InfoSec News Nuggets 05/07/2021

1 - Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know A new SMS malware campaign capable of stealing passwords and banking credentials has started spreading like wildfire in recent weeks. So much so that mobile carriers and law enforcement agencies alike have been prompted to issue warnings about the so-called FluBot campaign. "What's unique about the campaign is that it has different kill chains depending on whether the target uses…
Read More

InfoSec News Nuggets 05/06/2021

1 - Vishing — Phone Call Attacks and Scams When you think of a cyber criminal you probably think of an evil mastermind sitting behind a computer, launching sophisticated attacks over the internet. While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims. There are two big advantages to using a phone: Unlike other attacks, there are fewer security technologies that can detect and stop a…
Read More

InfoSec News Nuggets 05/05/2021

1 - IoT privacy and security concerns There is a famous hacking story that’s become something of an urban legend in the cyber security industry - about a casino that had its IT network infiltrated via an internet-connected fish tank. It’s said that the tank's IoT thermometer was used to access the casino’s entire system and extract data on its clientele. It's a rather extreme example of what could happen, but serves to highlight an important…
Read More

InfoSec News Nuggets 05/04/2021

1 - Ford's Ever-Smarter Robots Are Speeding Up the Assembly Line IN 1913, HENRY Ford revolutionized car-making with the first moving assembly line, an innovation that made piecing together new vehicles faster and more efficient. Some hundred years later, Ford is now using artificial intelligence to eke more speed out of today’s manufacturing lines. At a Ford Transmission Plant in Livonia, Michigan, the station where robots help assemble torque converters now includes a system that uses AI to learn from previous attempts how to…
Read More

InfoSec News Nuggets 05/03/2021

1 - European Commission finds Apple's App Store in violation of EU competition rules Apple is currently facing several antitrust battles across the US, Europe, and Australia, for allegedly exerting monopolistic power over the App Store and using it to put competitors at a disadvantage. This has even led to the creation of a "Coalition for App Fairness" to promote freedom of choice and the idea of alternative app stores in the Apple ecosystem. Following a…
Read More

InfoSec News Nuggets 04/30/2021

1 - US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web’s most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog’s mastermind, according to court documents. Created in…
Read More

InfoSec News Nuggets 04/29/2021

1 - Instagram rolls out new features to help prevent cyberbullying Instagram has unveiled new tools to help combat cyberbullying and other abusive behavior on the platform – a filter that will prevent users from seeing abusive Direct Messages (DMs) and a tool to stop someone a user has blocked from contacting them from another account. “We understand the impact that abusive content – whether it’s racist, sexist, homophobic, or any other kind of abuse – can…
Read More

InfoSec News Nuggets 04/28/2021

1 - Reverb discloses data breach exposing musicians' personal info Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online. Reverb is the largest online marketplace devoted to selling new, used, and vintage musical instruments and equipment. Today, Reverb customers began receiving data breach notifications stating that customer information was exposed, including customers' names, addresses, phone numbers, and email addresses. While Reverb's notification does not…
Read More

InfoSec News Nuggets 04/27/2021

1 - Password manager Passwordstate hacked to deploy malware on customer systems A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users’ devices, most of which are enterprise customers. Click Studios, the Australian software firm behind Passwordstate, has notified its 29,000 customers earlier today via email. According to a copy of the company’s communications, obtained by Polish tech news site Niebezpiecznik, the malware-laced update was live for…
Read More

InfoSec News Nuggets 04/26/2021

1 - Costco Issues Scam Warning Costco Wholesale Corporation is warning American internet users to be wary of more than a dozen digital scams targeting its customer base. On its website, the American multinational corporation has published screenshots of 14 "prominent fraudulent emails, texts, and posts" in which cyber-criminals are impersonating Costco. The majority of the traps use financial benefits to lure victims, promising free products, financial reimbursements, exclusive offers, cash-back rewards, and gift cards worth $50. Many try to…
Read More

