InfoSec News Nuggets – April 5, 2019

1 Windows 10 News App Blunder Made Users Think They're Infected A configuration mistake in the Microsoft News app caused Window 10 users to receive strange test notifications, which caused them to think they were infected. Last Friday, users on Reddit began posting about strange notifications they were receiving in the Windows 10 action center. These notifications indicated they were from the Microsoft News app, but were labeled as coming from Microsoft Movies. Even stranger,…
Read More

InfoSec News Nuggets – April 4, 2019

1 Walmart partners with Google on voice-enabled grocery shopping Following the latest wave of price cuts at Amazon’s Whole Foods, announced Monday evening, Walmart today introduced its own plans to challenge Amazon on grocery shopping through a partnership with Google. The company is rolling out a new voice-ordering capability, Walmart Voice Order, which works across Google Assistant-powered platforms, including Google’s smart speakers and displays, smartphones, smartwatches and more. The news follows several efforts by Walmart…
Read More

InfoSec News Nuggets – April 2, 2019

1 Delta, Southwest and others apologize after technical issue with contractor program Multiple airlines, including Delta, Southwest and United, experienced computer outages on Monday morning, according to the airlines' Twitter accounts. According to the airlines and to the Federal Aviation Administration, the problem has been resolved and flights have resumed with some delays. The outage was due to a technical issue with a program called AeroData, according to a statement from the FAA. The third-party…
Read More

InfoSec News Nuggets – April 1, 2019

1 Ransomware Hit Garage Used by Canadian Internet Registration Authority A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink’s “Automated Parking Revenue Control System” to verify visitors by scanning their parking passes. But not this morning. The garage’s barriers…
Read More

InfoSec News Nuggets – March 29, 2019

1 Office Depot Pays $25 Million To Settle Deceptive Tech Support Lawsuit Office Depot and Support.com, Inc, a tech support software provided from California, agreed to pay $25 million and $10 million respectively for allegedly tricking their customers into paying for millions of US dollars worth of computer repair services using fake malware scans. According to a press release issued today by the U.S. Federal Trade Commission (FTC), the agency will use the money received…
Read More

InfoSec News Nuggets – March 28, 2019

1 Lexus, Toyota, Ford and Porsche panned for 'poor' keyless car security Keyless car security systems in Lexus, Toyota, Ford and Porsche cars have been labelled ‘poor' following a test by experts at Thatcham Research. And security on the Suzuki Jimny was found to be so bad that Thatcham labelled it "unacceptable". The poor security of the vehicles leaves them vulnerable to relay attacks, whereby thieves use wireless devices to activate cars' remote central locking…
Read More

InfoSec News Nuggets – March 27, 2019

1 How blockchain is becoming the 5G of the payment industry As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry. "I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite…
Read More

InfoSec News Nuggets – ​March 26, 2019

1 Microsoft's Leaked Edge Browser Should Make Google Worried Over the weekend, a leaked build for the Chromium-based Edge browser has been released that is providing users with their first look at the upcoming browser from Microsoft. If you are currently using Chrome, the reports indicate that this Edge preview browser feels, performs, and has basically has the same features. Microsoft has been quiet regarding their upcoming Microsoft Edge Insider browser, but a slow trickle…
Read More

InfoSec News Nuggets – March 25, 2019

1 Don't have a heart attack but your implanted defibrillator can be hacked over the air Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect. On Thursday, the US government's Dept of Homeland Security issued an alert over two CVE-listed vulnerabilities in Medtronic's wireless…
Read More

InfoSec News Nuggets – March 22, 2019

1 Firefox 66 now blocks autoplaying audio by default It’s been on the to-do list for a while, but Mozilla announced yesterday that with the release of Firefox 66 for desktop and Firefox for Android this week, media autoplay of video or audio is now blocked on websites by default. According to Mozilla’s developer blog, this means that when users: Go to a site that plays videos or audio, the Block Autoplay feature will stop…
Read More

InfoSec News Nuggets – March 21, 2019

1 Volvo will use in-car cameras to combat drunk and distracted driving Volvo said on Wednesday it will use cameras installed inside its vehicles to monitor driver behavior and intervene if the driver appears to be drunk or distracted. It’s a risky move by an automaker, even one with a reputation for safety like Volvo, which could raise concerns among privacy advocates. Volvo’s in-car cameras will monitor eye movements to gauge driver distraction and /…
Read More

InfoSec News Nuggets – March 20, 2019

1 Home DNA kit company now lets users opt out of FBI data sharing FamilyTreeDNA emailed users last week to let them know that they can now opt out of DNA matching that will be used to help police identify the remains of deceased people or to help them track down violent criminals. It’s now calling that type of investigative DNA research Law Enforcement Matching (LEM). The gene-matching company also set up a separate process…
Read More

