InfoSec News Nuggets 02/25/2021

Firefox 86 Introduces Total Cookie Protection Cookies, those well-known morsels of data that web browsers store on a website’s behalf, are a useful technology, but also a serious privacy vulnerability. That’s because the prevailing behavior of web browsers allows cookies to be shared between websites, thereby enabling those who would spy on you to “tag” your browser and track you as you browse. This type of cookie-based tracking has long been the most prevalent method…
Read More

InfoSec News Nuggets 02/24/2021

Cybersecurity and online gaming: Don’t be a victim The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is…
Read More

InfoSec News Nuggets 02/23/2021

Clubhouse Chats Are Breached, Raising Concerns Over Security A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn’t be stolen by malicious hackers or spies, at least one attacker has proven the platform’s live audio can be siphoned. An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the…
Read More

InfoSec News Nuggets 02/22/2021

Clubhouse under scrutiny for sending data to Chinese servers Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word. Clubhouse members can enter virtual rooms to listen in or participate in live conversations. The conversations can only be joined when they are live and the people having the conversation determine who is…
Read More

InfoSec News Nuggets 02/19/2021

Apple will only approve COVID-19 vaccination apps verified by health authorities It may not be enough just to get vaccinated against COVID-19 -- you may also need proof that you've completed the vaccination course to be able to travel, to go to school or to enter establishments in the immediate future. That's why apps providing proof of vaccination you can easily take with you have started popping up, and why Apple has conjured up a rule to…
Read More

InfoSec News Nuggets 02/18/2021

Jones Day is latest major law firm affected by vendor data breach Jones Day confirmed Tuesday that a file transfer platform it used was recently compromised, and that the firm is investigating the breach and talking with affected clients. Hackers that go by the name Clop claim to have stolen files belonging to Jones Day and posted screenshots on the dark web, according to by DataBreaches.net, which posted redacted images of firm correspondence over the…
Read More

InfoSec News Nuggets 02/17/2021

Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion, “to push his malicious proof-of-concept (PoC) code to internal…
Read More

InfoSec News Nuggets 02/16/2021

AT&T scrambles to install fiber for 90-year-old after his viral WSJ ad When 90-year-old Aaron Epstein bought a Wall Street Journal print ad to complain about his slow AT&T Internet service, the impact was immediate. Reporters like me called him and wrote articles, talk of his plight went viral on the Internet, his ad made an appearance on Stephen Colbert's Late Show, TV networks interviewed him for nightly news broadcasts, and AT&T executives sprang into action…
Read More

InfoSec News Nuggets 02/12/2021

Tax Scammers Are Getting Sneakier. Here's How to Spot the Latest Cons The 2021 tax season starts on Friday, Feb. 12, which means it’s time to get your paperwork in order. It’s also time to be on the lookout for scam artists targeting those of us feeling a little overwhelmed as the April 15 deadline gets closer. Tax-related scams are nothing new, according to Howard Silverstone, a member of the American Institute of CPA’s Fraud…
Read More

InfoSec News Nuggets 02/11/2021

Accused murderer wins right to check source code of DNA testing kit used by police A New Jersey appeals court has ruled that a man accused of murder is entitled to review proprietary genetic testing software to challenge evidence presented against him. Attorneys defending Corey Pickett, on trial for a fatal Jersey City shooting that occurred in 2017, have been trying to examine the source code of a software program called TrueAllele to assess its reliability. The…
Read More

InfoSec News Nuggets 02/10/2021

Microsoft to alert enterprise security teams when nation-state attackers target their employees Microsoft will introduce this month a new security alert that will notify enterprise security teams when an employee is being targeted by suspected nation-state attackers. The notification will appear in the dashboard of Microsoft Defender for Office 365, a cloud-based email filtering service that protects enterprise Office 365 users against advanced and targeted threats (e.g., BEC, credential phishing, etc.), so that security teams…
Read More