InfoSec News Nuggets 04/23/2021

1 - Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned The Linux kernel is one of the largest software projects in the modern history; with a gigantic 28 millions lines of code. Contributors from all over the world and from different fields submit a large number of patches each day to the Linux kernel maintainers, so that they get reviewed before being officially merged to the official Linux kernel tree.…
Read More

InfoSec News Nuggets 04/22/2021

1 - Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’ An internal email accidentally leaked by Facebook to a journalist has revealed the firm's intentions to frame a recent data scraping incident as "normalized" and a "broad industry issue." Facebook has recently been at the center of a data scraping controversy. Earlier this month, Hudson Rock researchers revealed that information belonging to roughly 533 million users had been posted online, including phone numbers, Facebook…
Read More

InfoSec News Nuggets 04/21/2021

1 - EFF Will Tell Copyright Office That Consumers Should Have the Freedom to Fix, Modify Digital Devices They Own On Tuesday, April 20, and Wednesday, April 21, experts from the Electronic Frontier Foundation (EFF) fighting copyright abuse will testify at virtual hearings held by the Copyright Office in favor of exemptions to the Digital Millennium Copyright Act (DMCA) so people who have purchased digital devices—from cameras and e-readers to smart TVs—can repair or modify them,…
Read More

InfoSec News Nuggets 04/20/2021

1 - “Huge upsurge” in DDoS attacks during pandemic Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at length. And even a record-breaking year in Distributed Denial of Service (DDoS) attacks might have been expected as it follows the upward trend over the years.…
Read More

InfoSec News Nuggets 04/16/2021

1 - Capcom: Ransomware gang used old VPN device to breach the network Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network. In typical fashion for human-operated…
Read More

InfoSec News Nuggets 04/15/2021

1 - DuckDuckGo can now block the Google Chrome tracking method, FLoC In an attempt to better track users and predict their search habits, Google Chrome has developed FLoC (Federated Learning of Cohorts). FLoC provides visibility into user data to any website that desires this information. In fact, FLoC places each user in an ID group to help websites recognize and target individuals. In response, the alternative search engine DuckDuckGo has come out with an extension for…
Read More

InfoSec News Nuggets 04/14/2021

1 - Clubhouse CEO says user data was not leaked, contrary to reports Clubhouse CEO Paul Davison said Sunday that a report claiming personal user data had been leaked was “false.” Cyber News reported a SQL database with users’ IDs, names, usernames, Twitter and Instagram handles and follower counts were posted to an online hacker forum. According to Cyber News, it did not appear that sensitive user information such as credit card numbers were among the leaked info. Clubhouse did…
Read More

InfoSec News Nuggets 04/13/2021

1 - LinkedIn confirmed that it was not a victim of a data breach LinkedIn has issued a formal statement to deny that the recent leak that exposed the account details of more than 500 million of its registered users was caused by a security breach. A threat actor has put for sale on a popular hacker forum an archive containing data purportedly scraped from 500 million LinkedIn profiles, with another 2 million records leaked as a proof-of-concept…
Read More

InfoSec News Nuggets 04/12/2021

1 - Hackers Hacked as Underground Carding Site is Breached Thousands of cyber-criminals have had their personal data leaked online after a popular carding forum was hacked, according to Group-IB. The Singapore-based security firm said it discovered that data belonging to users of the Swarmshop site was leaked to another underground forum on March 17. “The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and…
Read More

InfoSec News Nuggets 04/09/2021

Italian man arrested after allegedly paying hitman in cryptocurrency According to a Europol alert on Wednesday, the suspect dove into the darkest corners of the internet to find a hitman and eventually located a website claiming to offer these services on the dark web. It is necessary to use the Tor network to access the deep web -- an underlayer that is not indexed by typical search engines -- and a sector of this area, known as the…
Read More

