InfoSec News Nuggets 6/14/2024

Cylance clarifies data breach details, except where the data came from BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn't endanger customers, yet it won't say where the information was stored originally. Saying very little about where the data came from, Cylance says it is related to company marketing between 2015 and 2018, before BlackBerry bought it, and it came from an undisclosed "third-party platform."…
Read More

InfoSec News Nuggets 6/12/2024

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI (GenAI) features – collectively dubbed Apple Intelligence, or AI for…
Read More

InfoSec News Nuggets 6/11/2024

New York Times source code stolen using exposed GitHub token Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data. "Basically all source code belonging…
Read More

InfoSec News Nuggets 6/10/2024

Nearly 400,000 affected by data breach at eye care management services company Nearly 400,000 people had sensitive healthcare information stolen by hackers during a 2023 cyberattack on a company that supports eye clinics. Colorado-based Panorama Eyecare told regulators in Maine and Massachusetts that 377,911 current and former patients and employees had data stolen — including names, Social Security numbers, dates of birth, license numbers, financial account information, dates of service and medical provider names.    Microsoft Will Switch Off Recall by Default…
Read More

InfoSec News Nuggets 6/7/2024

London hospitals declare emergency following ransomware attack A ransomware attack that crippled a London-based medical testing and diagnostics provider has led several major hospitals in the city to declare a critical incident emergency and cancel non-emergency surgeries and pathology appointments, it was widely reported Tuesday. The attack was detected Monday against Synnovis, a supplier of blood tests, swabs, bowel tests, and other hospital services in six London boroughs. The company said it has "affected all…
Read More

InfoSec News Nuggets 6/5/2024

EMEA overtakes North America as top DDoS target, says Akamai  For the first time in five years, the EMEA region (Europe, Middle East, and Africa) has surpassed North America as the most targeted area for Distributed Denial-of-Service (DDoS) attacks, according to new research from Akamai Technologies. The report, titled "Fighting the Heat: EMEA’s Rising DDoS Threats," underscores the severity of the situation, revealing that the UK is disproportionately affected, suffering over a quarter (26%) of…
Read More

InfoSec News Nuggets 6/3/2024

Cloud company Snowflake denies that reported breach originated with its products  The cloud storage provider Snowflake is denying that its products were to blame for an apparent data breach impacting the company’s clients, including Ticketmaster and Santander Bank. This week, hackers with the ShinyHunters group claimed to have stolen personal data belonging to 560 million Ticketmaster customers and 30 million Santander customers. On Friday, researchers at the firm Hudson Rock published an analysis of online interactions with hackers who claimed they…
Read More

InfoSec News Nuggets 5/31/2024

  Ukraine signs new security deals as it seeks long-term support from West  Since the start of this week, Ukraine has signed security agreements with Spain, Belgium and Portugal, adding to a list that includes a dozen other nations. The signees are pledging to provide financial, humanitarian, military and cyber support to Kyiv in its fight against Russia. All of the nations are NATO members, but the deals have been negotiated bilaterally.  The security deals are “very important to…
Read More

InfoSec News Nuggets 5/30/2024

How the DOJ is using a Civil War-era law to enforce corporate cybersecurity Amid an onslaught of high-profile cyberattacks showing how companies often neglect basic security measures, the Department of Justice is trying to use a law passed during the Civil War to put businesses on notice that these failures are unacceptable. Under the umbrella of DOJ’s Civil Cyber-Fraud Initiative, federal prosecutors have since early 2022 deployed the pointedly named False Claims Act to punish…
Read More

InfoSec News Nuggets 5/29/2024

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where the threat actor has stolen up to $100,000 a…
Read More

InfoSec News Nuggets 5/28/2024

Stark Industries Solutions: An Iron Hammer in the Cloud Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies…
Read More

