InfoSec News Nuggets 02/03/2023

North Korean hackers stole research data in two-month-long breach  A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy, defense, and a leading research university. The operation was discovered by Finnish cybersecurity firm WithSecure, whose analysts…
Read More

InfoSec News Nuggets 02/02/2023

City of London on High Alert After Ransomware Attack  A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. Ion Cleared Derivatives released a brief statement on Tuesday saying that it experienced a “cybersecurity event” that day which affected some of its services. “The incident is contained to a specific environment, all the affected servers are disconnected and remediation of services is…
Read More

InfoSec News Nuggets 02/01/2023

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years  A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein said, calling it a "master of disguises." Offered as a service to other…
Read More

InfoSec News Nuggets 01/31/2023

JD Sports says 10 million customers hit by cyber attack  Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack. The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards. The data related to online orders between November 2018 and October 2020. JD Sports said it…
Read More

InfoSec News Nuggets 01/30/2023

New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors  A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa. Recently discovered by cybersecurity experts at DomainTools, the 'pig butchering' operation uses a complex network of social engineering techniques to defraud victims. Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat actor used professional network services such as LinkedIn to identify, research and contact potential…
Read More

InfoSec News Nuggets 01/27/2023

Morgan Stanley penalizes employees as much as $1 million for WhatsApp breaches  Morgan Stanley has imposed financial penalties on employees who used messaging platforms such as WhatsApp for company business, according to two sources familiar with the situation. The penalties ranged from several thousand dollars for some staff to more than $1 million for others. The amounts were determined by factors such as the number of messages sent, seniority and whether the employees had already received warnings,…
Read More

InfoSec News Nuggets 01/26/2023

Riot Games says it has received ransom note following hack, but won't pay up  Riot Games has said it will refuse to pay a ransomware demand to regain some of its source code following a recent cyberattack. In an update concerning this week's incident, Riot confirmed it was an extortion attack, noting that the source code for League of Legends (LoL), Teamfight Tactics (TFT), and a legacy anticheat platform, was exfiltrated by the attackers. It also confirmed receiving a ransom note, but added that…
Read More

InfoSec News Nuggets 01/25/2023

LastPass owner GoTo says hackers stole customers’ backups  LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared by LastPass and GoTo. The attackers used information stolen from an earlier breach of LastPass systems in August…
Read More

InfoSec News Nuggets 01/24/2023

A Murderer Targeted Pregnant Moms In A Private Facebook Group, Feds Say  In late October 2022, Kelly, a first-time mom from Siloam Springs, Arkansas, posted in a private Facebook group for parents in the locale. “I'm looking for a small baby swing and maternity clothes,” she said. She got a response from a member called Lucy Barrow, whose account was only created that month, claiming her old profile had been blocked. "I might have some tops…
Read More

InfoSec News Nuggets 01/23/2023

EU watchdogs agree on how to handle certain cookie consent dark patterns  Cookie consent banners that use blatant design tricks to try to manipulate web users into agreeing to hand over their data for behavioral advertising, instead of giving people a free and fair choice to refuse this kind of creepy tracking, are facing a coordinated pushback from the European Union’s data protection regulators. A taskforce of several DPAs, led by France’s CNIL along with Austria’s…
Read More

InfoSec News Nuggets 01/20/2023

Bank of America starts restoring missing Zelle transactions  Bank of America has started to restore missing Zelle transactions that suddenly disappeared from customers' bank accounts this morning, causing some to dip into negative balances. The outage began at approximately 7 AM ET today, with BoA customers suddenly finding their account balances had decreased after recent Zelle transactions disappeared. This led to reports on DownDetector, Reddit, and Twitter from hundreds of customers missing their Zelle transactions.    More Ransomware Victims Are Refusing…
Read More

InfoSec News Nuggets 01/19/2023

Google Ads Malware Wipes NFT Influencer’s Crypto Wallet  An NFT influencer with the Twitter handle @NFT_GOD claims to have lost thousands of dollars worth of non-fungible tokens (NFTs) and crypto in a Google Ads-delivered malware attack. On 14th January, NFT God, also known as Alex, shared on Twitter how his “entire livelihood was violated.” In the thread, he explained how his online accounts, including Twitter, Substack, Gmail, and Discord, were hacked into and his crypto wallet compromised after he…
Read More

InfoSec News Nuggets 01/18/2023

Feds Seize WeLeakInfo.com for Selling Access to Stolen Data  The FBI has shut down a website that offered hackers easy access to 12 billion records stolen in thousands of data breaches. On Thursday, the Justice Department announced(Opens in a new window) it had seized the internet domain to WeLeakInfo.com, a site that was cataloging data taken from more than 10,300 data breaches at various companies and websites over the years. Customers could pay as little as $2 to gain…
Read More

