11 Dec 2020
By Mary

InfoSec News Nuggets 12/11/2020

Hackers steal data on Pfizer Covid-19 vaccine The manufacturers of one of the leading Covid-19 vaccines has admitted that it has been targeted in an apparent cyberattack. US firm Pfizer and its German partner BioNTech, which collectively have developed the first Covid vaccine to achieve approval in the West, confirmed that documents related to the vaccine’s development had been “unlawfully accessed.” Little information is known about the attack, including likely instigators, or when and how the attack…
Read More
10 Dec 2020
By Mary

InfoSec News Nuggets 12/10/2020

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers at Forescout and dubbed Amnesia-33, are buried deep in the supply chain: third-party software used in components…
Read More
09 Dec 2020
By Mary

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe…
Read More
08 Dec 2020
By Mary

InfoSec News Nuggets 12/08/2020

China bans encryption exports – including quantum and key management tech China has restricted export of encryption technologies in the first list on new items published under new export control laws. The list, which The Register has passed through two machine translation services, restricts exports of VPNs, chips with encryption functions used in finance industry applications, key management products and cryptanalysis equipment. Dedicated password-generating hardware also cannot leave the Middle Kingdom without approval. Quantum cryptographic equipment is also…
Read More
07 Dec 2020
By Mary

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners…
Read More
04 Dec 2020
By Mary

InfoSec News Nuggets 12/04/2020

IBM warns hackers targeting COVID vaccine 'cold chain' supply process IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus. The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with…
Read More
03 Dec 2020
By Mary

InfoSec News Nuggets 12/03/2020

5G rollout faster than expected; will reach a billion people this year The super-fast technology reached more customers this year than expected and will cover about 60% of the global population by 2026, according to a new report from Ericsson. That makes 5G the fastest deployed mobile network ever, the Swedish networking giant said. By the end of this year, there will be 218 million 5G subscriptions around the world, up from Ericsson’s forecast in…
Read More
02 Dec 2020
By Mary

InfoSec News Nuggets 12/02/2020

Developers can now run macOS apps in an Amazon EC2 instance running on an Intel Mac mini Amazon EC2 Mac instances enable customers to run on-demand macOS workloads in the cloud for the first time, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. With EC2 Mac instances, developers creating apps for iPhone, iPad, Mac, Apple Watch, Apple TV, and Safari can provision and access macOS environments within minutes, dynamically scale…
Read More
01 Dec 2020
By Mary

InfoSec News Nuggets 12/01/2020

Gift card hack exposed – you pay, they play As you probably know, gift cards that you purchase online are typically delivered by email to a recipient of your choosing as a secret code and a registration link. So, receiving a gift card code is a bit like getting hold of the number, expiry date and security code from a prepaid credit card – loosely speaking, whoever has the code can spend it. Although gift…
Read More
30 Nov 2020
By Mary

InfoSec News Nuggets 11/30/2020

Networking equipment vendor Belden discloses data breach American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.  The intrusion was detected after the company's IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well…
Read More
25 Nov 2020
By Mary

InfoSec News Nuggets 11/25/2020

Top Biden adviser seen as making tech regulation more likely President-elect Joe Biden’s top technology adviser helped craft California’s landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two key tech policy issues.  Bruce Reed, a former Biden chief of staff who is expected to take a major role in the new administration, helped negotiate with the…
Read More
24 Nov 2020
By Mary

InfoSec News Nuggets 11/24/2020

Apple accuses Facebook of 'disregard for user privacy' Apple has criticised Facebook for trying to “collect as much data as possible” from users, saying it will push ahead with its planned launch of a new privacy feature despite objections from the advertising industry. The company’s director of global privacy, Jane Horvath, made the criticism in a letter to a coalition of privacy groups, reassuring them that the feature, which will require users to actively allow developers to…
Read More
23 Nov 2020
By Mary

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More
20 Nov 2020
By Mary

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world's biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught…
Read More
19 Nov 2020
By Mary

InfoSec News Nuggets 11/19/2020

Hacking group exploits ZeroLogon in automotive, industrial attack wave The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper. Historically, the threat group -- first discovered in 2009 and one that the US believes may be sponsored by the Chinese government -- has targeted organizations connected to Japan, and this latest attack wave appears to be no different. Symantec researchers have documented companies and their subsidiaries…
Read More
18 Nov 2020
By Mary

InfoSec News Nuggets 11/18/2020

DarkSide ransomware is creating a secure data leak service in Iran The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack…
Read More
17 Nov 2020
By Mary

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More
16 Nov 2020
By Mary

InfoSec News Nuggets 11/16/2020

Microsoft says it’s time for you to stop using SMS and voice calls for multi-factor authentication Multi-factor authentication makes it much harder for hackers to break their way into your online accounts, even if they already know your password. An online account protected by MFA will prompt you to enter a separate one-time code – often constructed out of six random digits that expire after a short period of time – after you have entered…
Read More
13 Nov 2020
By Mary