InfoSec News Nuggets – March 19, 2019

1  HERE'S WHAT IT'S LIKE TO ACCIDENTALLY EXPOSE THE DATA OF 230M PEOPLE As he Googled his company's name that morning last June, Hardigree found a growing list of headlines pointing to the 10-person marketing firm he'd founded three years earlier, Exactis, as the source of a leak of the personal records of nearly everyone in the United States. A friend in an office adjacent to the one he rented as the company's headquarters in…
Read More

InfoSec News Nuggets – March 18, 2019

1 The Hottest Chat App for Teens Is … Google Docs When the kids in Skyler’s school want to tell a friend something in class, they don’t scrawl a note down on a tiny piece of paper and toss it across the room. They use Google Docs. “We don’t really pass physical notes anymore,” said Skyler, 15, who, like all the other students in this story, is identified by a pseudonym. As more and more…
Read More

InfoSec News Nuggets – March 15, 2019

1 CYBERCOM Seeks Troops Who Can Unleash Artificial Intelligence The Defense Department’s cyber warriors shouldn’t be too concerned about artificial intelligence taking their jobs, according to their commander. Instead, U.S. Cyber Command is looking for troops able to wield AI like a weapon. During a budget hearing Wednesday held by the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities, Rep. Anthony Brown, R-Md., asked the Pentagon’s cyber leadership whether AI could help reduce…
Read More

InfoSec News Nuggets – March 14, 2019

1 A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates A major operational error by GoDaddy, Apple, and Google has resulted in the issuance of at least 1 million browser-trusted digital certificates that don’t comply with binding industry mandates. The number of non-compliant certificates may be double that number, and other browser-trusted authorities are also likely to be affected. The snafu is the result of the companies' misconfiguration of the open source…
Read More

InfoSec News Nuggets – March 13, 2019

1 Lawyers for alleged LinkedIn hacker appear ready to fight results of psychiatric evaluation The ongoing court case tied to an accused Russian hacker took another turn last week when the results of his psychiatric evaluation became a topic of contention. Now court deliberations in the case of Yevgeniy Nikulin, an alleged hacker accused of breaching LinkedIn, are scheduled to continue after a court-ordered psychiatric evaluation sought to determine whether he was fit to stand…
Read More

InfoSec News Nuggets – March 12, 2019

1 Attack on Software Giant Citrix Attributed to Iranian Hackers Software giant Citrix on Friday revealed that its internal network had been breached and the attackers may have stolen business documents. The company said it was informed by the FBI on March 6 that its systems had been breached by “international cyber criminals.” Citrix has launched a forensic investigation and it has taken action to secure its network.Citrix’s investigation so far suggests that the attackers…
Read More

InfoSec News Nuggets – March 11, 2019

1 Beyond Hybrid War: How China Exploits Social Media to Sway American Opinion We studied Chinese state-run social media influence operations and concluded that the Chinese state utilized techniques different from the Russian state. These differences in technique are driven by dissimilar foreign policy and strategic goals. President Xi Jinping has global strategic goals for China different from those President Vladimir Putin has for Russia; as a result, the social media influence techniques used by…
Read More

InfoSec News Nuggets – March 8, 2019

1 New York, Beijing Chip Away at Silicon Valley Amazon.com Inc. may have dropped plans to build a campus in New York, but many technology industry leaders say the city is on track to become a go-to innovation source for businesses world-wide in the next few years, according to a study by KPMG LLP. More than half of the executives recently surveyed by the accounting giant said Silicon Valley will cease to dominate global tech…
Read More

InfoSec News Nuggets – March 7, 2019

1 U.S. Army Assures Public That Robot Tank System Adheres to AI Murder Policy Last month, the U.S. Army put out a call to private companies for ideas about how to improve its planned semi-autonomous, AI-driven targeting system for tanks. In its request, the Army asked for help enabling the Advanced Targeting and Lethality Automated System (ATLAS) to “acquire, identify, and engage targets at least 3X faster than the current manual process.” But that language…
Read More

infoSec News Nuggets – March 5, 2019

1 Researchers granted server by gov officials link Sharpshooter attacks to North Korea Analysis of a command-and-control (C2) server awarded to researchers by law enforcement after seizure has provided valuable information on the threat actors behind a global hacking campaign. Dubbed "Operation Sharpshooter" by McAfee cybersecurity researchers, the campaign was first uncovered in December 2018. Operation Sharpshooter targets government departments, telecoms, energy, defense, and other organizations worldwide. The attack wave predominantly focuses on targets in…
Read More

