InfoSec News Nuggets 9/10/2024

New RAMBO attack steals data using RAM in air-gapped computers A novel side-channel attack dubbed  "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. Air-gapped systems, typically used in mission-critical environments with exceptionally high-security requirements, such as governments, weapon systems, and nuclear power stations, are isolated from the public internet and other networks to prevent malware infections and data theft. Although these systems are…
Read More

InfoSec News Nuggets 9/9/2024

Colombia's Petro calls for investigation into Pegasus software purchase Colombia's President Gustavo Petro on Wednesday asked the attorney general's office to investigate the $11 million purchase of Pegasus spy software, which he said could have been used to spy on opposition politicians during the previous administration. Spyware technology, including Pegasus, has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.  …
Read More

InfoSec News Nuggets 9/6/2024

White House Outlines Plan for Addressing BGP Vulnerabilities The White House on Tuesday outlined a plan for addressing internet routing security issues, particularly vulnerabilities associated with the Border Gateway Protocol (BGP).  BGP is the protocol used for exchanging routing information between autonomous systems (AS) on the internet. However, this critical component of the web was not created with security in mind and several potentially important vulnerabilities have come to light in the past years. They can enable…
Read More

InfoSec News Nuggets 9/5/2024

Clearview faces a €30.5 million for violating the GDPR Clearview AI is back in hot — and expensive — water, with the Dutch Data Protection Authority (DPA) fining the company €30.5 million ($33.6 million) for violating the General Data Protection Regulation (GDPR). The release explains that Clearview created "an illegal database with billions of photos of faces," including Dutch individuals, and has failed to properly inform people that it's using their data. In early 2023, Clearview's CEO…
Read More

InfoSec News Nuggets 9/4/2024

The MadRadar Hack Can Cause Autonomous Cars to Malfunction and Hallucinate Self-driving cars come closer to being a reality every day. Many vehicles already have autonomous features, but several challenges remain. Cybersecurity shortcomings are among the most concerning, and a recent experiment dubbed “MadRadar” heightens these worries. Researchers at Duke University demonstrated MadRadar in January 2024 before detailing it at the Network and Distributed System Security Symposium in February. The attack targets driverless vehicles’ radar, making them detect incoming…
Read More

InfoSec News Nuggets 9/3/2024

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights. Ian Carroll and Sam Curry worked on the findings together after the Known Crewmember (KCM) queue caught their attention at an airport during their routine travel. The lane can sometimes be seen at airports and it…
Read More

InfoSec News Nuggets 8/30/2024

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today. Le Grand Palais and dozens of other national museums and institutions overseen by Réunion des Musées Nationaux – Grand Palais (RMN-GP) were targeted by cybercriminals over…
Read More

InfoSec News Nuggets 8/29/2024

Dick's Sporting Goods discloses cyberattack Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week. In an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, "including portions of its systems containing certain confidential information." However, the filing doesn't state exactly what information was targeted by the attackers. "The company has no knowledge…
Read More

InfoSec News Nuggets 8/28/2024

Google tags a tenth Chrome zero-day as exploited this year Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is described as an inappropriate implementation in Google Chrome's V8 JavaScript engine that can let remote attackers exploit heap corruption via a crafted HTML page. This was announced in an update to…
Read More

InfoSec News Nuggets 8/27/2024

'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More Apple's Macs are less targeted by malware than Windows PCs, but that doesn't mean they are immune. Increasingly, insidious types of Mac malware are being developed that have researchers concerned enough to issue public warnings, and that's the case again today. As reported by Hacker News, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer." First spotted…
Read More

InfoSec News Nuggets 8/26/2024

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware More than two years after the critical Log4j zero-day sparked chaos around the world, organizations are still being hit by exploits pushing crypto-currency miners and malicious backdoor scripts. According to researchers at Datadog Security Labs, opportunistic cybercriminals are still finding targets for ‘Log4Shell’ exploits that evade detection and plant malware scripts on unpatched corporate systems. The Datadog discovery highlights the long tail of risk from critical…
Read More

InfoSec News Nuggets 8/23/2024

FCC Slaps Telecom Firm With $1M Fine for Spreading Fake Biden Robocall The Federal Communications Commission has fined Lingo Telecom $1 million for transmitting robocalls impersonating President Joe Biden earlier this year, where an AI replica of Biden's voice was used to trick and persuade voters in the New Hampshire primary election not to go to the polls. Lingo Telecom mislabeled and distributed the robocalls, which were commissioned by a former political consultant who now faces a $6 million…
Read More

