InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement…
Read More

InfoSec News Nuggets 2/29/2024

Registrars can now block all domains that resemble brand names Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. GlobalBlock, a solution already in use by leading registrars like GoDaddy Corporate Domains, 101domain, and MarkMonitor lets businesses pay a subscription fee to reserve a part of the domain space, as a means to protect their trademark. But, is there more to…
Read More

InfoSec News Nuggets 2/28/2024

Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring “high-risk” vulnerabilities, according to a new study from Synopsys. The chip design tool company’s ninth annual Open Source Security and Risk Analysis (OSSRA) report analyzed anonymized findings from over 1000 commercial codebase audits in 17 industries. It found that the share featuring high-risk open source bugs – that is, ones that have been actively exploited, have documented proof-of-concept exploits or are…
Read More

InfoSec News Nuggets 2/27/2024

Lockbit cybercrime gang says it is back online following global police bust Lockbit, the cybercrime gang that was knocked offline by a comprehensive international police operation earlier this month, says it has restored its servers and is back in business. The group, notorious on the internet's criminal underground for using malicious software called ransomware to digitally extort its victims, was the target of an unprecedented international law enforcement operation last week which saw its members arrested and indicted. Lockbit's…
Read More

InfoSec News Nuggets 2/26/2024

U-Haul says hacker accessed customer records using stolen creds U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and…
Read More

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last…
Read More

InfoSec News Nuggets 2/22/2024

Reward Offers for Information on LockBit Leaders and Designating Affiliates The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group. Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and…
Read More

InfoSec News Nuggets 2/21/2024

Reddit sells training data to unnamed AI company ahead of IPO On Friday, Bloomberg reported that Reddit has signed a contract allowing an unnamed AI company to train its models on the site's content, according to people familiar with the matter. The move comes as the social media platform nears the introduction of its initial public offering (IPO), which could happen as soon as next month. Reddit initially revealed the deal, which is reported to be worth…
Read More

InfoSec News Nuggets 2/20/2024

Using AI in a cyberattack? DOJ’s Monaco says criminals will face stiffer sentences The Justice Department’s No. 2 official directed federal prosecutors to impose stiffer penalties on cybercriminals who use AI in their crimes. “We have to put AI at the top of [our] enforcement priorities list,” Lisa Monaco told an audience Friday at the Munich Cyber Security Conference. “We’re looking quite hard at how AI can enhance quite literally the danger associated with crimes.…
Read More

InfoSec News Nuggets 2/16/2024

  European Court of Human Rights declares backdoored encryption is illegal The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "the contested legislation providing for the retention of all internet communications of all users, the security services’ direct…
Read More

InfoSec News Nuggets 2/15/2024

Romanian hospital ransomware crisis attributed to third-party breach The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All…
Read More

InfoSec News Nuggets 2/14/2024

Meta says risk of account theft after phone number recycling isn't its problem to solve Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out. The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period –…
Read More

InfoSec News Nuggets 2/13/2024

Europe's largest caravan club admits wide array of personal data potentially accessed  The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen. According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the…
Read More

InfoSec News Nuggets 2/12/2024

Google unmasks 5 spyware firms from Italy, Greece and Spain that infect phones all over the world  Wow, that Mediterranean climate sure is something! Five companies from Southern Europe have been called out by Google and accused of producing spyware software that infects and affects phones all over the world. The search engine giant said these five companies from Italy, Greece and Spain were “enabling the use of dangerous hacking tools”, and urged the United…
Read More

InfoSec News Nuggets 2/9/2024

Half of polled infosec pros say their degree was less than useful for real-world work Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot. The Moscow-headquartered multinational revealed those figures today in the first part of a multi-stage…
Read More

InfoSec News Nuggets 2/8/2024

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities  oogle today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe programming language across Android and other Google products, due to its benefits for addressing memory safety vulnerabilities. “Based on historical vulnerability density statistics, Rust…
Read More

InfoSec News Nuggets 2/7/2024

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data  Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files…
Read More

InfoSec News Nuggets 2/6/2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan  The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken…
Read More

InfoSec News Nuggets 2/5/2024

FBI removes malware from hundreds of routers across the US The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an…
Read More

InfoSec News Nuggets 2/2/2024

FBI disrupts Chinese botnet used for targeting US critical infrastructure  The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things,…
Read More

InfoSec News Nuggets 2/1/2024

Two More Individuals Charged for DraftKings Hacking  Two more individuals have been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website. The individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches, and attempted to sell access to the accounts. A third…
Read More

InfoSec News Nuggets 1/31/2024

Microsoft stole my Chrome tabs, and it wants yours, too  Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d…
Read More