InfoSec News Nuggets – March 4, 2019

1 Montreal-based UN aviation agency tried to cover up 2016 cyberattack In November 2016, the Montreal-based International Civil Aviation Organization (ICAO) was hit by the most serious cyberattack in its history, and internal documents obtained by CBC suggest key members of the team that should have prevented the attack tried to cover up how badly it was mishandled. As the United Nations body that sets standards for civil aviation around the world, ICAO is the…
Read More

InfoSec News Nuggets – March 1, 2019

1 U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the Kremlin’s operations against the United States are not cost-free. The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President Vladi­mir…
Read More

InfoSec News Nuggets – February 28, 2019

1 A simple and secure biometric login for Android 7.0+ FIDO Alliance announced that Android is now FIDO2 Certified, bringing simpler, stronger authentication capabilities to over a billion devices that use this platform every day. With this news, any compatible device running Android 7.0+ is now FIDO2 Certified out of the box or after an automated Google Play Services update. This gives users the ability to leverage their device’s built-in fingerprint sensor and/or FIDO security…
Read More

InfoSec News Nuggets – February 27, 2019

1 More Internal Facebook Documents Leak Online, Revealing How Facebook Planned to Sell User Data On Friday, more internal emails started trickling out. Nearly 100 new pages, first reported by Computer Weekly, include court filings and internal discussions by Facebook employees, including CEO Mark Zuckerberg, about how to charge developers for access to Facebook users’ data, how to make more money off gaming apps, special access to Facebook data for whitelisted partners, and an emergency…
Read More

InfoSec News Nuggets – February 26, 2019

1 New flaws in 4G, 5G allow attackers to intercept calls and track phone locations A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against…
Read More

InfoSec News Nuggets – February 25, 2019

1 A third of all Chrome extensions request access to user data on any site The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site,…
Read More

InfoSec News Nuggets – February 22, 2019

1 Samsung’s foldable phone is the Galaxy Fold, available April 26th starting at $1,980 Samsung first teased its foldable phone back in November, and at the company’s Galaxy Unpacked event today, it’s further detailing its foldable plans. Samsung’s foldable now has a name, the Samsung Galaxy Fold, and the company is revealing more about what this unique smartphone can do. Samsung is planning to launch the Galaxy Fold on April 26th, starting at $1,980, through…
Read More

InfoSec News Nuggets – February 20, 2019

1 A Real Tube Carrying Dreams of 600-M.P.H. Transit California just decided to sharply scale back its plans for a high-speed rail artery meant to transform travel up and down the state. But in the desert outside Las Vegas, the transportation ambitions still seem limitless. Here, engineers working for Virgin Hyperloop One are testing a radically different type of mass transit: one that aims to move people and cargo in small wheel-less pods in a…
Read More

InfoSec News Nuggets – February 19, 2019

Academics Confirm Major Predictive Policing Algorithm is Fundamentally Flawed Last week, Motherboard published an investigation which revealed that law enforcement agencies around the country are using PredPol—a predictive policing software that once cited the controversial, unproven “broken windows” policing theory as a part of its best practices.  In a 2014 presentation to police departments obtained by Motherboard, the company says that the software is “based on nearly seven years of detailed academic research into the…
Read More

InfoSec News Nuggets – February 18, 2019

Lenovo Watch X Riddled with Security Vulnerabilities Researchers are raking the Lenovo Watch X over the security coals in a report that blasts the device for shipping with a half dozen “disturbing” privacy and security vulnerabilities. The budget ($50) smartwatch was introduced in June 2018 and was initially praised for its design, features and affordability. But months following the launch, the Lenovo X Watch has since been hearing an earful from usability, and now security,…
Read More

InfoSec News Nuggets – February 15, 2019

Some GPS receivers may malfunction on or after April 6 April sees the GPS network go through a mini "millennium bug" of its own because the week number will roll back to a zero. While this is a known issue arising from the way the system works, it's recommended that those in charge of critical infrastructure which make use of GPS, along with other businesses and users who believe a malfunction would result in problems,…
Read More

InfoSec News Nuggets – February 14, 2019

Hackers Charged With Making Threats to Schools Two computer hackers were charged with sending false shooting and bomb threats to hundreds of schools and other institutions in the U.S. and Britain, federal prosecutors said Tuesday. The men are members of Apophis Squad, a worldwide collective of hackers intent on using the internet to “sow chaos,” the Department of Justice said in Los Angeles. Timothy Vaughn of Winston-Salem, North Carolina, was arrested this week by the…
Read More

InfoSec News Nuggets – Feb 13, 2019

              February 13, 2019   Microsoft States Windows Update DNS Issues are Finally Fixed Starting in late January, Windows 10 users began reporting that when they tried to perform an update, Windows would state that it could not connect to the Windows Update service. At the time, Microsoft did not disclose the cause of the issue, but as users could fix the problem by changing their DNS servers, it was widely thought to be a…
Read More

