InfoSec News Nuggets 10/04/2024

Iranians Accused of Hacking US Presidential Campaigns; $10 Million Offered for Info on their Location The Justice Department announced that three Iranian nationals and Islamic Revolutionary Guard Corps (IRGC) employees, at the same time, have been indicted for hacking accounts belonging to US officials, journalists, and individuals associated with US political campaigns. Several reports of hacks related to political campaigns have surfaced in recent months as unknown hackers breached various systems and networks, then stole…
Read More

InfoSec News Nuggets 10/03/2024

NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate. The NCA claimed Aleksandr Ryzhenkov is a high-ranking Evil Corp member – and also alleged he is the LockBit…
Read More

InfoSec News Nuggets 10/02/2024

If you're holding important data, Iran is probably trying spearphish it US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments. A security advisory published late on Friday says that high-value individuals are being targeted with social engineering attempts to harvest credentials for their personal accounts. If successful, the attackers rummage around whatever service they've gained access to in search of data…
Read More

InfoSec News Nuggets 10/01/2024

Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would  provide $1.3 billion for the Department of Health and Human Services (HHS) to support hospitals and create…
Read More

InfoSec News Nuggets 9/30/2024

Microsoft: Windows Recall now can be removed, is more secure Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. Today's announcement comes in response to customer pushback requesting stronger default data privacy and security protections, which prompted the company to delay its public release by making it first available for preview with Windows Insiders. Redmond also…
Read More

InfoSec News Nuggets 9/27/2024

US sanctions crypto exchanges used by Russian ransomware gangs The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. Cryptex (which used the cryptex[.]net domain) reportedly provides financial services to cybercriminals and laundered over $51 million in funds linked to ransomware attacks. "Cryptex is also associated with over $720 million in transactions to services frequently used…
Read More

InfoSec News Nuggets 9/26/2024

Hacker plants false memories in ChatGPT to steal user data in perpetuity When security researcher Johann Rehberger recently reported a vulnerability in ChatGPT that allowed attackers to store false information and malicious instructions in a user’s long-term memory settings, OpenAI summarily closed the inquiry, labeling the flaw a safety issue, not, technically speaking, a security concern. So Rehberger did what all good researchers do: He created a proof-of-concept exploit that used the vulnerability to exfiltrate…
Read More

InfoSec News Nuggets 9/25/2024

'Cybersecurity issue' takes MoneyGram offline for three days – and counting A "cybersecurity issue" has shut down MoneyGram's systems and payment services since Friday, and the fintech leader has yet to update customers as to when it expects to have its global money transfer services back up and running. The downed services reportedly include in-person payments as well as online transactions. The Register has asked Texas-based MoneyGram for comment and will update this story if and when we receive…
Read More

InfoSec News Nuggets 9/24/2024

Microsoft ends development of Windows Server Update Services (WSUS) Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. This move isn't surprising, as Microsoft first listed WSUS as one of the "features removed or no longer developed starting with Windows Server 2025" on August 13. In June, the company also revealed that it would also soon deprecate WSUS driver synchronization.…
Read More

InfoSec News Nuggets 9/23/2024

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns amid ongoing threats targeting businesses by tricking employees into phishing and phone call scams. A hacker using the alias “grep” claims that the technology giant Dell has experienced a “minor” data breach, resulting in the theft of over ten thousand (10,863) employee records. This information…
Read More

InfoSec News Nuggets 9/20/2024

Walmart customers scammed via fake shopping lists, threatened with arrest Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lists, a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance…
Read More

InfoSec News Nuggets 9/19/2024

Chinese spies spent months inside aerospace engineering firm's network via legacy IT Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's…
Read More

InfoSec News Nuggets 9/18/2024

Concealed networks: Are dark web syndicates turning to social media for cybercrime? If you envision the dark web as a shadowy realm where cybercriminals orchestrate nefarious activities under the cover of anonymity, you’re not far from the truth. However, the dark web isn’t just as unreachable as you’d think—you likely interact with it more often than you realize. Given this reality, both businesses and individuals must ask: What are the chances that your sensitive, confidential…
Read More

InfoSec News Nuggets 9/17/2024

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack In August, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber attack disrupted travel plans. “A spokesperson…
Read More

InfoSec News Nuggets 9/16/2024

Scammers advertise fake AppleCare+ service via GitHub repos We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to…
Read More