InfoSec News Nuggets 5/24/2024

Dutch cybercops tracked a crypto theft to one of the world’s worst botnets After years of hacking servers to swindle millions of dollars, the notorious Ebury malware gang had slipped into the shadows by 2021. Suddenly, they reemerged with a bang. The new evidence surfaced during a police investigation in the Netherlands. A cryptocurrency theft had been reported to the Dutch National High Tech Crime Unit (NHTCU). On the victim’s server, the cybercops found a familiar foe: Ebury. The discovery…
Read More

InfoSec News Nuggets 5/23/2024

BLACKBASTA GROUP CLAIMS TO HAVE HACKED ATLAS, ONE OF THE LARGEST US OIL DISTRIBUTORS Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported. The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department…
Read More

InfoSec News Nuggets 5/22/2024

AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments In a “historic first,” 16 global AI companies have signed new commitments to safely develop AI models. The announcement was made during the virtual AI Seoul Summit, the second event on AI safety co-hosted on May 21-22 by the UK and South Korea. The Frontier AI Safety Commitments’ signatories include some of the biggest US tech giants, such as Amazon, Anthropic, Google, IBM, Microsoft…
Read More

InfoSec News Nuggets 5/16/2024

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says  Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question." "The brothers, who studied computer science and math…
Read More

InfoSec News Nuggets 5/15/2024

Cybercriminal puts INC Ransom source code up for sale  A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports. The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in…
Read More

InfoSec News Nuggets 5/14/2024

Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them  Apple and Google announced on Monday that iPhone and Android users will start seeing alerts when it’s possible that an unknown Bluetooth device is being used to track them. The two companies have developed an industry standard called “Detecting Unwanted Location Trackers.” Starting Monday, Apple is introducing the capability in iOS 17.5 and Google is launching it on Android 6.0+…
Read More

InfoSec News Nuggets 5/13/2024

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials  Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The distribution vector for the campaign is currently unclear. However,…
Read More

InfoSec News Nuggets 5/10/2024

Ascension warns of suspected cyberattack; clinical operations disrupted Hospital operator Ascension reported disruptions to its clinical operations on Wednesday due to a suspected cybersecurity incident and advised business partners to temporarily disconnect from its systems. Earlier this year, UnitedHealth (UNH.N), opens new tab, the largest U.S. health insurer, had reported a cyberattack at its technology unit - one of the worst hacks to hit American healthcare - that caused widespread disruptions in payments to doctors and health facilities.…
Read More

InfoSec News Nuggets 5/9/2024

How to escape Honda’s privacy hell There are lots of reasons to want to shut off your car’s data collection. The Mozilla Foundation has called modern cars “surveillance machines on wheels” and ranked them worse than any other product category last year, with all 25 car brands they reviewed failing to offer adequate privacy protections. With sensors, microphones, and cameras, cars collect way more data than needed to operate the vehicle. They also share and sell that information to third parties,…
Read More

InfoSec News Nuggets 5/8/2024

This Mac Malware Can Take Screenshots of Your Computer Apple used to tout the fact that Macs didn't get viruses, and while Apple definitely has good anti-malware software, their machines are far from impervious to infection. And with Macs more popular than ever, there exists even more potential malware out there, ready to steal your data and ruin your day. The latest can even take screenshots of what's on your Mac's monitor without your knowledge. Researchers…
Read More

InfoSec News Nuggets 5/7/2024

RSA Conference 2024: What to expect Artificial intelligence will dominate this week’s RSA Conference 2024 with nearly a dozen keynotes and even more technical sessions dedicated to how the technology is reshaping the industry and fueling innovation. Keynote headliners, such as Secretary of State Antony J. Blinken, are expected to broaden the discussion to include the U.S. government’s efforts to infuse cybersecurity innovation into emerging technologies such as AI, quantum computing and biotechnology. This year’s…
Read More

InfoSec News Nuggets 5/6/2024

NSA warns of North Korean hackers exploiting weak DMARC email policies The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East…
Read More

InfoSec News Nuggets 5/3/2024

Panda Restaurants discloses data breach after corporate systems hack  Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of associates. Panda Express is the largest Chinese fast food chain in the United States, with over $3 billion in sales and 47,000 associates working in 2,300 branches. The company discovered a…
Read More

