 million log records after they have left a non-password protected database online for anyone to access. The discovery was made in October by Jeremiah Fowler of “Security Discovery”, who reported the incident to the company immediately. The platform secured the database on the same day, but the exposure could have led to the stealing of the sensitive data in the…
Read More
15 Nov 2019
By Mary

InfoSec News Nuggets 11/15/2019

1 - Ransom payments averaging $41,000 per incident The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not enough to offset malicious actors using Sodinokibi and Globelmposter variants to go…
Read More
14 Nov 2019
By Mary

InfoSec News Nuggets 11/14/2019

1 - Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded The state of Iowa contracted with a prominent cybersecurity company to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses.  In September, two employees of the company were arrested in the course of doing their jobs. The charges still have not been dropped. The incident has sparked concern across the cybersecurity industry, including worries that…
Read More
13 Nov 2019
By Mary

InfoSec News Nuggets 11/13/2019

1 - Microsoft says it will follow California's digital privacy law Microsoft is taking a step toward guarding customer privacy that will impact the bottom line. The company said in a blog post on Monday that it would honor California's privacy law throughout the United States, according to Reuters. The law called the California Consumer Privacy Act or CCPA, which goes into effect on Jan. 1. It is a strict set of rules meant to protect consumers and…
Read More
12 Nov 2019
By Mary

InfoSec News Nuggets 11/12/2019

1 - BlueKeep Attacks Crash Systems Due to Meltdown Patch The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of…
Read More
11 Nov 2019
By Mary

InfoSec News Nuggets 11/11/2019

1 - Brazilian government announces creation of AI lab network The Brazilian government has announced it will create a network of eight research facilities focused on artificial intelligence (AI). The minister of science, technology, innovation and communications, Marcos Pontes, made the announcement during the opening speech of an event focused on public sector innovation in the country's capital, Brasília. "[The creation of the centers] has been one of the priorities [for the Ministry] in order…
Read More
08 Nov 2019
By Mary

InfoSec News Nuggets 11/08/2019

1 - Cisco: All these routers have the same embedded crypto keys, so update firmware Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues. The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key. The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access…
Read More
07 Nov 2019
By Mary

InfoSec News Nuggets 11/07/2019

1 - LA is fast becoming a fintech hub as HMBradley launches another West Coast challenger bank Add HMBradley to the list of Los Angeles based startups looking to shake up the world of high finance typically dominated by East Coast giants with names like JPMorgan Chase, Citigroup, Morgan Stanley, and Goldman Sachs. The new Santa Monica, Calif.-based bank joins companies like Aspiration and Acorns in trying to offer consumers new ways to manage their finances. Founded…
Read More
06 Nov 2019
By Mary

InfoSec News Nuggets 11/06/2019

1 - Porcelain business raises suspicion amid China’s blockchain renaissance A porcelain and education business has attracted the suspicion of Chinese regulators after its stock recently boomed, CoinDesk reports. Guangdong Great Wall Group’s stock price rose for five consecutive days after Chinese President Xi Jinping encouraged civilians to embrace blockchain technology — and is now under investigation by the China Securities Regulatory Commission (CSRC). Founded in 1996, Great Wall Group started off as a creative porcelain business. However, its 2018 annual report, featured…
Read More
05 Nov 2019
By Mary

InfoSec News Nuggets 11/05/2019

1 - Conveyancing law firms targeted in new multimillion-rand cyber scam A new multimillion-rand cyber fraud scam allegedly headed by Nigerians and targeting attorneys dealing with big-money property transactions has been exposed in a graft case in the Joburg Commercial Crime Court. Olutunji Abdul, a Nigerian, and Siphosihle Sithole, a South African, are standing trial in a R7.8million matter in what investigators termed the new “business email compromise” (BEC) fraud. Last week in the Joburg…
Read More
04 Nov 2019
By Mary

InfoSec News Nuggets 11/04/2019

1 - Windows BlueKeep RDP Attacks Are Here, Infecting with Miners The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP). Security researcher Kevin Beaumont noticed on Saturday that multiple honeypots…
Read More
01 Nov 2019
By Mary

InfoSec News Nuggets 11/01/2019

1 - Scammers are now faking voicemail notifications to steal Office 365 login credentials Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access…
Read More
31 Oct 2019
By Mary

InfoSec News Nuggets 10/31/2019

1 - Apple Patches Tens of Vulnerabilities in macOS Catalina, iOS 13 Security updates released by Apple this week for iOS 13 and macOS Catalina 10.15 address roughly 40 vulnerabilities, including issues that affect both operating systems. macOS Catalina 10.15.1, the first security update for the latest major version of the operating system, fixes 33 vulnerabilities, including flaws that can be exploited through malicious applications or by getting the targeted user to process a specially crafted file.…
Read More
30 Oct 2019
By Mary

