13 Mar 2025
By Mary

InfoSec News Nuggets 3/13/2025

Beware of Deepfakes: A New Age of Deception Steve was at his desk when he received a frantic video call from his manager, Bela. She looked stressed in the video call, her voice hurried. “I need you to send the confidential client report to this new email right away!” she insisted. Seeing her familiar face and hearing her distinct voice, he didn’t hesitate, he sent the confidential report to the new email address. Hours later,…
Read More
12 Mar 2025
By Mary

InfoSec News Nuggets 3/12/2025

MS-ISAC loses federal support The Multi-State Information Sharing and Analysis Center, which has supported the cybersecurity operations of state and local governments since its creation in 2004, has lost its federal funding and cooperative agreement, a Cybersecurity and Infrastructure Security Agency spokesperson confirmed with StateScoop on Tuesday. The news, first reported by freelance reporter Eric Geller, follows the Department of Homeland Security last month severing support for the Elections Infrastructure ISAC. A representative from the Center for…
Read More
11 Mar 2025
By Mary

InfoSec News Nuggets 3/11/2025

Swiss critical sector faces new 24-hour cyberattack reporting rule  Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country. The mandate is introduced via an amendment to the Information…
Read More
10 Mar 2025
By Mary

InfoSec News Nuggets 3/10/2025

Survey Says...It’s a Scam! Recently, I shared the first blog in a series recounting a user’s experience with malicious adtech. In that blog, I described how I had visited a compromised website, allowed notifications and found myself inundated with a seemingly endless stream of malicious content. For over three months, I had recorded every interaction and analyzed how the different companies in the adtech world affiliate with each other and with the advertisers they serve. In that…
Read More
07 Mar 2025
By Mary

InfoSec News Nuggets 3/7/2025

Massive botnet that appeared overnight is delivering record-size DDoSes A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said. The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering…
Read More
06 Mar 2025
By Mary

InfoSec News Nuggets 3/6/2025

CISA refutes claims it has been ordered to stop monitoring Russian cyber threats It's been a confusing few days in the world of American cybersecurity. At the end of last week, it was reported that US Cyber Command had been ordered by Defense Secretary Pete Hegseth to pause its offensive operations against Russia. The news was swiftly followed by reports that staff at the US Cybersecurity and Infrastructure Security Agency (CISA) had been given similar…
Read More
05 Mar 2025
By Mary

InfoSec News Nuggets 3/5/2025

Toronto Zoo says credit card info ‘leaked on the dark web’ in cyber attack The Toronto Zoo says transaction data, including credit card information, was “leaked on the dark web” following a cyber attack more than a year ago. The zoo published a final update this weekend on the January 2024 incident, saying information about all guests and members who paid general admission and made membership purchases between 2000 and April 2023 was obtained in the ransomware…
Read More
04 Mar 2025
By Mary

InfoSec News Nuggets 3/4/2025

Microsoft IDs developers behind alleged generative AI hacking-for-hire scheme Microsoft has identified individuals from Iran, China, Vietnam and the United Kingdom as primary players in an alleged international scheme to hijack and sell Microsoft accounts that could bypass safety guidelines for generative AI tools. In December, Microsoft petitioned a Virginia court to seize infrastructure and software from 10 unnamed individuals who the company claims ran a hacking-as-a-service operation that used stolen Microsoft API keys to sell access…
Read More
03 Mar 2025
By Mary

InfoSec News Nuggets 3/3/2025

You can delete personal info directly from Google Search now - and it's shockingly fast If you find your personal information online, like your phone number, address, or email, Google is making it easier to make sure it doesn't show up again. Several years ago, Google introduced a "Results about you" tool that lets you track your personal information online and remove it from search results. It wasn't easy to find this tool, though, because you had…
Read More
28 Feb 2025
By Mary