InfoSec News Nuggets 02/09/2021

Bill would allow tech companies to create local governments If you’ve got enough money, acres upon acres of undeveloped land and an “innovative technology,” you soon could form a new local government in Nevada. When Gov. Steve Sisolak last month announced his plan to launch Innovation Zones in Nevada to jump-start the state’s economy by attracting new tech companies, the details of how those zones would operate proved scarce. According to a draft of the…
Read More

InfoSec News Nuggets 02/08/2021

How will 'chipageddon' affect you? For the most part they go unseen but computer chips are at the heart of all the digital products that surround us - and when supplies run short, it can halt manufacturing. There was a hint of the problem last year when gamers struggled to buy new graphics cards, Apple had to stagger the release of its iPhones, and the latest Xbox and PlayStation consoles came nowhere close to meeting demand. Then,…
Read More

InfoSec News Nuggets 02/05/2021

Scammers posing as FBI agents threaten targets with jail time The U.S. Federal Bureau of Investigation (FBI) is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information. As the FBI warns, the agency has received multiple reports of such scam attempts where the fraudsters are targeting North Florida residents attempting to steal their personal info. Additionally, "multiple versions of…
Read More

InfoSec News Nuggets 02/04/2021

SCIENTISTS HAVE TAUGHT SPINACH TO SEND EMAILS AND IT COULD WARN US ABOUT CLIMATE CHANGE Through nanotechnology, engineers at MIT in the US have transformed spinach into sensors capable of detecting explosive materials. These plants are then able to wirelessly relay this information back to the scientists. When the spinach roots detect the presence of nitroaromatics in groundwater, a compound often found in explosives like landmines, the carbon nanotubes within the plant leaves emit a signal. This…
Read More

InfoSec News Nuggets 02/03/2021

Facebook strikes back against Apple privacy change, prompts users to accept tracking to get ‘better ads experience’ With a forthcoming update to iOS 14, each app that wants to use these identifiers will ask users to opt in to tracking when the app is first launched. If users opt out, it will make these ads a lot less effective. Facebook has warned investors that these looming changes could hurt its advertising business as soon as this quarter.…
Read More

InfoSec News Nuggets 02/02/2021

Check if your photos were used to develop facial recognition systems with this free tool If you’ve uploaded any photos to the web in recent years, there’s a good chance they’ve been used to build facial recognition systems. Developers routinely train facial recognition algorithms on images from websites — without the knowledge of the people who posted them. A new online tool called Exposing.AI can help you find out if your photos are among the snaps they’re…
Read More

InfoSec News Nuggets 02/01/2021

New Spotify Patent Involves Monitoring Users’ Speech to Recommend Music Spotify has been granted a patent with technology that aims to use recordings of users’ speech and background noise to determine what kind of music to curate and recommend to them, Music Business Worldwide reports. The company filed for the patent in 2018; it was approved on January 12, 2021. The patent outlines potential uses of technology that involves the extraction of “intonation, stress, rhythm, and the likes of units…
Read More

InfoSec News Nuggets 01/29/2021

Arrest, Seizures Tied to Netwalker Ransomware U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a…
Read More

InfoSec News Nuggets 01/28/2021

23M Gamer Records Exposed in VIPGames Leak VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left exposed thanks to a cloud misconfiguration, according to a new report from WizCase. Aside from its desktop users, VIPGames…
Read More

InfoSec News Nuggets 01/27/2021

North Korean hackers are targeting security researchers with malware, 0-days A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google's Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware. The threat actors create fake Twitter profiles and blogs to…
Read More

InfoSec News Nuggets 01/26/2021

Apple launches ‘Time to Walk’ for Fitness+ with Dolly Parton, Draymond Green, others Apple today launched a new component of Fitness+ designed to get people out of their homes and away from their TVs. Called Time to Walk, it’s the first outdoor component of Fitness+ and opens the service up to a new world of workouts. Apple seemingly goes out of its way to not call them podcasts, but Time to Walk is a very much in the vein.…
Read More

InfoSec News Nuggets 01/25/2021

After big hack of U.S. government, Biden enlists 'world class' cybersecurity team President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Disclosed in December, the hack struck eight federal agencies and numerous companies, including software provider SolarWinds Corp. U.S. intelligence agencies…
Read More

