InfoSec News Nuggets 10/22/2021

FIN7 hackers set up a fake company to recruit for cyberattacks FIN7, a financially motivated Russian hacking group, has set up a fake company to lure unwitting IT specialists into supporting its continued expansion into ransomware, security researchers have found. According to researchers at Recorded Future’s Gemini Advisory unit, FIN7 — known for hacking into point-of-sale registers and stealing over $1 billion from millions of credit cards — is now operating under the guise of Bastion Secure, which claims…
Read More

InfoSec News Nuggets 10/21/2021

New FCC rules could force wireless carriers to block spam texts Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone. “We’ve seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that…
Read More

InfoSec News Nuggets 10/20/2021

CISA says BlackMatter ransomware group behind recent attacks on agriculture companies CISA, the FBI and NSA officially implicated the BlackMatter ransomware group in the recent attacks on two agriculture companies, confirming the assessments of some security researchers who said the gang was behind incidents involving New Cooperative and Crystal Valley in September. New Cooperative -- an Iowa-based farm service provider -- was hit with a ransomware attack on September 20 and BlackMatter demanded a $5.9 million ransom. Crystal Valley,…
Read More

InfoSec News Nuggets 10/19/2021

Hackers are weaponizing Excel documents to infiltrate corporate networks Employees at financial organizations are being targeted using weaponized Exceldocuments as part of a new phishing campaign aimed at infiltrating corporate networks. While the campaign, which has been dubbed MirrorBlast, was first detected in September by the cybersecurity firm ET Labs, another cybersecurity firm called Morphisec has now analyzed the malware used in the campaign and reported its findings in a new blog post. Morphisec warns that the malicious Excel…
Read More

InfoSec News Nuggets 10/18/2021

7-Eleven breached customer privacy by collecting facial imagery without consent In Australia, the country's information commissioner has found that 7-Eleven breached customers' privacy by collecting their sensitive biometric information without adequate notice or consent. From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process --…
Read More

InfoSec News Nuggets 10/15/2021

Microsoft to pull LinkedIn from Chinese market American technology giant Microsoft announced today that it will pull its professional social network LinkedIn from the Chinese market later this year. Microsoft purchased LinkedIn for more than $26 billion back in 2016. The news comes amidst a flurry of regulatory changes in the Asian nation, as well as rising tensions between the company and the country. Two weeks past, Microsoft came under heavy scrutiny for its decision to block the profiles…
Read More

InfoSec News Nuggets 10/14/2021

New SnapMC group extorts companies after short 30-minute hacks Security researchers have discovered a new threat actor that carries out lightning-fast hacks, typically under 30 minutes, steals a company’s files, and then extorts the victim with threats to leak the data online or to media outlets unless a ransom payment is made within a few days. Discovered by Dutch security firm Fox-IT, the company named the group SnapMC because of its short-lived intrusions and the use of…
Read More

InfoSec News Nuggets 10/13/2021

Olympus has been hit with another major cyberattack Camera maker and Japanese tech giant Olympus was forced to shut down its IT systems in the US, Canada and Latin America after it recently fell victim to a cyberattack. In a statement on its website, the company said that it is currently in the process of investigating a potential cybersecurity incident which occurred on October 10 that affected its IT systems. After detecting suspicious activity on its network, Olympus mobilized…
Read More

InfoSec News Nuggets 10/12/2021

Borrowed a School Laptop? Mind Your Open Tabs WHEN TENS OF millions of students suddenly had to learn remotely, schools lent laptops and tablets to those without them. But those devices typically came with monitoring software, marketed as a way to protect students and keep them on-task. Now, some privacy advocates, parents, and teachers say that software created a new digital divide, limiting what some students could do and putting them at increased risk of disciplinary…
Read More

InfoSec News Nuggets 10/08/2021

Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters. The hacks were widely publicized after their discovery late last year, and American officials have blamed Russia’s SVR foreign intelligence service, which denies the…
Read More