InfoSec News Nuggets 2/28/2025

Cellebrite cuts off Serbia over abuse of phone-cracking software against civil society The Israeli company Cellebrite announced Tuesday that it will no longer allow Serbia to use its software, which is deployed by law enforcement worldwide to unlock mobile phones. The decision comes on the heels of an Amnesty International report in December alleging that Serbian authorities used the powerful technology to secretly break into phones belonging to civilians and then installed spyware. Cellebrite has been “systematically…
Read More
27 Feb 2025
By Mary

InfoSec News Nuggets 2/27/2025

VSCode extensions with 9 million installs pulled over security risks Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and  'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been disabled. The publisher, Mattia Astorino (aka equinusocio), has multiple extensions on…
Read More
26 Feb 2025
By Mary

InfoSec News Nuggets 2/26/2025

GitVenom attacks abuse hundreds of GitHub repos to steal crypto A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials. According to Kaspersky, GitVenom has been active for at least two years, targeting users globally but with an elevated focus on Russia, Brazil, and Turkey. "Over the course of the GitVenom campaign, the threat actors behind it…
Read More
25 Feb 2025
By Mary

InfoSec News Nuggets 2/25/2025

CL0P Ransomware Launches Large-Scale Attacks on Telecom and Healthcare Sectors The notorious CL0P ransomware group has intensified its operations in early 2025, targeting critical sectors such as telecommunications and healthcare. Known for its sophisticated tactics, the group has exploited zero-day vulnerabilities to infiltrate systems, steal sensitive data, and extort victims. This resurgence follows a relatively quieter 2024, during which CL0P listed only 27 victims compared to its infamous 2023 campaign with 384 breaches. In February…
Read More
24 Feb 2025
By Mary

InfoSec News Nuggets 2/24/2025

Apple pulls data protection feature in UK amid government demands Apple (AAPL.O), opens new tab is scrapping its most advanced security encryption feature for cloud data in Britain, the company said on Friday, an unprecedented response to government demands for access to user data. The change affects a feature called Advanced Data Protection (ADP), which extends end-to-end encryption across a wide range of cloud data. Apple said it is no longer available in Britain for new users, with those…
Read More
21 Feb 2025
By Mary

InfoSec News Nuggets 2/21/2025

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency. The Feds warned orgs to beware of this spectral menace, which is known to have infected critical infrastructure and…
Read More
20 Feb 2025
By Mary

InfoSec News Nuggets 2/20/2025

Palo Alto Networks tags new firewall bug as exploited in attacks Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained…
Read More
19 Feb 2025
By Mary

InfoSec News Nuggets 2/19/2025

Chinese hackers abuse Microsoft APP-v tool to evade antivirus The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. This technique was discovered by threat researchers at Trend Micro, who track the threat group as Earth Preta, reporting that they have verified over 200 victims since 2022. Mustang Panda's targeting scope, based on Trend…
Read More
18 Feb 2025
By Mary

InfoSec News Nuggets 2/18/2025

Worrying YouTube security flaw exposed billions of user emails Experts have warned that any email from a YouTube account could be pulled from Google with a ‘relatively simple exploit’. A researcher who goes by Brutecat managed to leverage several vulnerabilities across Google products to access the email address of any YouTube user, CyberNews reports. Google has now patched the flaw, but this does represent a serious risk to the privacy of users, and could put them in danger of phishing attacks.…
Read More
14 Feb 2025
By Mary

InfoSec News Nuggets 2/14/2025

British military drops basic training to fast track recruitment of ‘cyber warriors’ The British government is dropping the traditional fitness and weapons training for specialist cyber military recruits in order to address a cyber skills shortage within His Majesty’s Armed Forces, including in its arm for offensive operations in the National Cyber Force. The new pipeline will see up to 50 recruits accelerated into existing vacancies with either the Royal Navy or the Royal Air Force by the end…
Read More
12 Feb 2025
By Mary

InfoSec News Nuggets 2/12/2025

Security attacks on password managers have soared Cybercriminals are increasingly targeting password managers in an attempt to break into various important digital accounts. Picus Security detailed its findings in the newly-released Red Report 2025, based on an in-depth analysis of more than a million malware variants collected last year, finding a quarter of all malware (25%) targeted credentials in password stores. This, the researchers claim, represents a three-fold increase compared to the year before. “For the first…
Read More
11 Feb 2025
By Mary