InfoSec News Nuggets 1/30/2024

DHS employees jailed for stealing data of 200K U.S. govt workers  Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced…
Read More

InfoSec News Nuggets 1/29/2024

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist  The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans. Passport scans are routinely collected to verify identities during the course of the hiring process,…
Read More

InfoSec News Nuggets 1/26/2024

Meta announces steps to protect teens from unwanted contact on Instagram and Facebook  On Thursday (Jan. 25), Meta detailed a few new ways parents can better safeguard their teens on Instagram and Facebook. Adam Mosseri, Head of Instagram, shared a quick video on the platform explaining that a new set of "stricter messaging" settings are arriving. These settings for children under 16 and under 18 in other regions will help parents ensure they don't receive…
Read More

InfoSec News Nuggets 1/25/2024

News media, foreign affairs experts are targets of North Korean group’s latest campaign  North Korean state hackers are targeting media organizations and high-profile academics in a new espionage campaign, according to a new report released this week. The goal of these attacks, attributed by researchers at SentinelLabs to a hacker group known as ScarCruft or APT37, is to “gather strategic intelligence” that can “contribute to North Korea’s decision-making processes.” ScarCruft is a suspected North Korean state-sponsored group with a history of attacks…
Read More

InfoSec News Nuggets 1/24/2024

Jason’s Deli says customer data exposed in credential stuffing attack  Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. Jason's Deli is an American restaurant chain with 246 branches in 29 states, employing over 6,000 people and having an annual revenue of over $400 million. In a data breach notification sent to customers, Jason's Deli says hackers obtained…
Read More

InfoSec News Nuggets 1/23/2024

Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim  Five people have been accused of pulling off a "brazen" scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more. Mark Angarola, Allison Angarola, Jose Garcia, Michelle Cox, and Lisa Mincak were all arrested and charged in the US with one count each of wire fraud…
Read More

InfoSec News Nuggets 1/22/2024

Vans, Supreme owner VF Corp says hackers stole 35 million customers’ personal data  VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack. The Denver, Colorado-based company reported the data breach to regulators in a filing on Thursday. The filing did not say specifically what kinds of personal data was taken, or if the…
Read More

InfoSec News Nuggets 1/19/2024

New UEFI vulnerabilities send firmware devs industry wide scrambling  UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level. The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network—say a…
Read More

InfoSec News Nuggets 1/18/2024

OpenAI must defend ChatGPT fabrications after failing to defeat libel suit  OpenAI may finally have to answer for ChatGPT's "hallucinations" in court after a Georgia judge recently ruled against the tech company's motion to dismiss a radio host's defamation suit. OpenAI had argued that ChatGPT's output cannot be considered libel, partly because the chatbot output cannot be considered a "publication," which is a key element of a defamation claim. In its motion to dismiss, OpenAI also…
Read More

InfoSec News Nuggets 1/17/2024

Cloud Vendor Returns Stolen Hospital Data  A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group - North Star Health Alliance - had filed a lawsuit against LockBit in November as a legal maneuver to force the storage firm to return the patient data the cybercriminals had exfiltrated from the hospitals and stashed on the Massachusetts vendor's servers.   …
Read More

InfoSec News Nuggets 1/16/2024

Juniper warns of critical RCE bug in its firewalls and switches Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this critical security flaw can also be exploited by unauthenticated threat actors to get root privileges or launch denial-of-service (DoS) attacks against unpatched devices. "This issue is caused…
Read More

InfoSec News Nuggets 1/12/2024

Framework discloses data breach after accountant gets phished  Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding…
Read More

InfoSec News Nuggets 1/11/2024

Here’s Some Bitcoin: Oh, and You’ve Been Served!  A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide…
Read More

InfoSec News Nuggets 1/10/2024

Fidelity National Financial says hackers stole data on 1.3 million customers  Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data.” The company said…
Read More

InfoSec News Nuggets 1/9/2024

Supreme Court rejects decade-old Twitter First Amendment case  The Supreme Court has declined a long-running legal challenge from X Corp., formerly Twitter, over whether it can publicly reveal US government demands for user data. X Corp. v. Garland was on a list of denied petitions released this morning. That leaves X with a March 2023 ruling that the First Amendment doesn’t protect Twitter from limits on reporting national security demands — a ruling civil liberties…
Read More

InfoSec News Nuggets 1/8/2024

AI chatbots trained to jailbreak other chatbots, as the AI war slowly but surely begins  While AI ethics continues to be the hot-button issue of the moment, and companies and world governments continue to wrangle with the moral implications of a technology that we often struggle to define let alone control, here comes some slightly disheartening news: AI chatbots are already being trained to jailbreak other chatbots, and they seem remarkably good at it.   …
Read More

