InfoSec News Nuggets 4/4/2024

Missouri county declares state of emergency amid suspected ransomware attack  Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been…
Read More

InfoSec News Nuggets 4/2/2024

India rescues 250 citizens enslaved by Cambodian cybercrime gang  The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. The government explains that these people were tricked into believing that lucrative job opportunities were waiting for them in the Southeast Asian nation, yet they were forced into becoming cybercriminals once they arrived there. After several nationals informed India's Embassy in Cambodia of their…
Read More

InfoSec News Nuggets 4/1/2024

Amazon reverses course, revokes police access to Ring footage via Neighbors app  Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly…
Read More

InfoSec News Nuggets 3/29/2024

Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 While 2023 was a difficult year for cybersecurity teams, 2024 is likely to be worse. In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. By Flashpoint’s numbers, there were 6,077 recorded data breaches in 2023, with attackers accessing more than 17 billion personal records (up 34.5% on 2022’s figures). In the…
Read More

InfoSec News Nuggets 3/28/2024

Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov The US Justice Department on Monday unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering an economic espionage and foreign intelligence gathering by the Chinese government. All seven defendants, federal prosecutors alleged, were associated with Wuhan Xiaoruizhi Science & Technology Co., Ltd. a front company created by the Hubei State Security…
Read More

InfoSec News Nuggets 3/27/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More

InfoSec News Nuggets 3/26/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More

InfoSec News Nuggets 3/25/2024

Senators push to declassify TikTok briefings Democratic Senator Richard Blumenthal and Republican Senator Marsha Blackburn are calling for TikTok briefings to be declassified so the government can “better educate the public on the need for urgent action.” The briefings come as support grows for a forced sale of TikTok due to national security concerns around ByteDance, the Chinese company that owns the app. “We are deeply troubled by the information and concerns raised by the intelligence community…
Read More

InfoSec News Nuggets 3/22/2024

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it…
Read More

InfoSec News Nuggets 3/21/2024

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were…
Read More

InfoSec News Nuggets 3/20/2024

We’re one step closer to a global cybersecurity standard for smart home devices As useful as connected devices like video doorbells and smart lights are, it’s wise to exercise caution when using connected tech in your home, especially after years of reading about security camera hacks, fridge botnet attacks, and smart stoves turning themselves on. But until now, there hasn’t been an easy way to assess a product’s security chops. A new program from the Connectivity Standards Alliance (CSA), the group…
Read More

InfoSec News Nuggets 3/19/2024

NHS Dumfries and Galloway Warns of “Significant” Data Theft An NHS Scotland trust has warned of disrupted services and possible data compromise after being breached by threat actors. NHS Dumfries and Galloway issued a brief statement on Friday that it “has been the target of a focused and ongoing cyber-attack.” The healthcare provider is still investigating the incident, in tandem with the National Cyber Security Centre (NCSC), Police Scotland and the Scottish Government. Healthcare is…
Read More

InfoSec News Nuggets 3/16/2024

Former telecom manager admits to doing SIM swaps for $1,000 A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. SIM swapping is an unauthorized porting of a targeted person's phone number to another physical SIM card or eSIM chip controlled by the attacker. These types of attacks are usually conducted via social engineering attacks against…
Read More

InfoSec News Nuggets 3/15/2024

The software at the center of debate over Chinese cyber threat inside the biggest ports in US Cybersecurity risks associated with Chinese-made cranes at U.S. ports are not new, and recent White House action and hearings on Capitol Hill have escalated the claims about potentially serious national security vulnerabilities embedded in key infrastructure. But the Biden administration, lawmakers and ports management continue to differ in their views of the true nature of the threat. In…
Read More

InfoSec News Nuggets 3/13/2024

VR headsets can be hacked with an Inception-style attack In the Christoper Nolan movie Inception, Leonardo DiCaprio’s character uses technology to enter his targets’ dreams to steal information and insert false details into their subconscious.  A new “inception attack” in virtual reality works in a similar way. Researchers at the University of Chicago exploited a security vulnerability in Meta’s Quest VR system that allows hackers to hijack users’ headsets, steal sensitive information, and—with the help of generative…
Read More