InfoSec News Nuggets 2/11/2025

Label maker Avery says ransomware investigation also found credit-card scraper The world’s largest supplier of labels said a ransomware attack in December prompted an investigation that led to the discovery of a data breach impacting the information of about 67,000 customers. In breach notification letters, Avery Products said a ransomware attack was discovered on December 9 and prompted an in-depth investigation led by forensic experts. They found that “an unauthorized actor inserted malicious software that was…
Read More
10 Feb 2025
By Mary

InfoSec News Nuggets 2/10/2025

Coinbase accused of neglecting security, costing users up to $300M annually Cryptocurrency investigators ZachXBT and tanuki42 accused Coinbase of failing to address security vulnerabilities and scam incidents that have cost investors millions of dollars each month. On Feb. 3, independent crypto investigator ZachXBT and tanuki42 from zeroShadow reported that Coinbase users lost more than $65 million in December 2024 and January 2025 alone. Still, the duo claimed the losses were even higher, as their calculations…
Read More
04 Feb 2025
By Mary

InfoSec News Nuggets 2/4/2025

Microsoft passwords at risk as hackers exploit Google Forbes reports that hackers are targeting Microsoft advertiser accounts in an attempt to steal login information and access the advertising platform. Malwarebytes researchers discovered how hackers use malicious ads appearing on Google Search to get sensitive data. The cybersecurity company discovered that sponsored ads contained malicious links despite Google’s security measures. Malwarebytes contacted Google for a statement and received a response stating, “We expressly prohibit ads that aim…
Read More
03 Feb 2025
By Mary

InfoSec News Nuggets 2/3/2025

Facebook flags Linux topics as 'cybersecurity threats' — posts and users being blocked Facebook is banning posts that mention various Linux-related topics, sites, or groups. Some users may also see their accounts locked or limited when posting Linux topics. Major open-source operating system news, reviews, and discussion site DistroWatch is at the center of the controversy, as it seems to be the first to have noticed that Facebook's Community Standards had blackballed it. A post on the…
Read More
28 Jan 2025
By Mary

InfoSec News Nuggets 1/28/2025

DeepSeek’s top-ranked AI app is restricting sign-ups due to ‘malicious attacks’ After surging to the top of Apple’s App Store charts in the US, DeepSeek’s AI Assistant is now restricting new user sign-ups. According to an incident report page, registrations are being temporarily limited “due to large-scale malicious attacks on DeepSeek’s services,” though it’s unclear how these limitations are being applied. “Existing users can log in as usual,” DeepSeek said in its update. “Thanks for your…
Read More
27 Jan 2025
By Mary

InfoSec News Nuggets 1/27/2025

Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating. It's…
Read More
24 Jan 2025
By Mary

InfoSec News Nuggets 1/24/2025

Microsoft's LinkedIn sued for disclosing customer information to train AI models Microsoft's (MSFT.O), opens new tab LinkedIn has been sued by Premium customers who said the business-focused social media platform disclosed their private messages to third parties without permission to train generative artificial intelligence models. According to a proposed class action filed on Tuesday night on behalf of millions of LinkedIn Premium customers, LinkedIn quietly introduced a privacy setting last August that let users enable or disable…
Read More
23 Jan 2025
By Mary

InfoSec News Nuggets 1/23/2025

The Internet is (once again) awash with IoT botnets delivering record DDoSes We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports are rolling in of threat actors infecting thousands of home and office routers, web cameras, and other Internet-connected devices. Here is a sampling of research released since the first of the year. A post on Tuesday from content-delivery network Cloudflare reported on a recent…
Read More
22 Jan 2025
By Mary

InfoSec News Nuggets 1/22/2025

ChatGPT Crawler Vulnerability Let Attackers Trigger DDoS Attack On Any Websites OpenAI’s ChatGPT API has been found to have a significant crawler vulnerability that enables attackers to launch Distributed Denial of Service (DDoS) attacks on arbitrary websites. This vulnerability is a significant concern for both web administrators and enterprises since it poses substantial risks to website availability. According to Benjamin Flesch the vulnerability lies within the ChatGPT API, specifically in how it handles HTTP POST requests directed at…
Read More
21 Jan 2025
By Mary