InfoSec News Nuggets 9/13/2024

Fortinet confirms data breach after hacker claims to steal 440GB of files Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services. Early this…
Read More

InfoSec News Nuggets 9/12/2024

Utah social media law requiring age verification blocked by judge A federal judge halted a Utah child safety law requiring social platforms to verify the ages of their users. In an order on Tuesday, Judge Robert J. Shelby issued a preliminary injunction in favor of NetChoice, saying the law likely violates the First Amendment. NetChoice, the technology trade association that includes Meta, Snap, Google, and X, sued the state to block the law in December 2023, alleging it “violates the…
Read More

InfoSec News Nuggets 9/11/2024

Predator spyware operation is back with a new infrastructure Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium. In March 2024, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans. The surveillance software was…
Read More

InfoSec News Nuggets 9/10/2024

New RAMBO attack steals data using RAM in air-gapped computers A novel side-channel attack dubbed  "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. Air-gapped systems, typically used in mission-critical environments with exceptionally high-security requirements, such as governments, weapon systems, and nuclear power stations, are isolated from the public internet and other networks to prevent malware infections and data theft. Although these systems are…
Read More

InfoSec News Nuggets 9/9/2024

Colombia's Petro calls for investigation into Pegasus software purchase Colombia's President Gustavo Petro on Wednesday asked the attorney general's office to investigate the $11 million purchase of Pegasus spy software, which he said could have been used to spy on opposition politicians during the previous administration. Spyware technology, including Pegasus, has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.  …
Read More

InfoSec News Nuggets 9/6/2024

White House Outlines Plan for Addressing BGP Vulnerabilities The White House on Tuesday outlined a plan for addressing internet routing security issues, particularly vulnerabilities associated with the Border Gateway Protocol (BGP).  BGP is the protocol used for exchanging routing information between autonomous systems (AS) on the internet. However, this critical component of the web was not created with security in mind and several potentially important vulnerabilities have come to light in the past years. They can enable…
Read More

InfoSec News Nuggets 9/5/2024

Clearview faces a €30.5 million for violating the GDPR Clearview AI is back in hot — and expensive — water, with the Dutch Data Protection Authority (DPA) fining the company €30.5 million ($33.6 million) for violating the General Data Protection Regulation (GDPR). The release explains that Clearview created "an illegal database with billions of photos of faces," including Dutch individuals, and has failed to properly inform people that it's using their data. In early 2023, Clearview's CEO…
Read More

InfoSec News Nuggets 9/4/2024

The MadRadar Hack Can Cause Autonomous Cars to Malfunction and Hallucinate Self-driving cars come closer to being a reality every day. Many vehicles already have autonomous features, but several challenges remain. Cybersecurity shortcomings are among the most concerning, and a recent experiment dubbed “MadRadar” heightens these worries. Researchers at Duke University demonstrated MadRadar in January 2024 before detailing it at the Network and Distributed System Security Symposium in February. The attack targets driverless vehicles’ radar, making them detect incoming…
Read More

InfoSec News Nuggets 9/3/2024

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights. Ian Carroll and Sam Curry worked on the findings together after the Known Crewmember (KCM) queue caught their attention at an airport during their routine travel. The lane can sometimes be seen at airports and it…
Read More

InfoSec News Nuggets 8/30/2024

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today. Le Grand Palais and dozens of other national museums and institutions overseen by Réunion des Musées Nationaux – Grand Palais (RMN-GP) were targeted by cybercriminals over…
Read More

InfoSec News Nuggets 8/29/2024

Dick's Sporting Goods discloses cyberattack Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week. In an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, "including portions of its systems containing certain confidential information." However, the filing doesn't state exactly what information was targeted by the attackers. "The company has no knowledge…
Read More

InfoSec News Nuggets 8/28/2024

Google tags a tenth Chrome zero-day as exploited this year Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is described as an inappropriate implementation in Google Chrome's V8 JavaScript engine that can let remote attackers exploit heap corruption via a crafted HTML page. This was announced in an update to…
Read More

InfoSec News Nuggets 8/27/2024

'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More Apple's Macs are less targeted by malware than Windows PCs, but that doesn't mean they are immune. Increasingly, insidious types of Mac malware are being developed that have researchers concerned enough to issue public warnings, and that's the case again today. As reported by Hacker News, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer." First spotted…
Read More