InfoSec News Nuggets 5/2/2024

A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts We all know the "your package has been delayed" texts are bogus, right? Apparently not, according to Akamai, which finds that traffic to US Postal Service phishing sites get more traffic some weeks than the actual USPS website. "The USPS is under attack from text scams, especially during holiday seasons of Christmas and Thanksgiving because of the nature of gift buying in these…
Read More

InfoSec News Nuggets 5/1/2024

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security company HiddenLayer said in a report shared with…
Read More

InfoSec News Nuggets 4/30/2024

Encrypted email service files DMA complaint claiming it vanished from Google Search Tutao, known for the encrypted email service Tuta Mail, has filed a Digital Markets Act (DMA) complaint to the EU over an alleged de-ranking in Google Search. Google Search rankings are all too familiar to search engine optimization (SEO) specialists charged with ensuring web pages rise to the top of search results. In the case of Tutao's products – Tuta Mail and Tuta…
Read More

InfoSec News Nuggets 4/29/2024

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said in an analysis, which was presented at the…
Read More

InfoSec News Nuggets 4/26/2024

FCC votes to restore Obama-era network neutrality rules The Federal Communications Commission (FCC) on Thursday voted to restore Obama-era network neutrality rules that reclassify Internet service providers like Comcast and Charter under Title II of the Communications Act. The vote was along party lines, with three commissioners voting in favor of the restoration of network neutrality rules and two commissioners dissenting. Supporters of the measure, including some within the FCC, said a restoration of network…
Read More

InfoSec News Nuggets 4/25/2024

Feds charge Iranian nationals for cyberattacks against US government The US government has charged and sanctioned four Iranian nationals over claims they carried out a yearslong hacking campaign against US government agencies and companies. It also accuses the group of waging these attacks on behalf of the Iranian government. An indictment unsealed on Tuesday alleges that from around 2016 through at least April 2021, the four individuals waged cyberattacks against “more than a dozen” US-based companies, along with the US departments…
Read More

InfoSec News Nuggets 4/24/2024

Mandiant: Orgs are detecting cybercriminals faster than ever The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today. The cyber shop says the downward trend continues from last year's 16 days and should be seen as "a big victory for the good guys," but a deeper look into the underlying data shows there are still some obvious issues at play. For one, the…
Read More

InfoSec News Nuggets 4/23/2024

Three suspected Chinese spies arrested in Germany — caught stealing sensitive tech secrets Three people suspected of stealing "innovative technologies for military use" for China have been arrested in Germany. Prosecutors say the individuals, referred to as Thomas R, Herwig F, and Ina F, acted for Chinese intelligence from around June 2022 onwards via a company in Dusseldorf. One of the individuals, Thomas R, was allegedly an agent for an employee of China's Ministry of…
Read More

InfoSec News Nuggets 4/22/2024

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals. The Register was contacted by a member of the GhostR group on Thursday, claiming responsibility for the theft. The authenticity of the claims was later verified by a spokesperson for the London Stock Exchange Group (LSEG), which maintains the database. A spokesperson said…
Read More

InfoSec News Nuggets 4/19/2024

Law enforcement infiltrates fraud platform used by thousands of criminals worldwide A website used by more than 2,000 criminals to defraud victims worldwide has been infiltrated in the Met’s latest joint operation to tackle large-scale online fraud. ‘LabHost’ is a service which was set up in 2021 by a criminal cyber network. It enabled the creation of “phishing” websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.…
Read More

InfoSec News Nuggets 4/18/2024

MGM says FTC can't possibly probe its ransomware downfall MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently. The biz on Monday sued [PDF] the US regulator and its chair, noting the computer network intrusion in September 2023 "cost MGM dearly." That legal complaint, filed in…
Read More

InfoSec News Nuggets 4/17/2024

Giant Tiger breach sees 2.8 million records leaked Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of that forum. In March, one of Giant Tiger‘s vendors, a company used to manage customer communications…
Read More