InfoSec News Nuggets 1/21/2025

US issues final rule barring Chinese, Russian connected car tech The Commerce Department on Tuesday announced a new rule that will bar certain Chinese and Russian connected car technology from being imported to the United States. Software and hardware built into Vehicle Connectivity Systems (VCS) — such as telematics control units and cellular, satellite and Wi-fi functions — which are manufactured in China and Russia will be banned, along with any connected cars containing them.  Separately Russian…
Read More
16 Jan 2025
By Mary

InfoSec News Nuggets 1/16/2025

Microsoft stops using Bing to trick people into thinking they’re on Google Microsoft has quietly killed off its spoofed Google UI that it was using to trick Bing users into thinking they were using Google. Earlier this month you could search for “Google” on Bing and get a page that looked a lot like Google, complete with a special search bar, an image resembling a Google Doodle, and even some small text under the search bar just…
Read More
15 Jan 2025
By Mary

InfoSec News Nuggets 1/15/2025

UK floats ransomware payout ban for public sector A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill. The consultation will consider views on extending the ransom payment ban from central government departments to all public services including hospitals, schools, local authorities, and state-operated transport networks. Announced today,…
Read More
14 Jan 2025
By Mary

InfoSec News Nuggets 1/14/2025

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it. Halcyon threat hunters say they first spotted this criminal gang in December, and in recent weeks observed two such ransomware attacks…
Read More
13 Jan 2025
By Mary

InfoSec News Nuggets 1/13/2025

Cannabis company Stiiizy says hackers accessed customers’ ID documents Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyberattack. In a data breach notice filed with California’s attorney general this week, Stiiizy said it was notified by its point-of-sale processing vendor that an “organized cybercrime group” had compromised the data from some of its retail locations.   Docker Desktop blocked…
Read More
10 Jan 2025
By Mary

InfoSec News Nuggets 1/10/2025

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data In just 20 minutes this morning, an automated license-plate-recognition (ALPR) system in Nashville, Tennessee, captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate. This trove of real-time vehicle data, collected by one of Motorola’s ALPR systems, is meant to be accessible…
Read More
09 Jan 2025
By Mary

InfoSec News Nuggets 1/9/2025

Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools and software to steal personal and financial information from victims in the Middle East. The modus operandi of the scam involves these scammers posing as government officials, gaining the trust of their targets by offering to help them claim refunds for unsatisfactory purchases. In return, scammers end up…
Read More
08 Jan 2025
By Mary

InfoSec News Nuggets 1/8/2025

Green Bay Packers' online store hacked to steal credit cards The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on October 23 that the packersproshop.com website was breached. "On October 23, 2024, we…
Read More
07 Jan 2025
By Mary

InfoSec News Nuggets 1/7/2025

“Can you try a game I made?” Fake game sites lead to information stealers A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in beta testing a new videogame (targets can also receive a text message or an email). Often, the message comes from the “developer” themselves, as asking whether you can try a game that…
Read More
06 Jan 2025
By Mary

InfoSec News Nuggets 1/6/2025

US Treasury incident a clear warning on supply chain security in 2025 A major state-sponsored cyber incident that targeted the United States Department of the Treasury in the weeks prior to Christmas 2024 appears to have begun as the result of a compromise at a third-party tech support supplier, serving as a warning on the precarious security and vulnerable nature of technology supply chains for IT firms and their customers alike. The cyber attack was allegedly the…
Read More
03 Jan 2025
By Mary

InfoSec News Nuggets 1/3/2025

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign The supply chain attack in which cybersecurity firm Cyberhaven’s Chrome extension was compromised to steal users’ data appears to be part of a wider campaign in which at least 29 extensions were hit over the past year and a half. As part of the Cyberhaven incident, a threat actor gained access to the company’s Chrome Web Store administrator account and published a new version of the…
Read More
31 Dec 2024
By Mary