InfoSec News Nuggets 8/22/2024

Post-Quantum Cryptography set to revolutionise digital security Post-Quantum Cryptography (PQC) is poised to redefine the very foundation of digital security by addressing threats posed by advancements in quantum computing. Recently, the National Institute of Standards and Technology (NIST) finalised a principal set of encryption algorithms designed to withstand cyberattacks from quantum computers. This significant step prompts organisations to reconsider their approaches to cybersecurity. According to the Australian Signals Directorate (ASD), which monitors NIST developments to…
Read More

InfoSec News Nuggets 8/21/2024

Prominent Jewish rabbi targeted by Iranian phishers masquerading as podcasters Iranian threat actor TA453, known for going to great lengths in its spear-phishing campaigns, recently attempted to target a well-known religious figure in Israel. They set up a trap by inviting the rabbi to join a podcast about “Jewish life in the Muslim world.” Proofpoint researchers have identified a new campaign by the threat actor, tracked by different names, such as TA453, APT42, Charming Kitten,…
Read More

InfoSec News Nuggets 8/20/2024

The US wants to use facial recognition to identify migrant children as they age  The US Department of Homeland Security (DHS) is looking into ways it might use facial recognition technology to track the identities of migrant children, “down to the infant,” as they age, according to John Boyd, assistant director of the department’s Office of Biometric Identity Management (OBIM), where a key part of his role is to research and develop future biometric identity…
Read More

InfoSec News Nuggets 8/19/2024

ISP to Supreme Court: We shouldn’t have to disconnect users accused of piracy A large Internet service provider wants the Supreme Court to rule that ISPs shouldn't have to disconnect broadband users who have been accused of piracy. Cable firm Cox Communications, which is trying to overturn a ruling in a copyright infringement lawsuit brought by Sony, petitioned the Supreme Court to take up the case yesterday. Cox said in a press release that a…
Read More

InfoSec News Nuggets 8/16/2024

Ex-Google CEO says successful AI startups can steal IP and hire lawyers to ‘clean up the mess’  Former Google CEO and chairman Eric Schmidt has made headlines for saying that Google was blindsided by the early the rise of ChatGPT because its employees decided that “working from home was more important than winning.” The comment was made in front of Stanford students during a recent interview, video of which was removed from the university’s YouTube channel after Schmidt’s…
Read More

InfoSec News Nuggets 8/15/2024

US appeals court rules geofence warrants are unconstitutional  A federal appeals court has ruled that geofence warrants are unconstitutional, a decision that will limit the use of the controversial search warrants across several U.S. states. The Friday ruling from the U.S. Court of Appeals for the Fifth Circuit, which covers Louisiana, Mississippi and Texas, found that geofence warrants are “categorically prohibited by the Fourth Amendment,” which protects against unwarranted searches and seizures. Civil liberties and privacy advocates applauded the ruling, which…
Read More

InfoSec News Nuggets 8/14/2024

Justice Department Disrupts North Korean ‘Laptop Farm’ Operation  Law enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies. According to court documents, 38-year-old Matthew Isaac Knoot operated a scheme that assisted North Koreans posing as U.S.-based IT professionals by using the stolen identity of an American citizen.    NIST Formalizes World's First Post-Quantum Cryptography Standards  The world’s first post-quantum…
Read More

InfoSec News Nuggets 8/12/2024

It’s not worth paying to be removed from people-finder sites, study says  If you've searched your name online in the last few years, you know what's out there, and it's bad. Alternately, you've seen the lowest-common-denominator ads begging you to search out people from your past to see what crimes are on their record. People-search sites are a gross loophole in the public records system, and it doesn't feel like there's much you can do…
Read More

InfoSec News Nuggets 8/9/2024

Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data. Dan Mazzella, security research engineer and malware researcher at Cisco Talos successfully exploited his own vehicle‘s head unit to demonstrate that the attack is possible. “I was able to very easily just dump process memory and access exact GPS coordinates for…
Read More

InfoSec News Nuggets 8/8/2024

This Attack Pushes Windows Update to the Dark Side If a powerful program reached into your Windows operating system and made fundamental changes to its functionality, including changes to security, you might consider it a dangerous attack on system integrity. But when that powerful program is Windows Update, well, it’s just fine. Every month, sometimes more often, Windows Update does its thing. Alon Leviev, Security Researcher at SafeBreach, scrutinized the process for ways malware coders might misuse…
Read More