InfoSec News Nuggets 10/07/2021

New TSA regulations to address cyberattack threat to rail systems The Transportation Security Administration will soon issue new regulations designed to make transit agencies and airlines better prepared for cyberattacks. Homeland Security Secretary Alejandro Mayorkas says that, under the new directive, railroads and rail-related entities deemed "higher-risk" will be required to appoint a point person in charge of cybersecurity, report cyber incidents to DHS' Cybersecurity and Infrastructure Security Agency and create a contingency plan for…
Read More

InfoSec News Nuggets 10/06/2021

Hong Kong firm becomes latest marketing company hit with REvil ransomware Hong Kong marketing firm Fimmick has been hit with a ransomware attack, according to a British cybersecurity firm monitoring the situation. Fimmick has offices in Hong Kong and across China, serving several high-profile clients like McDonalds, Coca-Cola, Shell, Asus and others. Their website is currently down and there was no response to ZDNet requests for comment. Matt Lane, CEO of UK-based cybersecurity firm X Cyber Group, said…
Read More

InfoSec News Nuggets 10/05/2021

Company That Routes Billions of Text Messages Quietly Says It Was Hacked A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Syniverse, revealed in a filing dated September 27 with the…
Read More

InfoSec News Nuggets 10/04/2021

3.1M Neiman Marcus Customer Card Details Breached Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just this week, Neiman Marcus acknowledged the compromise, which included personal customer information like names, contact information, payment card information…
Read More

InfoSec News Nuggets 10/01/2021

This malware pretends to be Amnesty International protection from Pegasus Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International. According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists. Now though, cybercriminals have created a fake website impersonating the official…
Read More

InfoSec News Nuggets 09/30/2021

1Password now allows users to securely generate unique email aliases 1Password launched a new feature that will allow users to create and manage secure, unique email aliases from directly within 1Password. Partnering with Fastmail, an email service that puts people and their privacy first, the “Masked Email” integration adds an extra layer of privacy by giving users the option of hiding their actual email addresses from the apps or services that they use. According to research from Deloitte,…
Read More

InfoSec News Nuggets 09/29/2021

Microsoft warns of latest malware attack, explains how to avoid secret backdoor Microsoft has recently discovered another type of malware, named FoggyWeb by Microsoft, that hackers are currently using to remotely steal network admin credentials. The credentials allow the attacker group, which the company has called Nobelium, to hack into admin accounts of the Active Directory Federation Services’ (AD FS) servers and control users’ access to various resources. Microsoft claims that this is the same group behind the…
Read More

InfoSec News Nuggets 09/28/2021

Thousands of online gaming accounts hit in major cyberattack Cybercriminals are increasingly targeting gamers as well as their accounts online with a new malware dubbed BloodyStealer according to Kaspersky. Back in March of this year, the cybersecurity firm's experts discovered an ad for BloodyStealer that said the malware is able to steal passwords, cookies, bank card details, browser autofill data, device data, screenshots, Desktop and uTorrent client files, logs and Bethesda, Epic Games, GOG, Origin, Steam, Telegram and…
Read More

InfoSec News Nuggets 09/27/2021

Hackers breached computer network at key US port but did not disrupt operations Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren't in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official. The incident…
Read More

InfoSec News Nuggets 09/24/2021

A new APT is targeting hotels across the world A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world. Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019. “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil,…
Read More

InfoSec News Nuggets 09/23/2021

Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms A new survey from Ping Identity has found that more internet users are willing to stop using sites altogether if they find the experience cumbersome or invasive. The Ping Identity Consumer Survey queried more than 3,400 consumers across the US, UK, Germany, France and Australia about their experiences with signing up for websites and their attitudes toward online privacy. The survey found…
Read More

InfoSec News Nuggets 09/22/2021

US Treasury sanctions crypto exchange over role in ransomware attacks The US Department of the Treasury has imposed sanctions on virtual currency exchange Suex for its alleged role in facilitating financial transactions for ransomware actors. The Treasury stated that Suex has facilitated transactions involving illicit proceeds from at least eight ransomware variants, adding that over 40% of its transaction history is associated with illicit actors. As a result of the sanctions, which are the first designations against a virtual currency exchange, Suex is blocked…
Read More

