InfoSec News Nuggets 3/22/2024

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it…
Read More

InfoSec News Nuggets 3/21/2024

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were…
Read More

InfoSec News Nuggets 3/20/2024

We’re one step closer to a global cybersecurity standard for smart home devices As useful as connected devices like video doorbells and smart lights are, it’s wise to exercise caution when using connected tech in your home, especially after years of reading about security camera hacks, fridge botnet attacks, and smart stoves turning themselves on. But until now, there hasn’t been an easy way to assess a product’s security chops. A new program from the Connectivity Standards Alliance (CSA), the group…
Read More

InfoSec News Nuggets 3/19/2024

NHS Dumfries and Galloway Warns of “Significant” Data Theft An NHS Scotland trust has warned of disrupted services and possible data compromise after being breached by threat actors. NHS Dumfries and Galloway issued a brief statement on Friday that it “has been the target of a focused and ongoing cyber-attack.” The healthcare provider is still investigating the incident, in tandem with the National Cyber Security Centre (NCSC), Police Scotland and the Scottish Government. Healthcare is…
Read More

InfoSec News Nuggets 3/16/2024

Former telecom manager admits to doing SIM swaps for $1,000 A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. SIM swapping is an unauthorized porting of a targeted person's phone number to another physical SIM card or eSIM chip controlled by the attacker. These types of attacks are usually conducted via social engineering attacks against…
Read More

InfoSec News Nuggets 3/15/2024

The software at the center of debate over Chinese cyber threat inside the biggest ports in US Cybersecurity risks associated with Chinese-made cranes at U.S. ports are not new, and recent White House action and hearings on Capitol Hill have escalated the claims about potentially serious national security vulnerabilities embedded in key infrastructure. But the Biden administration, lawmakers and ports management continue to differ in their views of the true nature of the threat. In…
Read More

InfoSec News Nuggets 3/13/2024

VR headsets can be hacked with an Inception-style attack In the Christoper Nolan movie Inception, Leonardo DiCaprio’s character uses technology to enter his targets’ dreams to steal information and insert false details into their subconscious.  A new “inception attack” in virtual reality works in a similar way. Researchers at the University of Chicago exploited a security vulnerability in Meta’s Quest VR system that allows hackers to hijack users’ headsets, steal sensitive information, and—with the help of generative…
Read More

InfoSec News Nuggets 3/12/2024

Elon Musk says xAI will open-source Grok this week Elon Musk’s AI startup xAI will open-source Grok, its chatbot rivaling ChatGPT, this week, the entrepreneur said, days after suing OpenAI and complaining that the Microsoft-backed startup had deviated from its open-source roots. xAI released Grok last year, arming it with features including access to “real-time” information and views undeterred by “politically correct” norms. The service is available to customers paying for X’s $16 monthly subscription. Musk, who didn’t elaborate on…
Read More

InfoSec News Nuggets 3/11/2024

Microsoft says Russian hackers stole source code after spying on its executives Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. “In recent weeks, we have seen evidence that Midnight Blizzard…
Read More

InfoSec News Nuggets 3/8/2024

Fidelity customers' financial info feared stolen in suspected ransomware attack Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes — after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys.   Google…
Read More

InfoSec News Nuggets 3/7/2024

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the…
Read More

InfoSec News Nuggets 3/6/2024

Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but…
Read More

InfoSec News Nuggets 3/5/2024

Ransomware ban backers insist thugs must be cut off from payday Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators. Ciaran Martin, founding CEO of the UK's National Cyber Security Center (NCSC), reiterated his stance on the matter a week after LockBit started to get back on its feet again following the efforts of Operation Cronos to bring its servers…
Read More

InfoSec News Nuggets 3/4/2024

Hugging Face, the GitHub of AI, hosted code that backdoored user devices Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come. In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-user device.…
Read More

InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement…
Read More

InfoSec News Nuggets 2/29/2024

Registrars can now block all domains that resemble brand names Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. GlobalBlock, a solution already in use by leading registrars like GoDaddy Corporate Domains, 101domain, and MarkMonitor lets businesses pay a subscription fee to reserve a part of the domain space, as a means to protect their trademark. But, is there more to…
Read More