InfoSec News Nuggets 11/13/2020

Japan’s creepy robot wolf scares away crop-raiding deer, bears A Japanese town has deployed robot wolves in the hopes of scaring away bears and other wildlife that can damage crops -- or potentially injure residents. The robot, simply named "Monster Wolf," is being tested in a town called Takikawa, located on the Hokkaido island in Northern Japan.  As reported by JAPANkyo, the 'scarecrow' has been created by Ohta Seiki and measures roughly 24-inches long, sporting a furry body, four…
Read More
11 Nov 2020
By Mary

InfoSec News Nuggets 11/11/2020

The Double-Edged Sword of Cybersecurity Insurance Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer…
Read More
10 Nov 2020
By Mary

InfoSec News Nuggets 11/10/2020

Vatican enlists bots to protect library from onslaught of hackers Ancient intellects are now being guarded by artificial intelligence following moves to protect one of the most extraordinary collections of historical manuscripts and documents in the world from cyber-attacks. The Vatican Apostolic Library, which holds 80,000 documents of immense importance and immeasurable value, including the oldest surviving copy of the Bible and drawings and writings from Michelangelo and Galileo, has partnered with a cyber-security firm to…
Read More
09 Nov 2020
By Mary

InfoSec News Nuggets 11/09/2020

What to do with old online accounts you don't use anymore? Chances are you have old online accounts that you haven’t used for a long time, maybe years. I know I do. I talked to the digital security experts at Sophos, and they say the smart move is to delete these old accounts. “Those old accounts may not seem like they have much value to you, but criminals have been passing around those old passwords and…
Read More
06 Nov 2020
By Mary

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we…
Read More
05 Nov 2020
By Mary

InfoSec News Nuggets 11/05/2020

WhatsApp now lets you post ephemeral messages, which disappear after 7 days Facebook recently announced that WhatsApp passed the whopping milestone of 100 billion messages sent per day, but not everyone wants those chats to stick around forever. Now, Facebook’s wildly popular messaging app with 2 billion users is adding a feature to give people more control on how their words and pictures live within the app. From today, messages — including photos and videos…
Read More
04 Nov 2020
By Mary

InfoSec News Nuggets 11/04/2020

MIT researchers develop an AI model that can detect Covid-19 in asymptomatic individuals Though global economies have begun to open up, the Covid-19 virus is still spreading throughout the world, infecting thousands of new people every day. To help curb the spread of the disease, MIT researchers have developed an AI model that can detect the virus' presence in even asymptomatic individuals. The potential good that such a model could do is probably pretty obvious.…
Read More
03 Nov 2020
By Mary

InfoSec News Nuggets 11/03/2020

Twitter explains how it will handle misleading tweets about the US election results Twitter recently updated its policies in advance of the U.S. elections to include specific rules that detailed how it would handle tweets making claims about election results before they were official. Today, the company offered more information about how it plans to prioritize the enforcement of its rules and how it will label any tweets that fall under the new guidelines. In…
Read More
02 Nov 2020
By Mary

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More
30 Oct 2020
By Mary

InfoSec News Nuggets 10/30/2020

Scammers are spoofing bank phone numbers to rob victims It can be a very convincing trick…“You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you suggest calling them back, they’ll tell you it’s impossible to call their extension directly and…
Read More
29 Oct 2020
By Mary

InfoSec News Nuggets 10/29/2020

White Castle rolls out more robots from Miso Robotics to cook in its kitchens More robots are coming to White Castle . Expanding a partnership with Miso Robotics,  roughly 10 new White Castle locations will be rolling out the Pasadena, California-based company’s robotic fry cook. The move accelerates the adoption of Miso Robotics’ newly designed Flippy robot into kitchens to speed up production and allow more staff to work in the front of the house to service customers, the…
Read More
28 Oct 2020
By Mary

InfoSec News Nuggets 10/28/2020

Bot orders $18,752 of McSundaes every 30 min. to find if machines are working Burgers, fries, and McNuggets are the staples of McDonald's fare. But the chain also offers soft-serve ice cream in most of its 38,000+ locations. Or at least, theoretically it does. In reality, the ice cream machines are infamously prone to breaking down, routinely disappointing anyone trying to satisfy their midnight McFlurry craving. One enterprising software engineer, Rashiq Zahid, decided it's better to…
Read More
27 Oct 2020
By Mary

InfoSec News Nuggets 10/27/2020

FTC Launches New Fraud Reporting Tool for US Consumers The US Federal Trade Commission (FTC) has launched a new cyber-fraud reporting platform, where consumers can easily report fraud, scams or bad business practices. As fraud has surged during the pandemic, the consumer protection agency has created ReportFraud.ftc.gov, a user-friendly platform providing a “streamlined experience” for people bombarded with online scams and impostor calls. “Every time you report scams or bad business practices to the FTC, you’re…
Read More
26 Oct 2020
By Mary

InfoSec News Nuggets 10/26/2020

IBM AI model predicts onset of Alzheimer’s disease by analyzing descriptions of a cookie theft A new AI model can predict the onset of Alzheimer’s disease more accurately than standard clinical techniques by analyzing how people describe a picture of a cookie theft, according to a new study. Researchers from IBM and Pfizer trained the model to detect signs of speech impairment in written descriptions of the image, which is frequently used to test for cognitive disorders. The…
Read More
23 Oct 2020
By Mary