InfoSec News Nuggets 10/30/2019

1 - iPhone 5 users risk losing internet access Apple iPhone 5 users have been warned to update their software before the weekend or face losing access to the internet. The technology giant said users who did not download iOS 10.3.4 by 3 November would be locked out of features that rely on the correct time and date. This includes the App Store, email, web browsing and storage service iCloud. While it is not the latest…
Read More
29 Oct 2019
By Mary

InfoSec News Nuggets 10/29/2019

1 - UniCredit reveals data breach exposing 3 million customer records UniCredit has revealed a data breach resulting in the leak of information belonging to three million customers. On Monday, the Italian bank and financial services organization said that a compromised file, generated in 2015, is the source of the security incident. In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered. While UniCredit caters to an international…
Read More
28 Oct 2019
By Mary

InfoSec News Nuggets 10/28/2019

1 - Facebook starts testing News, its new section for journalism Facebook’s news section, which was previously reported to be imminent, is here: The company is rolling out Facebook News in a limited test in the U.S. as a home screen tab and bookmark in the main Facebook app. In a blog post, Facebook’s Campbell Brown (vice president of global news partnerships) and Mona Sarantakos (product manager, news) said that news articles will continue to appear in the main…
Read More
24 Oct 2019
By Mary

InfoSec News Nuggets 10/24/2019

1 - Ransomware Hits B2B Payments Firm Billtrust Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said…
Read More
23 Oct 2019
By Mary

InfoSec News Nuggets 10/23/2019

1 - Vatican's wearable rosary gets fix for app flaw allowing easy hacks The road to internet-connected salvation is paved with cybersecurity issues. The Vatican discovered that Thursday, after a security researcher disclosed a severe vulnerability with the "Click to Pray" eRosary app. On Wednesday, the Vatican announced its $110 wearable rosary, an internet of things device that syncs with an app from the Pope's Worldwide Prayer Network. One advantage of IoT devices is that they open up a…
Read More
22 Oct 2019
By Mary

InfoSec News Nuggets 10/22/2019

1 - Open AWS buckets expose more than 200K CVs at two online recruitment firms Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates. Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates.   2…
Read More
18 Oct 2019
By Mary

InfoSec News Nuggets 10/18/2019

1 - California adds biometric specs to data breach law California is changing its Information Practices Act of 1977 to expand the definition of personal information with additional identifiers, including biometric data of those affected. The amendment comes with new instructions on how to notify affected parties by a breach. The legislation is old and uses a definition too broad to describe personal information in all the shapes and forms found today. As such, amendment…
Read More
17 Oct 2019
By Mary

InfoSec News Nuggets 10/17/2019

1 - Argentinian security researcher arrested after tweeting about government hack Argentinian police briefly detained and raided the home of a well-known security researcher last week on suspicion of hacking and leaking data from government systems. Following his release, Javier Smaldone, the security researcher, obtained and published court documents pertaining to his arrest on Twitter. The documents showed that authorities arrested and raided the security expert just for tweeting about a recent government hack, with…
Read More
16 Oct 2019
By Mary

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. "A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels," said the Mozilla Security Team today.…
Read More
15 Oct 2019
By Mary

InfoSec News Nuggets 10/15/2019

Apple Shares Some Browsing History with Chinese Company Apple is sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. The data shared is tied to the Safari Safe Browsing technology. Revelations of the relationship have drawn criticism from security and privacy experts. Apple’s Safari Browser on iOS has a “Fraudulent Website Warning” feature set as a default that has used Google Safe Browsing technology as a back-end.…
Read More
14 Oct 2019
By Mary

InfoSec News Nuggets 10/14/2019

Gamers Warned of High-Severity Intel, Nvidia Flaws Chip giants Intel and Nvidia have stomped out high-severity flaws in two popular products, both commonly used by gamers. Impacted are the Nvidia Shield TV and Intel NUC (short for Next Unit of Computing) mini-PC kit. Nvidia Shield TV is a media streaming box (powered by Nvidia’s Tegra X1 system-on-chip) that runs on the Android operating system and can be used for gaming and media streaming. Intel’s NUC mini-PC…
Read More
11 Oct 2019
By Mary

InfoSec News Nuggets 10/11/2019

Pinterest says AI reduced self-harm content on its platform by 88% Yesterday, on international World Mental Health Day, Pinterest announced in a blogpost that for the past year, it’s been using machine learning techniques to identify and automatically hide content that displays, rationalizes, or encourages self-injury. Using this technology, the social networking company says it has achieved an 88 percent reduction in reports of self-harm content by users, and it’s now able to remove harmful content three times faster…
Read More
10 Oct 2019
By Mary