InfoSec News Nuggets 04/08/2021

Crooks are getting smarter about exploiting SAP software, study finds Security researchers on Tuesday warned of the unrelenting interest that cybercriminals have in exploiting applications made by software giant SAP to defraud or disrupt big businesses that rely on SAP products. A months-long study by Boston-based security firm Onapsis found that malicious hackers are growing more knowledgeable of SAP software and the potential impact that compromises could have on customers. In one case, an unidentified attacker…
Read More

InfoSec News Nuggets 04/07/2021

Microsoft delays full reopening of its offices to at least September Microsoft is joining the chorus of tech companies pushing their office reopenings to late 2021 as the COVID-19 pandemic potentially winds down. The Verge has confirmed a Business Insider report that Microsoft has delayed its full reopening from July to at least September 7th. The move is a response to "continued consultation with health and data experts," a spokesperson said. In an email to staff, executive VP Kurt DelBene said the delay gave "additional…
Read More

InfoSec News Nuggets 04/06/2021

Technology could make fighting COVID less restrictive but privacy will take a hit Now that the world has completed a full circuit around the Sun with COVID as a passenger, it is possible to see which jurisdictions responded well, and which are still struggling to come to grips with the virus. Two of the nations held up as exemplars of how to fight COVID were Taiwan and New Zealand, but the approaches were very different: One has…
Read More

InfoSec News Nuggets 04/05/2021

Virginia lawmakers unanimously approve bill that bans facial recognition technology In February, Virginia lawmakers from both parties unanimously approved a bill that would restrict the use of facial recognition technology. Right now, law enforcement agencies across the state can use this technology without the knowledge of local or state leaders. Your images could be in these systems without you even knowing it. Under the bill, any law enforcement agency using facial recognition technology must stop, and they…
Read More

InfoSec News Nuggets 04/02/2021

Update on campaign targeting security researchers In January, the Threat Analysis Group documented a hacking campaign, which we were able to attribute to a North Korean government-backed entity, targeting security researchers. On March 17th, the same actors behind those attacks set up a new website with associated social media profiles for a fake company called “SecuriElite.” The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and…
Read More

InfoSec News Nuggets 04/01/2021

Research shows Google collects 20x more data from Android than Apple collects from iOS Tech companies have been talking more about privacy in recent years, and Apple proudly says that it protects user data more than anyone else. This week, new research by Douglas Leith from Trinity College showed that Google collects up to 20 times more data from Android users compared to the data Apple collects from iOS users.  As reported by Ars Technica, the…
Read More

InfoSec News Nuggets 03/31/2021

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology. A class-action suit (PDF) in the Circuit Court of the Fifth Judicial Circuit In and For Lake County,…
Read More

InfoSec News Nuggets 03/30/2021

Ransomware gang leaks data from US military contractor the PDI Group A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack. The victim is the PDI Group, an Ohio-based company that manufactures a wide range of ground support equipment for military needs, such as dollies, trollies, and platforms for transporting weapons, engines, and airplane parts during servicing operations. On Tuesday, the…
Read More

InfoSec News Nuggets 03/29/2021

Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned. The data breach allegedly exposed the email addresses, IP addresses, usernames, and hashed passwords of 297,744 users. Have I Been Pwned announced the data breach on Tuesday, saying the breach happened last week. On the Carding Mafia forum and its public…
Read More

InfoSec News Nuggets 03/26/2021

Identity Fraud Losses Soared to $56 Billion in 2020, Javelin Researchers Find Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. The reduction in transaction activity in 2020, combined with financial institutions’ more robust antifraud measures, made it harder for criminals to succeed in their ‘traditional’ fraud activities, according to Javelin Strategy & Research, which provides insights for financial…
Read More

InfoSec News Nuggets 03/25/2021

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job Amazon delivery drivers nationwide have to sign a "biometric consent" form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers' location, movement, and biometric data. If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other…
Read More