InfoSec News Nuggets 2/28/2024

Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring “high-risk” vulnerabilities, according to a new study from Synopsys. The chip design tool company’s ninth annual Open Source Security and Risk Analysis (OSSRA) report analyzed anonymized findings from over 1000 commercial codebase audits in 17 industries. It found that the share featuring high-risk open source bugs – that is, ones that have been actively exploited, have documented proof-of-concept exploits or are…
Read More

InfoSec News Nuggets 2/27/2024

Lockbit cybercrime gang says it is back online following global police bust Lockbit, the cybercrime gang that was knocked offline by a comprehensive international police operation earlier this month, says it has restored its servers and is back in business. The group, notorious on the internet's criminal underground for using malicious software called ransomware to digitally extort its victims, was the target of an unprecedented international law enforcement operation last week which saw its members arrested and indicted. Lockbit's…
Read More

InfoSec News Nuggets 2/26/2024

U-Haul says hacker accessed customer records using stolen creds U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and…
Read More

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last…
Read More

InfoSec News Nuggets 2/22/2024

Reward Offers for Information on LockBit Leaders and Designating Affiliates The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group. Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and…
Read More

InfoSec News Nuggets 2/21/2024

Reddit sells training data to unnamed AI company ahead of IPO On Friday, Bloomberg reported that Reddit has signed a contract allowing an unnamed AI company to train its models on the site's content, according to people familiar with the matter. The move comes as the social media platform nears the introduction of its initial public offering (IPO), which could happen as soon as next month. Reddit initially revealed the deal, which is reported to be worth…
Read More

InfoSec News Nuggets 2/20/2024

Using AI in a cyberattack? DOJ’s Monaco says criminals will face stiffer sentences The Justice Department’s No. 2 official directed federal prosecutors to impose stiffer penalties on cybercriminals who use AI in their crimes. “We have to put AI at the top of [our] enforcement priorities list,” Lisa Monaco told an audience Friday at the Munich Cyber Security Conference. “We’re looking quite hard at how AI can enhance quite literally the danger associated with crimes.…
Read More

InfoSec News Nuggets 2/16/2024

  European Court of Human Rights declares backdoored encryption is illegal The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "the contested legislation providing for the retention of all internet communications of all users, the security services’ direct…
Read More

InfoSec News Nuggets 2/15/2024

Romanian hospital ransomware crisis attributed to third-party breach The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All…
Read More

InfoSec News Nuggets 2/14/2024

Meta says risk of account theft after phone number recycling isn't its problem to solve Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out. The core problem is that telecom companies recycle phone numbers that have been abandoned after a brief waiting period –…
Read More

InfoSec News Nuggets 2/13/2024

Europe's largest caravan club admits wide array of personal data potentially accessed  The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can't figure out whether members' data was stolen. According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the…
Read More

InfoSec News Nuggets 2/12/2024

Google unmasks 5 spyware firms from Italy, Greece and Spain that infect phones all over the world  Wow, that Mediterranean climate sure is something! Five companies from Southern Europe have been called out by Google and accused of producing spyware software that infects and affects phones all over the world. The search engine giant said these five companies from Italy, Greece and Spain were “enabling the use of dangerous hacking tools”, and urged the United…
Read More

InfoSec News Nuggets 2/9/2024

Half of polled infosec pros say their degree was less than useful for real-world work Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot. The Moscow-headquartered multinational revealed those figures today in the first part of a multi-stage…
Read More

InfoSec News Nuggets 2/8/2024

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities  oogle today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe programming language across Android and other Google products, due to its benefits for addressing memory safety vulnerabilities. “Based on historical vulnerability density statistics, Rust…
Read More

InfoSec News Nuggets 2/7/2024

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data  Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files…
Read More

InfoSec News Nuggets 2/6/2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan  The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken…
Read More

InfoSec News Nuggets 2/5/2024

FBI removes malware from hundreds of routers across the US The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an…
Read More

InfoSec News Nuggets 2/2/2024

FBI disrupts Chinese botnet used for targeting US critical infrastructure  The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things,…
Read More

InfoSec News Nuggets 2/1/2024

Two More Individuals Charged for DraftKings Hacking  Two more individuals have been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website. The individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches, and attempted to sell access to the accounts. A third…
Read More