InfoSec News Nuggets 8/7/2024

NFL to begin using face scanning tech across all of its stadiums The National Football League and all 32 of its teams will use tech from facial recognition software vendor Wicket to verify the identity of thousands of staff, media and fans as part of its credentialing program. Wicket chief operating officer Jeff Boehm touted the "big news" in a LinkedIn post: "After a pilot last season, all 32 teams (starting with the New England…
Read More

InfoSec News Nuggets 8/6/2024

Apache OFBiz Users Warned of New and Exploited Vulnerabilities Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole. The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such…
Read More

InfoSec News Nuggets 8/5/2024

UK crimebusters shut down global call-spoofing outfit that claimed 170K-plus victims The UK's National Crime Agency (NCA) has shut down an outfit called Russian Coms – a call-spoofing service believed to have swindled hundreds of thousands of victims. The agency also arrested at least four suspects thought to be involved in the fraudulent operation, which spanned more than 100 countries. Despite the moniker, all four of the arrested men are Brits. In March, the NCA…
Read More

InfoSec News Nuggets 8/2/2024

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant. "This historic settlement demonstrates our commitment to standing up to the world's biggest…
Read More

InfoSec News Nuggets 7/31/2024

Hacker USDoD: “I don't pick sides. I play both sides and always win” – interview Every black hat hacker has an origin story. Just as the hands of circumstances, seemingly woven by fate, shape anomalous incidents in history caused by powerful figures, a hacker is born in a similar vein. Meanwhile, influence is the shaping force that makes the hacktivist. This is an interview with the new leader of Black Forums, known by his alias…
Read More

InfoSec News Nuggets 7/30/2024

Passwords disappear for millions of Windows users thanks to Google To put it bluntly, it's not been a great month for tech giants. Earlier this month, the CrowdStrike bug brought many businesses to a complete standstill and left millions facing the Blue Screen of Death, causing disruption many are still recovering from following postponed flights and surgeries, to name just a few inconveniences. Well, not to be left out, Google had to cause its own…
Read More

InfoSec News Nuggets 7/29/2024

Paris Olympics app a ‘prime target for cybercriminals’ Analysts predict that there could be as many as four billion cyber attacks at this year’s Games. The official Paris Olympics 2024 app is particularly vulnerable. “This app handles vast amounts of personal and transactional data, making it a prime target for cybercriminals,” said Sakthi Mohan, cloud security lead at California-based Synopsys Software Integrity Group. The Paris Olympics app has already been downloaded over 10 million times on Google Play. It allows…
Read More

InfoSec News Nuggets 7/26/2024

Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest. Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information…
Read More

InfoSec News Nuggets 7/25/2024

UNVEILING THE SCAM: HOW FRAUDSTERS ABUSE LEGITIMATE BLOCKCHAIN PROTOCOLS TO STEAL YOUR CRYPTOCURRENCY WALLET Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens on Ethereum and other popular blockchains, locking over $1.8 trillion in trading volume and 350 million swaps. As…
Read More

InfoSec News Nuggets 7/24/2024

Fake CrowdStrike repair manual pushes new infostealer malware CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows…
Read More

InfoSec News Nuggets 7/23/2024

CrowdStrike aftermath: Microsoft claims it cannot legally implement the same protections as Apple The CrowdStrike aftermath is seeing IT teams around the world struggle to restore the 8.5 million Windows PCs taken out by the bug. The mess included thousands of flights cancelled, health centers unable to make appointments, retailer payment terminals down, and even some 911 services unavailable. Macs weren’t affected thanks to protections put in place by Apple, but Microsoft has reportedly claimed that antitrust law means it’s unable…
Read More

InfoSec News Nuggets 7/22/2024

Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet A notorious cybercriminal group known as FIN7 advertises its custom tool for security evasion on darknet forums and sells it to other criminal gangs, researchers have found. The tool, known as AvNeutralizer, is used by criminal hackers to bypass threat detection systems on victims' devices. Researchers have previously discovered that the tool was used exclusively for six months by another hacker group,…
Read More

InfoSec News Nuggets 7/19/2024

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years An elusive and highly covert Chinese hacking group tracked as GhostEmperor — notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia — has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. Cybersecurity company Sygnia, in a report published Wednesday, said it…
Read More

InfoSec News Nuggets 7/18/2024

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls Well known for targeting victims with fake job postings, North Korea state-sponsored hackers have been discovered using a new variant of their BeaverTail malware to trick macOS users into downloading a malicious version of Microtalk, a video-calling service. Details about the latest campaign were published by cybersecurity researcher Patrick Wardle, who explained in his writeup that the threat actors likely lured their victims into downloading the…
Read More