InfoSec News Nuggets 3/12/2024

Elon Musk says xAI will open-source Grok this week Elon Musk’s AI startup xAI will open-source Grok, its chatbot rivaling ChatGPT, this week, the entrepreneur said, days after suing OpenAI and complaining that the Microsoft-backed startup had deviated from its open-source roots. xAI released Grok last year, arming it with features including access to “real-time” information and views undeterred by “politically correct” norms. The service is available to customers paying for X’s $16 monthly subscription. Musk, who didn’t elaborate on…
Read More

InfoSec News Nuggets 3/11/2024

Microsoft says Russian hackers stole source code after spying on its executives Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. “In recent weeks, we have seen evidence that Midnight Blizzard…
Read More

InfoSec News Nuggets 3/8/2024

Fidelity customers' financial info feared stolen in suspected ransomware attack Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys.   Google…
Read More

InfoSec News Nuggets 3/7/2024

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the…
Read More

InfoSec News Nuggets 3/6/2024

Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but…
Read More

InfoSec News Nuggets 3/5/2024

Ransomware ban backers insist thugs must be cut off from payday Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators. Ciaran Martin, founding CEO of the UK's National Cyber Security Center (NCSC), reiterated his stance on the matter a week after LockBit started to get back on its feet again following the efforts of Operation Cronos to bring its servers…
Read More

InfoSec News Nuggets 3/4/2024

Hugging Face, the GitHub of AI, hosted code that backdoored user devices Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come. In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-user device.…
Read More

InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement…
Read More

InfoSec News Nuggets 2/29/2024

Registrars can now block all domains that resemble brand names Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. GlobalBlock, a solution already in use by leading registrars like GoDaddy Corporate Domains, 101domain, and MarkMonitor lets businesses pay a subscription fee to reserve a part of the domain space, as a means to protect their trademark. But, is there more to…
Read More

InfoSec News Nuggets 2/28/2024

Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring “high-risk” vulnerabilities, according to a new study from Synopsys. The chip design tool company’s ninth annual Open Source Security and Risk Analysis (OSSRA) report analyzed anonymized findings from over 1000 commercial codebase audits in 17 industries. It found that the share featuring high-risk open source bugs – that is, ones that have been actively exploited, have documented proof-of-concept exploits or are…
Read More

InfoSec News Nuggets 2/27/2024

Lockbit cybercrime gang says it is back online following global police bust Lockbit, the cybercrime gang that was knocked offline by a comprehensive international police operation earlier this month, says it has restored its servers and is back in business. The group, notorious on the internet's criminal underground for using malicious software called ransomware to digitally extort its victims, was the target of an unprecedented international law enforcement operation last week which saw its members arrested and indicted. Lockbit's…
Read More

InfoSec News Nuggets 2/26/2024

U-Haul says hacker accessed customer records using stolen creds U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and…
Read More

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last…
Read More

InfoSec News Nuggets 2/22/2024

Reward Offers for Information on LockBit Leaders and Designating Affiliates The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group. Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and…
Read More

InfoSec News Nuggets 2/21/2024

Reddit sells training data to unnamed AI company ahead of IPO On Friday, Bloomberg reported that Reddit has signed a contract allowing an unnamed AI company to train its models on the site's content, according to people familiar with the matter. The move comes as the social media platform nears the introduction of its initial public offering (IPO), which could happen as soon as next month. Reddit initially revealed the deal, which is reported to be worth…
Read More

InfoSec News Nuggets 2/20/2024

Using AI in a cyberattack? DOJ’s Monaco says criminals will face stiffer sentences The Justice Department’s No. 2 official directed federal prosecutors to impose stiffer penalties on cybercriminals who use AI in their crimes. “We have to put AI at the top of [our] enforcement priorities list,” Lisa Monaco told an audience Friday at the Munich Cyber Security Conference. “We’re looking quite hard at how AI can enhance quite literally the danger associated with crimes.…
Read More