InfoSec News Nuggets 01/22/2021

Vehicle Manufacturers Face Cybersecurity Challenges Over the last several decades, there have been significant advancements in automotive technology. Today’s vehicles are equipped with more and more sophisticated computer systems than ever before. But as our reliance on technology continues to grow, so does the potential for cybersecurity attacks and resulting litigation. That’s why it’s becoming increasingly important for car manufacturers to pay close attention to the legal landscape. One recent case illustrates what’s going on.…
Read More

InfoSec News Nuggets 01/21/2021

Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered The pandemic has brought existential conversations to the forefront in recent months. However, in an increasingly virtual world, threats are no longer reserved for the physical universe we occupy and cybersecurity breaches are increasingly common. It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered…
Read More

InfoSec News Nuggets 01/20/2021

How one hacker's push to secure the internet became a crucial part of Mac, Linux, and Windows operating systems Jason A. Donenfeld is relentlessly curious about everything, from ancient cities to cutting edge cryptography. When he's not developing WireGuard, known as the most secure VPN protocol in the world, the security researcher enjoys exploring the vast network of centuries-old limestone tunnels beneath Paris. Donenfeld, who is 32, originally came to Paris in 2010, after landing…
Read More

InfoSec News Nuggets 01/19/2021

Nine Attention-Grabbing Inventions Unveiled at This Year’s CES Like school, work conferences and visiting your grandparents, this year’s Consumer Electronics Show (CES) has been virtual-only. So instead of gathering in hangar-sized Las Vegas expo halls, those wishing to check out the year’s crop of tech and gadget debuts can simply tune in online. Some of these technologies will never catch on. Others may one day be as ubiquitous as the Xbox, satellite radio and 3D printers, all…
Read More

InfoSec News Nuggets 01/15/2021

Apple drops 'exclusion list' which allowed its own apps to bypass firewalls The latest beta of macOS Big Sur has reportedly removed the contentious ability for Apple's own apps to bypass firewalls, and hide their network use. Apple's release of the macOS Big Sur 11.2 beta appears to show that the company is dropping a controversial network feature. In the current public version of Big Sur, 56 of Apple's own apps and system processes can use the internet…
Read More

InfoSec News Nuggets 01/14/2021

The billionaires' brawl over satellite broadband Elon Musk is under siege by fellow billionaires at Amazon and Dish as he tries to get his fledgling space-based broadband service off the ground, with clashes involving airwave overload and the threat of satellite collisions. Musk's Starlink service could extend broadband to unconnected customers in hard-to-reach rural areas. But competitors are pressing the Federal Communication Commission to stymie Musk's plans. The Federal Communications Commission voted Tuesday evening to explore letting companies…
Read More

InfoSec News Nuggets 01/13/2021

Mac malware uses 'run-only' AppleScripts to evade analysis A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. Yet, analyzing it is difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code a tall order. A recently observed variant…
Read More

InfoSec News Nuggets 01/12/2021

Securing Wi-Fi at Home To create a secure home network, you need to start by securing your Wi-Fi access point (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi-Fi to create a far more secure home network for you and your family.   Can Artificial Intelligence Help Us Fight Fake News? Fake news and…
Read More

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More

InfoSec News Nuggets 01/08/2021

Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That? On Wednesday, hundreds of Donald Trump supporters rioted and stormed the Capitol, getting into the Senate and the offices of some lawmakers, who were hastily evacuated. Given how quickly some staffers and lawmakers had to leave, some of them left their computers unlocked and unattended, and some of the terrorists were photographed in front of them. Cybersecurity experts now worry that the rioters had a chance to get their…
Read More

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More

InfoSec News Nuggets 01/06/2021

One Million Compromised Accounts Found at Top Gaming Firms Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue. After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side. This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal…
Read More