InfoSec News Nuggets 10/10/2019

Twitter says user data meant for security purposes may have been used for advertising Twitter said on Tuesday email addresses and phone numbers uploaded by users to meet its security requirements may have been ‘inadvertently’ used for advertising purposes. The micro-blogging site said the issue was rectified as of Sept. 17, without disclosing how many users were impacted. “This was an error and we apologize,” the company said in a blog post. Social media companies, including Twitter and Facebook,…
Read More
09 Oct 2019
By Mary

InfoSec News Nuggets 10/09/2019

Ransomware attack hits Spanish city demanding undisclosed amount of Bitcoin A hacker is holding computer systems belonging to the southern Spanish city of Jerez de la Frontera, demanding a Bitcoin ransom to unlock them, RFI reports. The ransomware attack, which reportedly began on Tuesday night, has already caused service outages for the city’s website.  There’s currently no indication of the amount of Bitcoin the hacker is demanding. AFP notes that Spain‘s interior ministry has sent three computer…
Read More
08 Oct 2019
By Mary

InfoSec News Nuggets 10/08/2019

Signal patches Android bug that allowed hackers to answer calls on your behalf  Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end. Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls. Signal has since patched the…
Read More
07 Oct 2019
By Mary

InfoSec News Nuggets 10/07/2019

Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV A new "threat actor" tied to Uzbekistan's State Security Service has been unmasked by threat researchers at Kaspersky Lab. And the unmasking wasn't very hard to do, since, as Kim Zetter reports for Vice, the government group used Kaspersky antivirus software—which sent binaries of the malware it was developing back to Kaspersky for analysis. Uzbekistan has not been known for having a cyber-espionage capability. But the…
Read More
04 Oct 2019
By Mary

InfoSec News Nuggets 10/04/2019

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC Nation-state spy agencies are only as good as their operational security—the care they take to keep their digital spy operations from being discovered. But occasionally a government threat actor appears on the scene that gets it all wrong. This is the case with a threat actor recently discovered by Kaspersky Lab that it’s calling SandCat—believed to be Uzbekistan’s repressive and much-feared intelligence agency, the State…
Read More
03 Oct 2019
By Mary

InfoSec News Nuggets 10/03/2019

How an AI trained to read scientific papers could predict future discoveries In the new study, an AI learned to retrieve information from scientific literature via unsupervised learning. This has remarkable implications. So far, most of the existing automated NLP-based methods are supervised, requiring input from humans. Despite being an improvement compared to a purely manual approach, this is still a labour intensive job. However, in the new study, the researchers created a system that…
Read More
02 Oct 2019
By Mary

InfoSec News Nuggets 10/02/2019

600 armed German cops storm Cyberbunker hosting biz on illegal darknet market claims Cops have seized the physical premises and servers of the Dutch-German ISP that once hosted The Pirate Bay – after storming the hosting biz's ex-NATO bunker hideout with 600 gunmen. Cyberbunker, aka CB3ROB, was shut down by German police in what appears to be a military-grade operation targeting the hosting firm's Traben-Trarbach premises: a Cold War-era bunker complete with its original anti-intrusion…
Read More
01 Oct 2019
By Mary

InfoSec News Nuggets 10/01/2019

Driver's License Thefts Spur ADOT to Boost Online Safeguards Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses. The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft. The cases go back to July 2018. The agency has also been involved in four criminal investigations that…
Read More
30 Sep 2019
By Mary

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The…
Read More
27 Sep 2019
By Mary

InfoSec News Nuggets 9/27/2019

Microsoft challenges ‘sneak and peek’ warrant that requests data from one of its big corporate customers Microsoft said on Wednesday it was challenging a federal judge’s order that prevents the software maker from informing one of its large corporate customers that the U.S. government has issued a warrant for the customer’s data. “We have challenged that order in the lower court, and we will pursue an appeal in the appellate court if necessary,” said Dev…
Read More
26 Sep 2019
By Mary

InfoSec News Nuggets 9/26/2019

Whoops! Google Says Mysterious Wave of Unbootable Macs Is Their Bad A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Monday evening, Variety reported. Initially, blame for the corrupted file systems was largely directed at Avid and its Media Composer software, which was identified as a common link by film and…
Read More
25 Sep 2019
By Mary

InfoSec News Nuggets 9/25/2019

Avid Users Are Suddenly Finding That Their Macs Won’t Boot Avid video editors have started reported that when they shutdown their Macs, they will no longer boot up afterwards.  It is not known exactly what is causing this issue, but it appears to be affecting older versions of Mac OS X who have the Avid Media Creator software installed. As reported by Variety, film and TV editors all over the world suddenly found yesterday that after shutting…
Read More