InfoSec News Nuggets 12/31/2024

Defense Giant General Dynamics Says Employees Targeted in Phishing Attack Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel. The unauthorized activity was discovered on October 10, after the attackers had accessed and made changes to the employee benefits accounts through a login portal hosted by a third party. According to the company, the attackers ran a fraudulent advertising campaign that…
Read More
30 Dec 2024
By Mary

InfoSec News Nuggets 12/30/2024

Emerging Threats & Vulnerabilities to Prepare for in 2025 In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in "10 Emerging Vulnerabilities Every Enterprise Should Know," a Dark Reading webinar — as they continuously rise and develop in 2025. Zero-days and their increase in volume across the…
Read More
26 Dec 2024
By Mary

InfoSec News Nuggets 12/26/2024

The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year Every year, countless emails hit our inboxes telling us that our personal information was accessed, shared, or stolen in a data breach. In many cases, there is little we can do. Most of us can assume that at least our phone numbers, emails, addresses, credit card numbers, and social security numbers are all available somewhere on the internet. But some of these data breaches are more…
Read More
24 Dec 2024
By Mary

InfoSec News Nuggets 12/24/2024

Suspected LockBit dev, facing US extradition, 'did it for the money' An alleged LockBit ransomware developer is in custody in Israel and awaiting extradition to the United States. Israeli law enforcement arrested Rostislav Panev, 51, a dual Russian and Israeli national, in August at the request of the US. Panev faces 41 counts, including computer-related extortion, conspiracy to commit fraud, conspiracy to commit wire fraud, and intentional damage to a protected computer, according to a…
Read More
23 Dec 2024
By Mary

InfoSec News Nuggets 12/23/2024

China 'compromised' Canadian government networks and stole valuable info: spy agency Threat actors sponsored by China "compromised" Canadian government networks over the past five years and collected valuable information, says a new report from Canada's cyber spy agency. The Communications Security Establishment, responsible for foreign signals intelligence, cyber operations and cyber security, released its updated national cyber threat assessment on Wednesday. The assessment flags threats the agency sees as the most pressing ones facing individuals and…
Read More
20 Dec 2024
By Mary

InfoSec News Nuggets 12/20/2024

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the victims' Microsoft Azure cloud infrastructure. After taking over victims' accounts, the miscreants signed into new devices using stolen creds so they could maintain…
Read More
19 Dec 2024
By Mary

InfoSec News Nuggets 12/19/2024

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence The US Justice Department has announced the sentencing of 32-year-old Vitalii Antonenko, a man accused of hacking, credit card theft, and money laundering.  Antonenko, a resident of New York City, was arrested in March 2019 after returning from Ukraine. An indictment accusing him of participating in a cybercrime scheme was announced one year later.  The man pleaded guilty to conspiracy to engage in computer hacking, money laundering, and trafficking…
Read More
18 Dec 2024
By Mary

InfoSec News Nuggets 12/18/2024

Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists Serbian police and intelligence authorities are using advanced phone spyware alongside mobile phone forensic products to unlawfully target journalists, environmental activists and other individuals in a covert surveillance campaign, a new Amnesty International report has revealed.  The report, “A Digital Prison”: Surveillance and the Suppression of Civil Society in Serbia, documents how mobile forensic products made by Israeli company Cellebrite are being used…
Read More
16 Dec 2024
By Mary

InfoSec News Nuggets 12/16/2024

Data breach at Senior Dating website spills info of 765,000 users A database belonging to matchmaking site, Senior Dating, has been discovered on data leak site Have I Been Pwned (HIBP). The database contains the personally identifiable information of 765,517 users, and the site has since been shut down entirely. The compromised data breach stems from a Google-backed web development platform, Firebase. Another dating site with the same owner, Ladies.com, suffered a similar breach, with 118,809 users exposed.…
Read More
13 Dec 2024
By Mary

InfoSec News Nuggets 12/13/2024

Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion Congress had devoted to the “rip and…
Read More