InfoSec News Nuggets 4/16/2024

Cisco Duo warns third-party data breach exposed SMS MFA logs Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. Cisco Duo is a multi-factor authentication and Single Sign-On service used by corporations to provide secure access to internal networks and corporate applications. Duo's homepage reports that it serves 100,000 customers and handles over a billion authentications monthly, with over 10,000,000 downloads on…
Read More

InfoSec News Nuggets 4/15/2024

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. "Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," warns the Palo Alto security bulletin. The flaw, which has been discovered by Volexity and is tracked as CVE-2024-3400, is a command injection vulnerability…
Read More

InfoSec News Nuggets 4/12/2024

Zambia Busts 77 People in China-Backed Cybercrime Operation Law enforcement in Zambia this week raided a Chinese company that hired unsuspecting young Zambian citizens purportedly for positions at a call center that instead was a front for cybercrime and money laundering. The so-called Golden Top Support services company directed the employees "with engaging in deceptive conversations with unsuspecting mobile users across various platforms such as WhatsApp, Telegram, chatrooms and others, using scripted dialogues," Nason Banda,…
Read More

InfoSec News Nuggets 4/11/2024

Prudential Insurance says data of 36,000 exposed during February cyberattack Prudential Insurance — one of the largest insurers in the United States — said hackers stole the sensitive information of more than 36,000 during a February incident. In a filing on Friday with regulators in Maine, the company said it detected unauthorized access on February 5, prompting an investigation. “Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024…
Read More

InfoSec News Nuggets 4/10/2024

Over 90,000 LG Smart TVs may be exposed to remote attacks Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection.  Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The…
Read More

InfoSec News Nuggets 4/9/2024

FCC to vote on net neutrality rules on April 25 The Federal Communications Commission is preparing to vote to restore net neutrality at the commission’s open meeting later this month. If adopted by the commission, restoring net neutrality would bring back a national standard for broadband reliability, security and consumer protection as well as reclassify the internet as a telecommunications service under Title II of the Communications Act of 1934. Net neutrality rules were first put in…
Read More

InfoSec News Nuggets 4/8/2024

Magecart-style hackers charged by Russia in theft of 160,000 credit cards  Russia has taken the rare step of publicly charging six people suspected of stealing the details of 160,000 credit cards as well as payment information from foreign online stores. According to the statement published by Russia's Prosecutor General's Office earlier this week, the suspects used malware to bypass the websites' security measures and gain access to their databases. Then, using malicious code, they copied the necessary account…
Read More

InfoSec News Nuggets 4/4/2024

Missouri county declares state of emergency amid suspected ransomware attack  Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been…
Read More

InfoSec News Nuggets 4/2/2024

India rescues 250 citizens enslaved by Cambodian cybercrime gang  The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. The government explains that these people were tricked into believing that lucrative job opportunities were waiting for them in the Southeast Asian nation, yet they were forced into becoming cybercriminals once they arrived there. After several nationals informed India's Embassy in Cambodia of their…
Read More

InfoSec News Nuggets 4/1/2024

Amazon reverses course, revokes police access to Ring footage via Neighbors app  Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly…
Read More

InfoSec News Nuggets 3/29/2024

Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 While 2023 was a difficult year for cybersecurity teams, 2024 is likely to be worse. In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. By Flashpoint’s numbers, there were 6,077 recorded data breaches in 2023, with attackers accessing more than 17 billion personal records (up 34.5% on 2022’s figures). In the…
Read More

InfoSec News Nuggets 3/28/2024

Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov The US Justice Department on Monday unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering an economic espionage and foreign intelligence gathering by the Chinese government. All seven defendants, federal prosecutors alleged, were associated with Wuhan Xiaoruizhi Science & Technology Co., Ltd. a front company created by the Hubei State Security…
Read More

InfoSec News Nuggets 3/27/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More

InfoSec News Nuggets 3/26/2024

Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. The suspension was initially scheduled for March 20, 2024, but it was moved to the end of the month to give impacted entities more time to set up alternative solutions. The news…
Read More