InfoSec News Nuggets 03/24/2021

TikTok no worse than Facebook for privacy, says Citizen Lab TikTok is likely no more of a threat to users than Facebook, according to an analysis by academic research group Citizen Lab that analyzed the video-sharing social networking service’s app to probe for security, privacy and censorship issues. The report was published online on March 22 by the University of Toronto Lab, which focuses on civil digital threats and high-level policy engagement. The authors considered both…
Read More

InfoSec News Nuggets 03/23/2021

Popular remote lesson monitoring program could be exploited to attack student PCs Researchers have uncovered a slew of critical vulnerabilities in remote monitoring software -- an incident made worse as it could impact student safety and privacy.  On Monday, McAfee disclosed the existence of multiple security holes in Netop Vision Pro, popular monitoring software adopted by schools for teachers to control remote learning sessions. The software is marketed for teachers to keep control of lessons. Features include…
Read More

InfoSec News Nuggets 03/22/2021

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet Criminals are upping the potency of distributed denial-of-service attacks with a technique that abuses a widely used Internet protocol that drastically increases the amount of junk traffic directed at targeted servers. DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service.…
Read More

InfoSec News Nuggets 03/19/2021

FBI: Cybercrime losses exceeded $4.2 billion in 2020 According to the 2020 Internet Crime Report [PDF], the FBI said it received 791,790 internet and cybercrime complaints in 2020, more than 69% than the 467,361 reports it received in 2019. Total losses were also up. The FBI said victims reported more than $4.2 billion in lost funds last year, 20% up from the $3.5 billion reported in 2019. Both figures —complaints and total losses— represent the…
Read More

InfoSec News Nuggets 03/18/2021

Apple Maps now displays COVID-19 vaccination locations Apple today updated Apple Maps with COVID-19 vaccination locations from VaccineFinder, a free, online service developed by Boston Children’s Hospital that provides the latest vaccine availability for those eligible at providers and pharmacies throughout the US. Users can find nearby COVID-19 vaccination locations from the Search bar in Apple Maps by selecting COVID-19 Vaccines in the Find Nearby menu or by asking Siri, “Where can I get a COVID…
Read More

InfoSec News Nuggets 03/17/2021

Half of Americans Experienced Identity Theft During COVID-19 Pandemic, New Study Shows A new report uncovers a striking pervasiveness of identity theft perpetrated against U.S. consumers where half of respondents surveyed experienced such an occurrence during the pandemic. Developed by Aite Group and underwritten by GIACT, the study found that 47% of U.S. consumers experienced identity theft between 2019 and 2020. And over the past two years, 37% of Americans experienced application fraud (i.e., the unauthorized use…
Read More

InfoSec News Nuggets 03/16/2021

Google Can Be Sued for Tracking Users in Private Browsing Mode, Judge Says A U.S. district judge in California has stated that Google can be sued for collecting data on users even when they use “private browsing mode” on their selected browsers. The lawsuit in question is a class action brought forward by three Google users—Chasom Brown, Maria Nguyen, and William Byatt—who used private browsing mode in Chrome and in Safari, Apple’s web browser, in recent years. It claims that Google…
Read More

InfoSec News Nuggets 03/15/2021

Former Facebook insiders explain why the company is making such a big fuss over Apple’s upcoming privacy change For the past few weeks, Facebook has been running an ad campaign in defense of personalized advertisements, arguing that targeted ads are key to the success of small businesses. The catalyst for the campaign has been an ongoing battle between the social media company and Apple. The battle focuses on a unique device identifier on every iPhone and iPad called the IDFA.…
Read More

InfoSec News Nuggets 03/12/2021

Comcast scrambled to fix mistake that cut some users’ upload speeds by 20% Some Comcast customers received an unwelcome surprise yesterday morning when their upload speeds were suddenly lowered from 20Mbps to 16Mbps. Comcast was raising download speeds on its "Extreme Pro" tier from 600Mbps to 800Mbps—good news, to be sure—but the plan's relatively paltry 20Mbps upload speeds received a simultaneous 20 percent cut. Customers affected by the change complained to Comcast, and two of…
Read More