InfoSec News Nuggets 09/21/2021

Even the Mafia is getting involved in phishing attacks now Cybercriminals have raked in millions from phishing attacks which is why it's not a big surprise that the Italian Mafia has adopted similar tactics in recent years. According to a new press release from Europol, the Spanish National Police with support from the Italian National Police, Europol and Eurojust have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking…
Read More

InfoSec News Nuggets 09/20/2021

Apple and Google Pull Opposition App From Russian Stores Following Kremlin Pressure On Friday morning, Bloomberg reported that Google and Apple have removed longtime opposition leader Alexei Navalny’s voter guide app from the App Store and Google Play store in Russia. Activists have charged the companies with bowing to Kremlin pressure. The Russian parliamentary elections began today and last through Sunday. On Thursday, Russian state media outlet Tass reported that Vasily Piskarev, head of the Committee on Safety and…
Read More

InfoSec News Nuggets 09/17/2021

Anonymous leaks gigabytes of data from alt-right web host Epik Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180GB in size, contains a "decade's worth of…
Read More

InfoSec News Nuggets 09/16/2021

Ex-U.S. intel operatives admit hacking American networks for UAE Three former U.S. intelligence operatives who worked as cyber spies for the United Arab Emirates admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology, under a deal to avoid prosecution announced on Tuesday. The operatives - Marc Baier, Ryan Adams and Daniel Gericke - were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the UAE spy on its…
Read More

InfoSec News Nuggets 09/15/2021

BlackMatter ransomware hits medical technology giant Olympus Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company's camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has been selling…
Read More

InfoSec News Nuggets 09/14/2021

Apple issues urgent iPhone software update to address critical spyware vulnerability Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist. Researchers from the University of Toronto's Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has…
Read More

InfoSec News Nuggets 09/13/2021

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware Symantec, part of Broadcom Software, has linked the recently discovered Sidewalk backdoor to the China-linked Grayfly espionage group. The malware, which is related to the older Crosswalk backdoor (Backdoor.Motnug) has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico. A feature of this recent campaign was that a large number of targets were in the telecoms sector. The…
Read More

InfoSec News Nuggets 09/10/2021

REvil Ransomware Group is Back as "Happy Blog" Returns An infamous ransomware group that appeared to shutter its operations following a major supply chain attack on IT software provider Kaseya seems to be back in business. The REvil/Sodinokibi variant has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman and meat processing giant JBS. Last year it claimed to have amassed a fortune of $100m through its efforts. However, widespread condemnation…
Read More

InfoSec News Nuggets 09/09/2021

Half a million Fortinet VPN passwords leaked online A cybercriminal has released credentials associated with almost half a million Fortinet VPN accounts online. The account information was supposedly scraped from Fortinet devices, by exploiting a security vulnerability that first came to light in April. Although months have elapsed since a patch was released, many of the credentials remain current, the hacker claims. The data was made public by a threat actor known as Orange, who has a…
Read More

InfoSec News Nuggets 09/08/2021

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the…
Read More

InfoSec News Nuggets 09/07/2021

Mass. Lawmakers Set To Examine Cybersecurity After Recent Attacks The hearing follows several cyberattacks in Massachusetts and throughout the country. A malware attack forced the state's auto inspection system to shut down for nearly three weeks in the spring, and cities and towns across Massachusetts continue to face the challenge of combatting cyber threats, Finegold said. According to FBI data, residents in Massachusetts lost around $100 million from reported cybercrimes in 2020 alone, Finegold said.…
Read More

InfoSec News Nuggets 09/02/2021

One Simple Step to Securing Your Accounts Does it seem like cyber criminals have a magic wand for getting into your email or bank accounts and there’s nothing you can do to stop them? Wouldn’t it be great if there was one single step you could take that would help protect your from cyber criminals and let you securely make the most of technology? While no sole step will stop all cyber criminals, one of…
Read More

InfoSec News Nuggets 09/01/2021

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere No one ever wants a group of hackers to say about their company: “We had the keys to the kingdom.” But that’s exactly what the hacker Sick Codes said on this week’s episode of Lock and Code, in speaking with host David Ruiz, when talking about his and fellow hackers’ efforts to peer into John Deere’s data operations…
Read More