InfoSec News Nuggets 8/26/2024

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware More than two years after the critical Log4j zero-day sparked chaos around the world, organizations are still being hit by exploits pushing crypto-currency miners and malicious backdoor scripts. According to researchers at Datadog Security Labs, opportunistic cybercriminals are still finding targets for ‘Log4Shell’ exploits that evade detection and plant malware scripts on unpatched corporate systems. The Datadog discovery highlights the long tail of risk from critical…
Read More

InfoSec News Nuggets 8/23/2024

FCC Slaps Telecom Firm With $1M Fine for Spreading Fake Biden Robocall The Federal Communications Commission has fined Lingo Telecom $1 million for transmitting robocalls impersonating President Joe Biden earlier this year, where an AI replica of Biden's voice was used to trick and persuade voters in the New Hampshire primary election not to go to the polls. Lingo Telecom mislabeled and distributed the robocalls, which were commissioned by a former political consultant who now faces a $6 million…
Read More

InfoSec News Nuggets 8/22/2024

Post-Quantum Cryptography set to revolutionise digital security Post-Quantum Cryptography (PQC) is poised to redefine the very foundation of digital security by addressing threats posed by advancements in quantum computing. Recently, the National Institute of Standards and Technology (NIST) finalised a principal set of encryption algorithms designed to withstand cyberattacks from quantum computers. This significant step prompts organisations to reconsider their approaches to cybersecurity. According to the Australian Signals Directorate (ASD), which monitors NIST developments to…
Read More

InfoSec News Nuggets 8/21/2024

Prominent Jewish rabbi targeted by Iranian phishers masquerading as podcasters Iranian threat actor TA453, known for going to great lengths in its spear-phishing campaigns, recently attempted to target a well-known religious figure in Israel. They set up a trap by inviting the rabbi to join a podcast about “Jewish life in the Muslim world.” Proofpoint researchers have identified a new campaign by the threat actor, tracked by different names, such as TA453, APT42, Charming Kitten,…
Read More

InfoSec News Nuggets 8/20/2024

The US wants to use facial recognition to identify migrant children as they age  The US Department of Homeland Security (DHS) is looking into ways it might use facial recognition technology to track the identities of migrant children, “down to the infant,” as they age, according to John Boyd, assistant director of the department’s Office of Biometric Identity Management (OBIM), where a key part of his role is to research and develop future biometric identity…
Read More

InfoSec News Nuggets 8/19/2024

ISP to Supreme Court: We shouldn’t have to disconnect users accused of piracy A large Internet service provider wants the Supreme Court to rule that ISPs shouldn't have to disconnect broadband users who have been accused of piracy. Cable firm Cox Communications, which is trying to overturn a ruling in a copyright infringement lawsuit brought by Sony, petitioned the Supreme Court to take up the case yesterday. Cox said in a press release that a…
Read More

InfoSec News Nuggets 8/16/2024

Ex-Google CEO says successful AI startups can steal IP and hire lawyers to ‘clean up the mess’  Former Google CEO and chairman Eric Schmidt has made headlines for saying that Google was blindsided by the early the rise of ChatGPT because its employees decided that “working from home was more important than winning.” The comment was made in front of Stanford students during a recent interview, video of which was removed from the university’s YouTube channel after Schmidt’s…
Read More

InfoSec News Nuggets 8/15/2024

US appeals court rules geofence warrants are unconstitutional  A federal appeals court has ruled that geofence warrants are unconstitutional, a decision that will limit the use of the controversial search warrants across several U.S. states. The Friday ruling from the U.S. Court of Appeals for the Fifth Circuit, which covers Louisiana, Mississippi and Texas, found that geofence warrants are “categorically prohibited by the Fourth Amendment,” which protects against unwarranted searches and seizures. Civil liberties and privacy advocates applauded the ruling, which…
Read More

InfoSec News Nuggets 8/14/2024

Justice Department Disrupts North Korean ‘Laptop Farm’ Operation  Law enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies. According to court documents, 38-year-old Matthew Isaac Knoot operated a scheme that assisted North Koreans posing as U.S.-based IT professionals by using the stolen identity of an American citizen.    NIST Formalizes World's First Post-Quantum Cryptography Standards  The world’s first post-quantum…
Read More