InfoSec News Nuggets 03/11/2021

OVHcloud data centers engulfed in flames On March 10, OVHcloud founder and chairman Octave Klaba started a Twitter thread updating customers on the situation, which has claimed at least one data center. OVHcloud is a global cloud, dedicated server, and managed bare metal services provider catering to over 1.5 million customers.  The company manages 27 data centers in countries including the US, UK, France, and Australia.  As data centers manage vast quantities of data for customers, providers have to be…
Read More

InfoSec News Nuggets 03/10/2021

Stalkers won’t be able to track victims via hidden AirTags It won’t be possible for someone to hide an AirTag on you and track your location without permission. iPhones will notify their users if one of Apple’s item tracker tags is moving along with them. AirTags haven’t been formally announced, but the latest iOS 14.5 beta adds an “Items” tab to the built-in Find My application so users can search for these tags. A setting in the…
Read More

InfoSec News Nuggets 03/09/2021

Robocalls keep spamming Americans, in part because of their cyber tools After a surprising lull at the onset of the COVID-19 pandemic, phone scammers are back, and showing signs of overlapping more and more with text messages and cyber elements. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers, government and industry officials…
Read More

InfoSec News Nuggets 03/08/2021

What is the dark web and what does it mean for cyber security? The dark web, or darknet, is the part of the internet that is difficult to access without the proper tools and authorizations. An average, everyday web surfer using a commonly-available web browser like Chrome or Explorer isn't likely to be taking a virtual walk on the dark side, but security leaders still must make an effort to understand the threats the darknet…
Read More

InfoSec News Nuggets 03/05/2021

Real estate group in Las Vegas launches fully autonomous security robot A new spin to security. The Westland Real Estate Group has launched a fully autonomous security robot at its Liberty Village Apartments in northeast Last Vegas. The security robot is the first in the world to be used in a multi-family residence in an effort to improve the safety and security of residents. The security robot monitors the property through video and thermal-imaging cameras.…
Read More

InfoSec News Nuggets 03/04/2021

An AI Was Taught to Play the World's Hardest Video Game and Still Couldn't Set a New Record What’s the hardest video game you’ve ever played? If it wasn’t QWOP then let me tell you right know that you don’t know how truly difficult a game can be. The deceptively simple running game is so challenging to master that even an AI trained using machine learning still only mustered a top 10 score instead of shattering the record. Wesley Liao was…
Read More

InfoSec News Nuggets 03/03/2021

World's leading dairy group Lactalis hit by cyberattack Lactalis, the world's leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company's systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, and Parmalat.  In a press release published on Friday, Lactalis says that only a limited number…
Read More

InfoSec News Nuggets 03/02/2021

The Rise of Vendor-Owned News Sites Underscores the Appetite for Cybersecurity Information One of the most prolific cybersecurity journalists, Catalin Cimpanu of ZDNet, left the popular CBS-owned tech publication on Friday. Today he joins The Record, a publication backed by the cybersecurity firm Recorded Future. (Catalin’s jump to Recorded Future is occurring the day after the firm issued a report on its startling discovery that a Chinese state-sponsored hacking group dubbed Red Echo introduced malware into Indian power…
Read More

InfoSec News Nuggets 03/01/2021

78% of top security leaders say their organizations are unprepared for a cyberattack Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in…
Read More

InfoSec News Nuggets 02/26/2021

The NYPD Sent a Creepy Robotic Dog Into a Bronx Apartment Building The largest police department in the country deployed its new K-9 companion into a Bronx apartment building while responding to a home invasion early Tuesday morning. But this particular K-9 wasn’t as cute, cuddly or even furry like its mammalian colleagues. Instead, this good boy features four metal and rubber legs, a face only perhaps only a Cylon could love, and all the grace…
Read More