InfoSec News Nuggets 08/31/2021

Fake DMCA and DDoS complaints lead to BazaLoader malware Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks. The messages contain a legal threat and a file stored in a Google Drive folder that allegedly provides evidence of the source of the attack. The DDoS theme is a variation of another lure, a…
Read More

InfoSec News Nuggets 08/30/2021

Microsoft warns thousands of cloud customers of exposed databases -emails Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure’s flagship Cosmos database. A research team at security company Wiz discovered it was able to…
Read More

InfoSec News Nuggets 08/26/2021

Chinese auto-maker accused of altering data after fatal autonomous car accident Police are investigating an electrical vehicle company in China following claims that car data was tampered with following a fatal collision. On August 12, 31 year old Lin Wenqin was using the driver assistance feature on his Nio ES8 when he was involved in a fatal car crash. Chinese state-owned media Global Times reported Lin's car had collided with a construction vehicle on the Shenhai Expressway. On…
Read More

InfoSec News Nuggets 08/25/2021

Razer bug lets you become a Windows 10 admin by plugging in a mouse A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin…
Read More

InfoSec News Nuggets 08/24/2021

Caller ID Spoofing Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information,…
Read More

InfoSec News Nuggets 08/23/2021

AT&T denies data breach after hacker auctions 70 million user database AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1…
Read More

InfoSec News Nuggets 08/20/2021

Census hit by cyberattack, US count unaffected U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census, and hackers' attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday. The attack took place in January 2020 on the bureau's remote access servers. According to the Office of Inspector General, the Census Bureau missed opportunities to limit its vulnerability to…
Read More

InfoSec News Nuggets 08/19/2021

Conti ransomware prioritizes revenue and cyberinsurance data theft Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. Earlier this month, a disgruntled affiliate posted to a hacking forum the IP addresses for Cobalt Strike C2 servers used by the gang and a 113 MB archive containing training material for conducting ransomware attacks. Using this leaked training material,…
Read More

InfoSec News Nuggets 08/18/2021

Ford bug exposed customer and employee records from internal systems A bug on Ford Motor Company's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford's servers. This week, researchers have disclosed a vulnerability found on Ford's website that let them peek into confidential company records, databases and perform account takeovers. The vulnerability was discovered by Robert Willis and break3r,…
Read More

InfoSec News Nuggets 08/17/2021

T-Mobile Investigating Claims of Massive Customer Data Breach T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers. The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller…
Read More

InfoSec News Nuggets 08/16/2021

  If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam Rogue QR code antics have been back in the news recently. They’re not exactly a mainstay of fakery, but they do tend to enjoy small waves of popularity as events shaped by the real world remind everyone they still exist. The most notable example where this is concerned is of course the pandemic. With the spread of Covid-19,…
Read More

InfoSec News Nuggets 08/14/2021

Nation's largest self-driving electric shuttle network launches The country’s biggest fleet of low-speed, self-driving electric shuttles hit the road on Tuesday in a major step forward for the electric vehicle sector. The unveiling here adds momentum to an industry that is poised to get a significant boost from the Biden administration and Democrats in Congress. “We will write the next chapter in the world’s transportation history — in a time when we need a new…
Read More

InfoSec News Nuggets 08/12/2021

New AdLoad malware variant slips through Apple's XProtect defenses A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by American cybersecurity firm SentinelOne. AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs). This malware can also harvest system information that later gets sent to remote servers controlled by its operators.…
Read More

InfoSec News Nuggets 08/11/2021

WhatsApp CEO calls out Apple over Child Safety tools announcement Ever since Apple introduced the new protection tools for child safety this week, it instantly divided opinions. While some think this is a huge deal to protect children, others believe it will just create a backdoor for governments to access people’s iPhones. Now, WhatsApp CEO Will Cathcart is the latest to join those who think the new Child Safety tools from Apple could be bad. It’s not…
Read More

InfoSec News Nuggets 08/10/2021

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training videos in May 2020, X-Force has uncovered additional operational security errors by this group. Our continued analysis led to the discovery of a malicious tool…
Read More