InfoSec News Nuggets 01/17/2023

Royal Mail's 'Cyber Incident' Turns Out to Be Ransomware  British postal service the Royal Mail has been hit by ransomware, rendering it unable to send any mail internationally and causing a huge backlog of undelivered packages. Earlier this week the Royal Mail requested(Opens in a new window) that customer stop posting any items intended for delivery outside of the UK, but didn't divulge details as to what had happened beyond "disruption" and has since only referred to the situation…
Read More

InfoSec News Nuggets 01/13/2023

Microsoft retracts its report on Mac ransomware  Microsoft published on Jan. 5 — and then redacted on Jan. 6 — a report that detailed four ransomware families hitting macOS devices. When it comes to cybersecurity threats such as ransomware, most systems affected are usually Windows or Linux, so the news made a splash because it was about macOS devices. But Patrick Wardle, founder of the Objective-See Foundation, pointed out on Twitter that the report had no citations and closely aligned…
Read More

InfoSec News Nuggets 01/12/2023

The FBI Won't Say Whether It Hacked Dark Web ISIS Site  U.S. government lawyers are hampering efforts that could reveal how the FBI managed to obtain the real IP address of an alleged visitor to an ISIS website on the dark web, according to court records reviewed by Motherboard. The case involves Muhammed Momtaz Al-Azhari, who was charged in May 2020 with attempting to provide material support to ISIS. According to the complaint against him, Al-Azhari allegedly visited…
Read More

InfoSec News Nuggets 01/11/2023

Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio  On Thursday, Microsoft researchers announced a new text-to-speech AI model called VALL-E that can closely simulate a person's voice when given a three-second audio sample. Once it learns a specific voice, VALL-E can synthesize audio of that person saying anything—and do it in a way that attempts to preserve the speaker's emotional tone. Its creators speculate that VALL-E could be used for high-quality text-to-speech applications, speech…
Read More

InfoSec News Nuggets 01/10/2023

Top SaaS Cybersecurity Threats in 2023: Are You Ready?  Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. Web applications are at the core of what SaaS companies do and how they operate, and they…
Read More

InfoSec News Nuggets 01/09/2023

Dridex malware pops back up and turns its attention to macOS A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.The first sample of this latest variant appeared on Virus Total in 2019, but detections started to rise a year later and peaked in December 2022, according to threat researchers…
Read More

InfoSec News Nuggets 01/06/2023

Slack's private GitHub code repositories stolen over holidays Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022. The incident involves threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that…
Read More

InfoSec News Nuggets 01/05/2023

CircleCI security alert: Rotate any secrets stored in CircleCI We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing. We will provide you updates about this incident, and our response, as they become available. At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take…
Read More

InfoSec News Nuggets 01/04/2023

Google to Pay Indiana $20 Million to Resolve Privacy Suit Google will pay Indiana $20 million to resolve the state’s lawsuit against the technology giant over allegedly deceptive location tracking practices, state Attorney General Todd Rokita announced. Rokitas filed a separate lawsuit against Google when negotiations between the company and a coalition of state attorneys general stalled, he said. Those states agreed to a $391.5 million settlement with the company in November. As a result of the separate lawsuit,…
Read More

InfoSec News Nuggets 01/03/2023

Philippines’ new SIM card law could be abused by corrupt officials, critics say As more than 4 million mobile phone users in the Philippines registered their SIM cards to comply with a new law this week, a manager at a small computer shop in Metro Manila said he would not rush to do the same. His shop assistant said he would not register at all: “They’re collecting personal data and you don’t know what they’ll do with it.” President Ferdinand…
Read More

InfoSec News Nuggets 12/30/2022

Toy maker Jakks Pacific reports cyberattack after multiple ransomware groups leak data Toy production giant Jakks Pacific reported a cyberattack to the U.S. Securities and Exchange Commission last week after two different ransomware gangs posted stolen information to their leak site. On December 22, the company released a notice confirming it had suffered a ransomware attack on December 8 that encrypted their servers. The firm – which is one of the biggest toy companies in the world…
Read More

InfoSec News Nuggets 12/29/2022

Code-generating AI can introduce security vulnerabilities, study finds A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. “Code-generating systems are currently not a replacement for human developers,” Neil Perry, a Ph.D. candidate at…
Read More

InfoSec News Nuggets 12/28/2022

Biometric devices sold on eBay reportedly contained sensitive US military data German researchers who purchased biometric capture devices on eBay found sensitive US military data stored on their memory cards, The New York Times has reported. That included fingerprints, iris scans, photographs, names and descriptions of the individuals, mostly from Iraq and Afghanistan. Many worked with the US army and could be targeted if the devices fell into the wrong hands, according to the report. A group…
Read More