InfoSec News Nuggets 2/16/2024

  European Court of Human Rights declares backdoored encryption is illegal The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "the contested legislation providing for the retention of all internet communications of all users, the security services’ direct…
Read More

InfoSec News Nuggets 2/15/2024

Romanian hospital ransomware crisis attributed to third-party breach The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All…
Read More

InfoSec News Nuggets 2/14/2024

Meta says risk of account theft after phone number recycling isn't its problem to solve Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out. The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period –…
Read More

InfoSec News Nuggets 2/13/2024

Europe's largest caravan club admits wide array of personal data potentially accessed  The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen. According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the…
Read More

InfoSec News Nuggets 2/12/2024

Google unmasks 5 spyware firms from Italy, Greece and Spain that infect phones all over the world  Wow, that Mediterranean climate sure is something! Five companies from Southern Europe have been called out by Google and accused of producing spyware software that infects and affects phones all over the world. The search engine giant said these five companies from Italy, Greece and Spain were “enabling the use of dangerous hacking tools”, and urged the United…
Read More

InfoSec News Nuggets 2/9/2024

Half of polled infosec pros say their degree was less than useful for real-world work Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot. The Moscow-headquartered multinational revealed those figures today in the first part of a multi-stage…
Read More

InfoSec News Nuggets 2/8/2024

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities  oogle today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe programming language across Android and other Google products, due to its benefits for addressing memory safety vulnerabilities. “Based on historical vulnerability density statistics, Rust…
Read More

InfoSec News Nuggets 2/7/2024

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data  Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files…
Read More

InfoSec News Nuggets 2/6/2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan  The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken…
Read More

InfoSec News Nuggets 2/5/2024

FBI removes malware from hundreds of routers across the US The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an…
Read More

InfoSec News Nuggets 2/2/2024

FBI disrupts Chinese botnet used for targeting US critical infrastructure  The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things,…
Read More

InfoSec News Nuggets 2/1/2024

Two More Individuals Charged for DraftKings Hacking  Two more individuals have been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website. The individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches, and attempted to sell access to the accounts. A third…
Read More

InfoSec News Nuggets 1/31/2024

Microsoft stole my Chrome tabs, and it wants yours, too  Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d…
Read More

InfoSec News Nuggets 1/30/2024

DHS employees jailed for stealing data of 200K U.S. govt workers  Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced…
Read More

InfoSec News Nuggets 1/29/2024

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist  The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans. Passport scans are routinely collected to verify identities during the course of the hiring process,…
Read More

InfoSec News Nuggets 1/26/2024

Meta announces steps to protect teens from unwanted contact on Instagram and Facebook  On Thursday (Jan. 25), Meta detailed a few new ways parents can better safeguard their teens on Instagram and Facebook. Adam Mosseri, Head of Instagram, shared a quick video on the platform explaining that a new set of "stricter messaging" settings are arriving. These settings for children under 16 and under 18 in other regions will help parents ensure they don't receive…
Read More

InfoSec News Nuggets 1/25/2024

News media, foreign affairs experts are targets of North Korean group’s latest campaign  North Korean state hackers are targeting media organizations and high-profile academics in a new espionage campaign, according to a new report released this week. The goal of these attacks, attributed by researchers at SentinelLabs to a hacker group known as ScarCruft or APT37, is to “gather strategic intelligence” that can “contribute to North Korea’s decision-making processes.” ScarCruft is a suspected North Korean state-sponsored group with a history of attacks…
Read More

InfoSec News Nuggets 1/24/2024

Jason’s Deli says customer data exposed in credential stuffing attack  Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. Jason's Deli is an American restaurant chain with 246 branches in 29 states, employing over 6,000 people and having an annual revenue of over $400 million. In a data breach notification sent to customers, Jason's Deli says hackers obtained…
Read More

InfoSec News Nuggets 1/23/2024

Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim  Five people have been accused of pulling off a "brazen" scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more. Mark Angarola, Allison Angarola, Jose Garcia, Michelle Cox, and Lisa Mincak were all arrested and charged in the US with one count each of wire fraud…
Read More