InfoSec News Nuggets 10/23/2020

Quibi is shutting down Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the…
Read More
22 Oct 2020
By Mary

InfoSec News Nuggets 10/22/2020

PayPal to support Bitcoin and other crypto — but merchants must use fiat PayPal is ready to let users to buy, sell, and hold Bitcoin $BTC▲4.15% and other cryptocurrencies, according to Reuters. PayPal chief exec Dan Schulman told Reuters the company hopes this will “encourage global use of virtual coins,” and ready its network in anticipation of digital currencies issued by central banks. The US payments giant said it plans to allow users to actually spend their cryptocurrency with the…
Read More
21 Oct 2020
By Mary

InfoSec News Nuggets 10/21/2020

Seven mobile browsers vulnerable to address bar spoofing attacks An "address bar spoofing" vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there…
Read More
20 Oct 2020
By Mary

InfoSec News Nuggets 10/20/2020

Albion Online game maker discloses data breach A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes, the game maker disclosed on Saturday.  "The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts," said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also harvested encrypted passwords. Sandbox Interactive said the passwords were hashed with…
Read More
19 Oct 2020
By Mary

InfoSec News Nuggets 10/19/2020

Minneapolis Will Consider Facial Recognition Ban A Minneapolis City Council member filed a motion that could result in a citywide ban on law enforcement use of facial recognition technology. If successful, the motion, which was filed on October 2 and will be officially introduced Friday, could signal a wave of reforms over the use of military and surveillance equipment following the murder of George Floyd by Minneapolis police. As calls to defund and disband police forces reverberate…
Read More
16 Oct 2020
By Mary

InfoSec News Nuggets 10/16/2020

World’s fastest AI supercomputer is coming to Italy Nvidia today announced that its accelerated computing platform will be used to build the world’s fastest AI supercomputer. The new system — called Leonardo — is being constructed by French IT firm Atos for Italian inter-university consortium Cineca. It’s expected to deliver 10 exaflops of FP16 AI performance, which will be harnessed by Cineca researchers to simulate planetary forces behind climate change and molecular movements inside a coronavirus molecule. Nvidia…
Read More
15 Oct 2020
By Mary

InfoSec News Nuggets 10/15/2020

DuckDuckGo, EFF, and others just launched privacy settings for the whole internet A group of tech companies, publishers, and activist groups including the Electronic Frontier Foundation, Mozilla, and DuckDuckGo are backing a new standard to let internet users set their privacy settings for the entire web. “Before today, if you want to exercise your privacy rights, you have to go from website to website and change all your settings,” says Gabriel Weinberg, CEO of DuckDuckGo, the…
Read More
14 Oct 2020
By Mary

InfoSec News Nuggets 10/14/2020

Largest cruise line operator Carnival confirms ransomware data theft Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack. "While the investigation is ongoing, early indications are that the unauthorized third-party gained access to certain personal information relating to some guests, employees, and crew for some of our operations," Carnival said. "There is currently no indication of any misuse…
Read More
13 Oct 2020
By Mary

InfoSec News Nuggets 10/13/2020

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have…
Read More
12 Oct 2020
By Mary

InfoSec News Nuggets 10/12/2020

Comcast says gigabit downloads and uploads are now possible over cable Comcast's cable Internet still has a heavy emphasis on download speeds, as even its gigabit-download service only comes with 35Mbps uploads. But that may not be the case forever, as today Comcast announced a "technical milestone" that can deliver gigabit-plus download and upload speeds over existing cable wires. Specifically, Comcast said it conducted "a trial delivering 1.25Gbps upload and download speeds over a live production network using Network Function…
Read More
09 Oct 2020
By Mary

InfoSec News Nuggets 10/09/2020

Facebook rebuts ‘The Social Dilemma,’ a popular Netflix documentary The movie revealed, perhaps for the first time to some viewers, how social networks use algorithms to keep people coming back. It also addressed how tech companies have influenced elections, ethnic violence and rates of depression and suicide. Some viewers said they were deleting Facebook and Instagram after watching it. The rebuttal suggests that Facebook may be worried about the documentary’s effects on usage. “The Social Dilemma” appeared…
Read More
08 Oct 2020
By Mary

InfoSec News Nuggets 10/08/2020

Twitter is testing how its misinformation labels can be more obvious, direct Twitter’s Yoel Roth said the company is exploring changes to the small blue notices that it attaches to certain false or misleading tweets, to make these signals more ‘overt’ and be more ‘direct’ in giving users information. But he did not say whether any new versions would be ready before the U.S. election in the next four weeks, a period that experts say…
Read More
07 Oct 2020
By Mary

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More
06 Oct 2020
By Mary

InfoSec News Nuggets 10/06/2020

SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it.…
Read More
05 Oct 2020
By Mary

InfoSec News Nuggets 10/05/2020

Russian state hackers appear to have breached a federal agency Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack. The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely…
Read More
02 Oct 2020
By Mary

InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More
01 Oct 2020
By Mary

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More
30 Sep 2020
By Mary

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More