InfoSec News Nuggets 01/05/2021

20 years of tech with Jeff: From green iMacs and DVDs to the iPhone era My stint started in 2000 – I began at USA TODAY earlier, covering entertainment – when we spent a lot of time talking about the big three tech companies: AOL, Yahoo and Microsoft. AOL had just shocked the world by buying Time Warner for $165 billion. (You know how well that turned out. But I digress.) We did use computers, yes indeed,…
Read More

InfoSec News Nuggets 01/04/2021

Apply brakes to Apple Car expectations, analyst says The idea of an Apple Car landing in showrooms hit the headlines again last week when a Reuters report suggested the tech giant is aiming to have an electric vehicle (EV) with autonomous capabilities ready for market in 2024. But a new research note from respected Apple analyst Ming-Chi Kuo suggests the car’s precise design specifications have yet to be decided, adding that any such vehicle may not arrive until 2028…
Read More

InfoSec News Nuggets 12/28/2020

Five Solution Providers Breached By SolarWinds Hackers Deloitte, Stratus Networks, Digital Sense, ITPS and Netdecisions were breached via SolarWinds and then specifically targeted by the hackers for additional internal compromise, according to a cybersecurity consultancy. The Sweden-based firm, Truesec, analyzed the malware — as well as historical network data — to determine which firms were explicitly selected by the SolarWinds hackers for further activities, meaning that additional internal compromise could have taken place. Nearly 18,000 firms were…
Read More

InfoSec News Nuggets 12/24/2020

FireEye's Mandia on SolarWinds hack: 'This was a sniper round' The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special…
Read More

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio,…
Read More

InfoSec News Nuggets 12/22/2020

Zoom Says It’s Being Probed by SEC, Two U.S. Attorneys Offices Zoom Video Communications Inc. said it has provided information to multiple U.S. prosecutors and regulators regarding interactions with China and other overseas governments, as well as security and user privacy matters. The U.S. Securities and Exchange Commission and two U.S. Attorney’s offices have been investigating Zoom for months, the San Jose, California-based company said Friday in a blog post and a filing. The videoconferencing company disclosed the…
Read More

InfoSec News Nuggets 12/21/2020

Nuclear weapons agency breached amid massive cyber onslaught The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said. On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by…
Read More

InfoSec News Nuggets 12/18/2020

Google sued by 10 states for alleged "anti-competitive conduct" in advertising Ten states on Wednesday brought a lawsuit against Google, accusing the search giant of "anti-competitive conduct" in the online advertising industry, including a deal to manipulate sales with rival Facebook. Texas Attorney General Ken Paxton announced the suit, which was filed in a federal court in Texas, saying Google is using its "monopolistic power" to control pricing of online advertisements, fixing the market in…
Read More

InfoSec News Nuggets 12/17/2020

Microsoft and industry partners seize key domain used in SolarWinds hack Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. According…
Read More

InfoSec News Nuggets 12/16/2020

Amazon, TikTok, Facebook, Others Ordered To Explain What They Do With User Data The Federal Trade Commission is demanding that nine social media and tech companies share details on how they harness users' data and what they do with the information. Amazon.com, TikTok owner ByteDance, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp (also owned by Facebook), and YouTube were sent orders by the FTC on Monday to provide the commission with details on their data collection and advertising…
Read More

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More

InfoSec News Nuggets 12/14/2020

Facebook links APT32, Vietnam's primary hacking group, to local IT firm In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today's most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users. "Our investigation linked this activity to CyberOne Group, an…
Read More

InfoSec News Nuggets 12/11/2020

Hackers steal data on Pfizer Covid-19 vaccine The manufacturers of one of the leading Covid-19 vaccines has admitted that it has been targeted in an apparent cyberattack. US firm Pfizer and its German partner BioNTech, which collectively have developed the first Covid vaccine to achieve approval in the West, confirmed that documents related to the vaccine’s development had been “unlawfully accessed.” Little information is known about the attack, including likely instigators, or when and how the attack…
Read More

InfoSec News Nuggets 12/10/2020

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers at Forescout and dubbed Amnesia-33, are buried deep in the supply chain: third-party software used in components…
Read More

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe…
Read More