InfoSec News Nuggets 7/17/2024

Email addresses of 15 million Trello users leaked on hacking forum A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists. In January, BleepingComputer reported that a threat actor known as 'emo' was selling profiles for 15,115,516 Trello members on a…
Read More

InfoSec News Nuggets 7/16/2024

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year. The theory is that cybercriminals may have picked up on a flaw in the method Squarespace used to migrate Google Domains customer data over to its servers, allowing them to guess the email addresses associated with admin accounts and register the account…
Read More

InfoSec News Nuggets 7/15/2024

Banks in Singapore to phase out one-time passwords in 3 months The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and other scams. "The use of OTP was introduced in…
Read More

InfoSec News Nuggets 7/10/2024

Roblox vendor data breach exposes dev conference attendee info  Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. Roblox is an online gaming and game creation platform popular among younger audiences that design, create, and share games with a large community of over 200 million active users. The company hosts an annual Roblox Developer Conference (RDC) event that helps developers network, learn, and share…
Read More

InfoSec News Nuggets 7/8/2024

OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report  A hacker reportedly stole information on OpenAI's new technologies last year by breaking into the company's internal messaging systems. The messages from a company-wide meeting in April last year had employees discussing details of new artificial intelligence technologies, the New York Times reported, citing unnamed sources. The hacker did not access systems housing or building its applications, it said. OpenAI did not respond to a request…
Read More

InfoSec News Nuggets 7/5/2024

Twilio says hackers identified cell phone numbers of two-factor app Authy users Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. On Tuesday, Twilio confirmed to TechCrunch that “threat actors” were able to identify the phone number of people who use Authy, a popular two-factor authentication app owned by Twilio. In a post on a well-known hacking forum, the hacker or hackers known as ShinyHunters wrote that…
Read More

InfoSec News Nuggets 7/3/2024

Prudential Data Breach Victim Count Soars to 2.5M  After initially disclosing a data breach in February to the Securities and Exchange Commission (SEC) that it said was not materially impacting, Prudential Financial has updated its notice with a revised total number of affected residents — a number staggeringly higher than anticipated. More than 2.5 million individuals have been compromised by this data breach attack, rather than the 36,000 the insurance company originally said were affected. The stolen information includes…
Read More

InfoSec News Nuggets 7/2/2024

Indonesian government didn't have backups of ransomwared data, because DR was only an option Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up. The audit and revelation that Indonesia lacks a backup plan came in aftermath of ransomware attack on the nation’s Temporary National Data Center (PDNS) that took place on June 20th and resulted in widespread disruption of digital…
Read More

InfoSec News Nuggets 7/1/2024

Former IT employee accessed data of over 1 million US patients Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. Geisinger is a non-profit organization that operates 134 care sites, ten hospitals, and the Geisinger Health Plan, serving a total of 1.2 million people. It employs 26,000 staff, including 1,600 doctors, and is considered one of Pennsylvania’s most…
Read More

InfoSec News Nuggets 6/28/2024

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's…
Read More

InfoSec News Nuggets 6/27/2024

New tool detects AI-generated videos with 93.7% accuracy Earlier this year, an employee at a multinational corporation sent fraudsters $25 million. The instructions to transfer the money came—the employee thought—straight from the company's CFO. In reality, the criminals had used an AI program to generate realistic videos of the CFO and several other colleagues in an elaborate scheme. Videos created by AI have become so realistic that humans (and existing detection systems) struggle to distinguish between…
Read More

InfoSec News Nuggets 6/26/2024

French police shut down chat website reviled as 'den of predators' French law enforcement has shut down the chat website Coco, which authorities said has allowed offenders to coordinate child sexual abuse, rapes, homicides and other serious crimes. As of Tuesday, the website is no longer available and only displays a seizure notice from the French national police. According to a statement by the Paris prosecutor's office, the investigation into Coco’s operation was initiated in December 2023. France…
Read More

InfoSec News Nuggets 6/25/2024

CDK suffered another data breach as it was attempting to recover Car dealer software provider CDK has allegedly suffered a second cyberattack - as it was trying to recuperate from the first one. As a result of this follow-up attack, the company was forced to turn most of its services back offline and now says it doesn’t know how long it will take for it to restore the system. In the meantime, many major car…
Read More

InfoSec News Nuggets 6/24/2024

Australia alters CSAM detection rules after tech firms push back These rules aim to tackle CSAM content online, but changes have been made after critics said there were no safeguards to keep encryption protected. Australia’s independent online safety regulator has amended upcoming online safety rules to keep encryption protected, after the original draft faced criticism from tech companies. The rules aim to make online services do more to tackle child sexual abuse material (CSAM) and…
Read More