InfoSec News Nuggets 8/12/2024

It’s not worth paying to be removed from people-finder sites, study says  If you've searched your name online in the last few years, you know what's out there, and it's bad. Alternately, you've seen the lowest-common-denominator ads begging you to search out people from your past to see what crimes are on their record. People-search sites are a gross loophole in the public records system, and it doesn't feel like there's much you can do…
Read More

InfoSec News Nuggets 8/9/2024

Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal As with virtually any electronic device, vehicle infotainment systems, colloquially known as head units, can be engineered to steal user data. Dan Mazzella, security research engineer and malware researcher at Cisco Talos successfully exploited his own vehicle‘s head unit to demonstrate that the attack is possible. “I was able to very easily just dump process memory and access exact GPS coordinates for…
Read More

InfoSec News Nuggets 8/8/2024

This Attack Pushes Windows Update to the Dark Side If a powerful program reached into your Windows operating system and made fundamental changes to its functionality, including changes to security, you might consider it a dangerous attack on system integrity. But when that powerful program is Windows Update, well, it’s just fine. Every month, sometimes more often, Windows Update does its thing. Alon Leviev, Security Researcher at SafeBreach, scrutinized the process for ways malware coders might misuse…
Read More

InfoSec News Nuggets 8/7/2024

NFL to begin using face scanning tech across all of its stadiums The National Football League and all 32 of its teams will use tech from facial recognition software vendor Wicket to verify the identity of thousands of staff, media and fans as part of its credentialing program. Wicket chief operating officer Jeff Boehm touted the "big news" in a LinkedIn post: "After a pilot last season, all 32 teams (starting with the New England…
Read More

InfoSec News Nuggets 8/6/2024

Apache OFBiz Users Warned of New and Exploited Vulnerabilities Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole. The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such…
Read More

InfoSec News Nuggets 8/5/2024

UK crimebusters shut down global call-spoofing outfit that claimed 170K-plus victims The UK's National Crime Agency (NCA) has shut down an outfit called Russian Coms – a call-spoofing service believed to have swindled hundreds of thousands of victims. The agency also arrested at least four suspects thought to be involved in the fraudulent operation, which spanned more than 100 countries. Despite the moniker, all four of the arrested men are Brits. In March, the NCA…
Read More

InfoSec News Nuggets 8/2/2024

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant. "This historic settlement demonstrates our commitment to standing up to the world's biggest…
Read More

InfoSec News Nuggets 7/31/2024

Hacker USDoD: “I don't pick sides. I play both sides and always win” – interview Every black hat hacker has an origin story. Just as the hands of circumstances, seemingly woven by fate, shape anomalous incidents in history caused by powerful figures, a hacker is born in a similar vein. Meanwhile, influence is the shaping force that makes the hacktivist. This is an interview with the new leader of Black Forums, known by his alias…
Read More

InfoSec News Nuggets 7/30/2024

Passwords disappear for millions of Windows users thanks to Google To put it bluntly, it's not been a great month for tech giants. Earlier this month, the CrowdStrike bug brought many businesses to a complete standstill and left millions facing the Blue Screen of Death, causing disruption many are still recovering from following postponed flights and surgeries, to name just a few inconveniences. Well, not to be left out, Google had to cause its own…
Read More

InfoSec News Nuggets 7/29/2024

Paris Olympics app a ‘prime target for cybercriminals’ Analysts predict that there could be as many as four billion cyber attacks at this year’s Games. The official Paris Olympics 2024 app is particularly vulnerable. “This app handles vast amounts of personal and transactional data, making it a prime target for cybercriminals,” said Sakthi Mohan, cloud security lead at California-based Synopsys Software Integrity Group. The Paris Olympics app has already been downloaded over 10 million times on Google Play. It allows…
Read More

InfoSec News Nuggets 7/26/2024

Israel tried to frustrate US lawsuit over Pegasus spyware, leak suggests The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest. Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information…
Read More

InfoSec News Nuggets 7/25/2024

UNVEILING THE SCAM: HOW FRAUDSTERS ABUSE LEGITIMATE BLOCKCHAIN PROTOCOLS TO STEAL YOUR CRYPTOCURRENCY WALLET Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens on Ethereum and other popular blockchains, locking over $1.8 trillion in trading volume and 350 million swaps. As…
Read More

InfoSec News Nuggets 7/24/2024

Fake CrowdStrike repair manual pushes new infostealer malware CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows…
Read More