InfoSec News Nuggets 12/27/2022

‘Tis the season for gaming: Keeping children safe (and parents sane) Despite gathering macro-economic headwinds, US consumers are set to increase their total retail spending by around 7% year-on-year this holiday season, and by 3.5% on electronics. But while several weeks of uninterrupted gaming might seem like the dream Christmas for many youngsters, there are also risks that parents need to be aware of. Whether your children are playing a console in the living room, or accessing…
Read More

InfoSec News Nuggets 12/23/2022

Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’ The email went out to students at Knox College, a small liberal arts school in Illinois, on the evening of Dec. 12. A hacker group known as Hive had broken into the college’s computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students. “We have compromised your collage networks,” the…
Read More

InfoSec News Nuggets 12/22/2022

Industrial Giant Thyssenkrupp Again Targeted by Cybercriminals German industrial engineering and steel production giant Thyssenkrupp has again confirmed being targeted by cybercriminals. The company told SecurityWeek that ‘organized crime’ is believed to be behind the attack. “Parts of the Materials Services and Corporate segment of Thyssenkrupp are currently affected. The possibility of the other segments and business units being affected can be ruled out at this time,” a spokesperson of Thyssenkrupp Materials Services said in an emailed statement.…
Read More

InfoSec News Nuggets 12/21/2022

Russian hackers attempted to breach petroleum refining company in NATO country, researchers say A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto’s Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like “military assistance,” according to the report, which provides…
Read More

InfoSec News Nuggets 12/20/2022

Fortnite video game maker to pay $520m over privacy and billing claims The video game company Epic Games will pay a total of $520m in penalties and refunds to settle complaints involving children’s privacy and methods that tricked players into making purchases, US federal regulators said on Monday. The Federal Trade Commission (FTC) said that it had secured the record-breaking settlements for two cases from Epic Games, which makes the popular game Fortnite. “Epic used privacy-invasive default settings…
Read More

InfoSec News Nuggets 12/19/2022

Social Blade Confirms Breach After Hacker Offers to Sell User Data Social media analytics service Social Blade has confirmed a security breach after a hacker offered to sell a database allegedly stolen from the company’s systems. Social Blade monitors tens of millions of social media accounts, including on YouTube, Twitter, Twitch, Instagram, Facebook, and TikTok. The company helps content creators boost their channel’s popularity. The Social Blade database was offered for sale on a hacker…
Read More

InfoSec News Nuggets 12/16/2022

NSA, CISA Warn Against Threats to 5G Network Slicing The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have unveiled new guidelines regarding the security risks associated with 5G network slicing and how to mitigate them. According to the document, a network slice is “an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs.” While multiple network slices run on a single physical network, the guidelines explain…
Read More

InfoSec News Nuggets 12/15/2022

Meta Sued For Billions Over Incitement To Violence In Ethiopia A little over a year ago, Professor Meareg Amare Abrha was shot outside his home and left to bleed to death. The chemistry professor, an ethnic Tigrayan, had been named in a series of Facebook posts alleging that he had stolen equipment from Ethiopia's Bahir Dar University, where he worked. Some of the posts gave the neighborhood where he lived and called for his death.…
Read More

InfoSec News Nuggets 12/14/2022

Facial Recognition Researcher Left a Trans Database Exposed for Years After Using Images Without Permission In 2013, researchers at the University of North Carolina, Wilmington (UNCW) published a facial recognition dataset consisting of more than 1 million images of trans people who had uploaded videos of their medical transition to YouTube. The researchers used the videos without the explicit permission of their owners,  and with the stated goal of training facial recognition systems to recognize…
Read More

InfoSec News Nuggets 12/13/2022

North Korean Hackers Impersonate Researchers to Steal Intel A prolific North Korean state hacking group has gone back to basics in a new attempt to understand Western thinking about the hermit nation, according to Microsoft. Instead of using spear-phishing emails and/or covert information-stealing malware, the hackers are using fairly simple impersonation tactics to get the information they want, the Microsoft Threat Intelligence Center (MSTIC) told Reuters. They’re doing this by sending emails to researchers and foreign…
Read More

InfoSec News Nuggets 12/12/2022

Samsung Galaxy S22 gets hacked in 55 seconds at Pwn2Own Toronto On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. Security researchers representing penetration test provider Pentest Limited pulled this off after demoing a zero-day bug part of a successful Improper Input Validation attack against Samsung's flagship device on Thursday. This earned them $25,000, 50%…
Read More

InfoSec News Nuggets 12/09/2022

Metropolitan Opera dealing with cyberattack that shut down website, box office The Metropolitan Opera confirmed that it is dealing with a crippling cyberattack that has shut down their website and box office. The New York-based opera house said on Wednesday evening that the cyberattack impacted their network systems, including their “website, box office, and call center.” While all performances will continue as scheduled, the organization is unable to process new ticket orders or provide exchanges…
Read More