InfoSec News Nuggets 1/5/2024

How to protect your child on their new phone  While your child might want to use their brand-new phone to get online immediately, but as a parent, you need to make sure that they're protected against cyber threats. To make sure that your child’s personal details do not fall into the wrong hands and their device isn't ravaged by viruses and malware, you can install protect software like a VPN, an antivirus, and/or a password manager…
Read More

InfoSec News Nuggets 1/4/2024

Hacked Mandiant X Account Abused for Cryptocurrency Theft  Mandiant’s account on the social media platform X, formerly Twitter, was hacked on Wednesday and abused to lure users to a website designed to steal cryptocurrency from victims. The account of Mandiant, which is part of Google Cloud, was renamed to ‘Phantom’ and its profile image and description were updated to appear affiliated with the legitimate Phantom cryptocurrency wallet. Messages posted on the hijacked account promoted a website…
Read More

InfoSec News Nuggets 1/3/2024

Teen Found Alive After “Cyber-Kidnapping” Incident  A Chinese foreign exchange student has been found alive and well by Utah police after being caught up in what authorities are claiming to be a “cyber-kidnapping” case. Kai Zhuang, 17, was reported on December 28 by his parents in China as having been kidnapped, according to ABC4 Utah. They had apparently received a ransom photo of Zhuang and subsequently sent the extortionists $80,000. Police later found him “alive but very…
Read More

InfoSec News Nuggets 1/2/2024

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality   CloudSEK’s threat research team has reported a critical exploit affecting Google services, allowing threat actors to generate Google cookies continuously while ensuring continuous access to Google services even after a user performs a password reset. In a technical report, CloudSEK shared details of the exploit. On October 20, 2023, CloudSEK’s AI digital risk platform XVigil discovered that on the Telegram channel, a developer/threat actor PRISMA had released a 0-day solution to address issues with incoming…
Read More

InfoSec News Nuggets 12/29/2023

iPhone Triangulation attack abused undocumented hardware feature  The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering the complex attack chain over the past year, trying to unearth all details that underpin the campaign they originally discovered in June 2023. The discovery and use of obscure hardware features likely reserved for debugging and factory testing to…
Read More

InfoSec News Nuggets 12/27/2023

RingGo, ParkMobile Owner EasyPark Suffers Data Breach, User Data Stolen  A data breach has compromised the information of thousands of EasyPark Group customers in Europe. EasyPark Group, Europe’s largest parking app operator, which includes RingGo and ParkMobile, discovered the breach on December 10th, 2023, and promptly informed the affected customers. The company reported the cyber attack to regulatory authorities, including the EU’s privacy regulator, Sweden’s Information Commissioner’s Office, the UK’s Information Commissioner’s Office, and the Swiss data regulator.    CBS, Paramount owner National Amusements…
Read More

InfoSec News Nuggets 12/26/2023

Mint Mobile discloses new data breach exposing customer data  Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator (MVNO) owned by T-Mobile, offering budget, pre-paid mobile plans. The company began notifying customers on December 22nd via emails titled "Important information regarding your account," stating that they suffered a security incident and a…
Read More

InfoSec News Nuggets 12/22/2023

Four in five Apache Struts 2 downloads are for versions featuring critical flaw  Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 in terms of CVSS severity. It is a logic bug in the framework's file upload feature: if an application uses Struts 2 to allow users…
Read More

InfoSec News Nuggets 12/21/2023

UK Supreme Court rules AI is not an inventor  The UK Supreme Court ruled that AI cannot get patents, declaring it cannot be named as an inventor of new products because the law considers only humans or companies to be creators. The court unanimously denied a petition from Stephen Thaler, founder of the AI system DABUS, to name his AI as an inventor. The UK’s decision aligns with a similar decision made against Thaler in the…
Read More

InfoSec News Nuggets 12/20/2023

Major apparel supplier behind North Face and Vans hit by cyberattack, disrupting its holiday fulfillments  VF Corporation reported in a Securities and Exchange Commission filing on Monday that it had been hit by a cyberattack. The company owns a slew of apparel brands, including Vans, North Face, Timberland, Dickies and more — and it warns the disruption could affect your holiday shopping. VF first noticed "unauthorized occurrences" on its IT systems on December 13, it said…
Read More

InfoSec News Nuggets 12/19/2023

Xfinity discloses data breach affecting over 35 million people  Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19. …
Read More

InfoSec News Nuggets 12/18/2023

3CX warns customers to disable SQL database integrations  VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information regarding the issue, it advises customers to take preventive measures by disabling their MongoDB, MsSQL, MySQL, and PostgreSQL database integrations. "If you're using an SQL Database integration it's subject potentially to a vulnerability - depending upon…
Read More