InfoSec News Nuggets 1/31/2024

Microsoft stole my Chrome tabs, and it wants yours, too  Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d…
Read More

InfoSec News Nuggets 1/30/2024

DHS employees jailed for stealing data of 200K U.S. govt workers  Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General (DHS-OIG), sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced…
Read More

InfoSec News Nuggets 1/29/2024

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist  The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans. Passport scans are routinely collected to verify identities during the course of the hiring process,…
Read More

InfoSec News Nuggets 1/26/2024

Meta announces steps to protect teens from unwanted contact on Instagram and Facebook  On Thursday (Jan. 25), Meta detailed a few new ways parents can better safeguard their teens on Instagram and Facebook. Adam Mosseri, Head of Instagram, shared a quick video on the platform explaining that a new set of "stricter messaging" settings are arriving. These settings for children under 16 and under 18 in other regions will help parents ensure they don't receive…
Read More

InfoSec News Nuggets 1/25/2024

News media, foreign affairs experts are targets of North Korean group’s latest campaign  North Korean state hackers are targeting media organizations and high-profile academics in a new espionage campaign, according to a new report released this week. The goal of these attacks, attributed by researchers at SentinelLabs to a hacker group known as ScarCruft or APT37, is to “gather strategic intelligence” that can “contribute to North Korea’s decision-making processes.” ScarCruft is a suspected North Korean state-sponsored group with a history of attacks…
Read More

InfoSec News Nuggets 1/24/2024

Jason’s Deli says customer data exposed in credential stuffing attack  Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. Jason's Deli is an American restaurant chain with 246 branches in 29 states, employing over 6,000 people and having an annual revenue of over $400 million. In a data breach notification sent to customers, Jason's Deli says hackers obtained…
Read More

InfoSec News Nuggets 1/23/2024

Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim  Five people have been accused of pulling off a "brazen" scam that involved submitting more than $7 million in fake work expense claims to an IT consultancy to bankroll hotel stays, a cruise, visits to strip clubs, and more. Mark Angarola, Allison Angarola, Jose Garcia, Michelle Cox, and Lisa Mincak were all arrested and charged in the US with one count each of wire fraud…
Read More

InfoSec News Nuggets 1/22/2024

Vans, Supreme owner VF Corp says hackers stole 35 million customers’ personal data  VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, said Thursday that hackers stole the personal data of 35.5 million customers in a December cyberattack. The Denver, Colorado-based company reported the data breach to regulators in a filing on Thursday. The filing did not say specifically what kinds of personal data was taken, or if the…
Read More

InfoSec News Nuggets 1/19/2024

New UEFI vulnerabilities send firmware devs industry wide scrambling  UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level. The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network—say a…
Read More

InfoSec News Nuggets 1/18/2024

OpenAI must defend ChatGPT fabrications after failing to defeat libel suit  OpenAI may finally have to answer for ChatGPT's "hallucinations" in court after a Georgia judge recently ruled against the tech company's motion to dismiss a radio host's defamation suit. OpenAI had argued that ChatGPT's output cannot be considered libel, partly because the chatbot output cannot be considered a "publication," which is a key element of a defamation claim. In its motion to dismiss, OpenAI also…
Read More

InfoSec News Nuggets 1/17/2024

Cloud Vendor Returns Stolen Hospital Data  A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group - North Star Health Alliance - had filed a lawsuit against LockBit in November as a legal maneuver to force the storage firm to return the patient data the cybercriminals had exfiltrated from the hospitals and stashed on the Massachusetts vendor's servers.   …
Read More

InfoSec News Nuggets 1/16/2024

Juniper warns of critical RCE bug in its firewalls and switches Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this critical security flaw can also be exploited by unauthenticated threat actors to get root privileges or launch denial-of-service (DoS) attacks against unpatched devices. "This issue is caused…
Read More

InfoSec News Nuggets 1/12/2024

Framework discloses data breach after accountant gets phished  Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding…
Read More

InfoSec News Nuggets 1/11/2024

Here’s Some Bitcoin: Oh, and You’ve Been Served!  A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide…
Read More

InfoSec News Nuggets 1/10/2024

Fidelity National Financial says hackers stole data on 1.3 million customers  Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data.” The company said…
Read More