InfoSec News Nuggets 12/08/2022

Maryland governor bans use of TikTok on state devices Maryland Governor Larry Hogan issued an emergency directive on Tuesday prohibiting the use of Chinese-owned short-video sharing app TikTok on state government devices and networks, the latest U.S. Republican to crack down on TikTok. South Dakota Governor Kristi Noem last week signed an executive order barring state employees and contractors from installing or using TikTok on state-owned devices and South Carolina Governor Henry McMaster on Monday…
Read More

InfoSec News Nuggets 12/07/2022

Pegasus spyware was used to hack reporters’ phones. I’m suing its creators Iwas warned in August 2020. A source told me to meet him at six o’clock at night in an empty parking lot in San Salvador. He had my number, but he contacted me through a mutual acquaintance instead; he didn’t want to leave a trace. When I arrived, he told me to leave my phone in the car. As we walked, he warned…
Read More

InfoSec News Nuggets 12/06/2022

Pediatric EMR Vendor Hack Affects 2.2 Million A hacking incident at a cloud-based electronic health records and practice management software vendor affects dozens of the company's pediatric practice clients and more than 2.2 million of their patients and other individuals. Pennsylvania-based Connexin Software Inc., which does business as Office Practicum, reported the hack to the U.S. Department of Health and Human Services on Nov. 11 and said it involved a network server. Connexin in its…
Read More

InfoSec News Nuggets 12/05/2022

NATO Launches Massive Cyber-Defense Exercise NATO this week kicked off its Cyber Coalition 22 exercise with a mission to enhance cyber resilience among its members. The military alliance brought together 1000 defenders from 26 member countries plus Finland and Sweden, Georgia, Ireland, Japan, Switzerland and the EU, as well as participants from industry and academia. The five-day exercise is designed to pose real-life challenges to participants such as cyber-attacks on power grids and NATO assets,…
Read More

InfoSec News Nuggets 12/02/2022

Medibank hackers announce ‘case closed’ and dump huge data file on dark web The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of the customer data they took from the health insurer, stating it is “case closed” for the hack. On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full.…
Read More

InfoSec News Nuggets 12/01/2022

[U: Fix coming] Months-old security vulnerability still hasn’t been patched on Pixel, Samsung Google’s Project Zero this week highlighted the “gap” in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability. The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices…
Read More

InfoSec News Nuggets 11/30/2022

Espionage group using USB devices to hack targets in Southeast Asia USB devices are being used to hack targets in Southeast Asia, according to a new report by cybersecurity firm Mandiant. The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device. Earlier this year the FBI warned that cybercriminals were…
Read More

InfoSec News Nuggets 11/29/2022

Gangs of cybercriminals are expanding across Africa, investigators say Police and investigators fear organised gangs of fraudsters are expanding across sub-Saharan Africa, exploiting new opportunities as a result of the Covid-19 pandemic and the global economic crisis to make huge sums with little risk of being caught. The growth will have a direct impact on the rest of the world, where many victims of “hugely lucrative” fraud live, senior police officials have said. Experts attribute…
Read More

InfoSec News Nuggets 11/28/2022

UK to criminalize deepfake porn sharing without consent Brace for yet another expansion to the UK’s Online Safety Bill: The Ministry of Justice has announced changes to the law which are aimed at protecting victims of revenge porn, pornographic deepfakes and other abuses related to the taking and sharing of intimate imagery without consent — in a crackdown on a type of abuse that disproportionately affects women and girls. The government says the latest amendment…
Read More

InfoSec News Nuggets 11/25/2022

U.S. govt seizes domains used in 'pig butchering' scams For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to "pig butchering" scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms. The list of domains seized includes simexcbr.com, simexlua.com, simexwim.com, simexarts.com, simexrue.com, simexvtn.com, and simexbiz.com, all of them spoofing the one used by the Singapore International Monetary Exchange (SIMEX). While originating from…
Read More

InfoSec News Nuggets 11/24/2022

France says non to Office 365 and Google Workspace in school The French minister of national education and youth has said that free versions of Microsoft Office 365 and Google Workspace should not be used in schools – a position that reflects ongoing European concerns about cloud data sovereignty, competition, and privacy rules. In August, Philippe Latombe, a member of the French National Assembly, advised [PDF] Pap Ndiaye, the minister of national education, that the…
Read More

InfoSec News Nuggets 11/23/2022

FCC Rule for Blocking Overseas Robocalls Receives Approval The Office of Management and Budget has signed off on a Federal Communications Commission rule requiring gateway providers to block calls on a “do-not-originate list,” part of the agency’s May report and order designed to block overseas robocalls from reaching U.S. phones, according to a Federal Register notice published on Nov. 18. The FCC’s rules—adopted on May 19—said, in part, that the new requirements extend “our protections…
Read More