InfoSec News Nuggets – February 12, 2019

Facebook 'youth team' to focus on Messenger Kids app for under-13s Facebook is restructuring its “youth team” with a greater focus on Messenger Kids, its instant-messaging app for under-13s, reports say. The team, a small group within the company responsible for getting children to use the social network, had previously been working on an experimental new feature called LOL, described by industry news site TechCrunch as a “cringey teen meme hub”. With categories such as…
Read More

InfoSec News Nuggets – February 11, 2019

Foreign VPN apps need a close look from DHS, senators say The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says. Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore.,…
Read More

InfoSec News Nuggets – February 6, 2019

Crooks Continue to Exploit GoDaddy Hole Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. On January 22, KrebsOnSecurity published research showing that crooks behind a series of massive sextortion…
Read More

InfoSec News Nuggets – January 2, 2019

Newspapers report suspected malware attack Staffers at some of America's best-known newspapers are wondering whether their systems were the victim of a foreign cyberattack. Several papers, including the Los Angeles Times and The San Diego Union-Tribune, suffered printing and distribution delays as a result of the incident. Some reporters chuckled at the irony of a digital bug interrupting printed papers. But there is also real concern about the effectiveness of the attack. Tribune Publishing said…
Read More

InfoSec News Nuggets – December 10, 2018

Amazon robot sets off bear repellant, putting 24 workers in hospital  Twenty-four employees at an Amazon warehouse inNew Jersey were taken to hospital after a robot accidentally punctured a can of bear repellant. The 255g can containing concentrated capsaicin, a compound in chilli peppers, was punctured by an automated machine after it fell off a shelf, according to local media. The incident happened on Wednesday at a warehouse in Robbinsville, New Jersey, on the outskirts…
Read More

InfoSec News Nuggets – 11/27/2018

City of Valdez, Alaska admits to paying off ransomware infection Officials from the city of Valdez, Alaska have admitted last week to paying $26,623.97 to hackers after the city's IT network was crippled by a ransomware infection in July. "Valdez Police Department[...] reached out through our law enforcement channels for assistance with addressing the ransom demand," said Bart Hinkle, Valdez police chief and operations section chief for the cyber incident response, in a press release…
Read More

InfoSec News Nuggets – November 20, 2018

Inside the Messy, Dark Side of Nintendo Switch Piracy The source of the leak had no chance of being traced. Someone, perhaps a professional games reviewer, had just helped dump a copy of Diablo III, a hotly anticipated Nintendo Switch game at least several days before its official launch date. The source had used a middleman who ultimately released the game for pirates to distribute among themselves.  This approach of disguising the original source of…
Read More

InfoSec News Nuggets – October 11, 2018

Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd. (Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won't be able to tell that they're using a…
Read More

InfoSec News Nuggets – October 1, 2018

Facebook Security Breach Exposes Accounts of 50 Million Users Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users. The breach, which was discovered this week, was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take…
Read More

InfoSec News Nuggets – September 26, 2018

Beware of Hurricane Florence Relief Scams If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include…
Read More

InfoSec News Nuggets – September 25, 2018

Credit Freezes are Free: Let the Ice Age Begin A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any…
Read More

InfoSec News Nuggets – September 24, 2018

Google responds to lawmaker concerns over Gmail scanning In July, Senators John Thune (R-SD), Roger Wicker (R-MS) and Jerry Moran (R-KS) sent Google a letter that sought information on Google's practice of allowing third-party app developers access to its users' emails. While Google stopped scanning Gmail messages for ad-targeting purposes earlier this year, it still offers access to others if users give their consent. Now, Google has replied to the lawmakers' letter. In it, Susan…
Read More

InfoSec News Nuggets – September 11, 2018

US government releases post-mortem report on Equifax hack The Government Accountability Office (GAO) has published a report to detail how the Equifax hack went down and how the credit reporting company answered during and after the incident. The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens. Some of the…
Read More

InfoSec News Nuggets – September 10, 2018

How US authorities tracked down the North Korean hacker behind WannaCry The DOJ indictment, one of the largest of its kind in regards to the number of pages, lists a vast array of email addresses used to register domain names and buy hosting services used in all the hacks. It also includes IP addresses used to access malware command and control (C&C) servers, social media accounts, and hacked servers that hosted malware used in the…
Read More

InfoSec News Nuggets – September 5, 2018

Twitter testing new feature that reveals when you’re online The feature, revealed in a post from Twitter’s director of product management and shared more widely by Twitter CEO Jack Dorsey, reveals that the site is toying with the idea of displaying a green dot next to active, online users. What isn’t entirely clear, however, is whether Twitter plans to make the feature opt-in or opt-out when/if it eventually rolls out to the great unwashed masses.…
Read More