12 Oct 2020
By Mary

InfoSec News Nuggets 10/12/2020

Comcast says gigabit downloads and uploads are now possible over cable Comcast's cable Internet still has a heavy emphasis on download speeds, as even its gigabit-download service only comes with 35Mbps uploads. But that may not be the case forever, as today Comcast announced a "technical milestone" that can deliver gigabit-plus download and upload speeds over existing cable wires. Specifically, Comcast said it conducted "a trial delivering 1.25Gbps upload and download speeds over a live production network using Network Function…
Read More
09 Oct 2020
By Mary

InfoSec News Nuggets 10/09/2020

Facebook rebuts ‘The Social Dilemma,’ a popular Netflix documentary The movie revealed, perhaps for the first time to some viewers, how social networks use algorithms to keep people coming back. It also addressed how tech companies have influenced elections, ethnic violence and rates of depression and suicide. Some viewers said they were deleting Facebook and Instagram after watching it. The rebuttal suggests that Facebook may be worried about the documentary’s effects on usage. “The Social Dilemma” appeared…
Read More
08 Oct 2020
By Mary

InfoSec News Nuggets 10/08/2020

Twitter is testing how its misinformation labels can be more obvious, direct Twitter’s Yoel Roth said the company is exploring changes to the small blue notices that it attaches to certain false or misleading tweets, to make these signals more ‘overt’ and be more ‘direct’ in giving users information. But he did not say whether any new versions would be ready before the U.S. election in the next four weeks, a period that experts say…
Read More
07 Oct 2020
By Mary

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More
06 Oct 2020
By Mary

InfoSec News Nuggets 10/06/2020

SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it.…
Read More
05 Oct 2020
By Mary

InfoSec News Nuggets 10/05/2020

Russian state hackers appear to have breached a federal agency Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack. The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely…
Read More
02 Oct 2020
By Mary

InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More
01 Oct 2020
By Mary

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More
30 Sep 2020
By Mary

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More
29 Sep 2020
By Mary

InfoSec News Nuggets 09/29/2020

Federal Judge Temporarily Blocks Trump's TikTok Ban A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. starting Monday. Judge Carl Nichols of the U.S. District Court for the District of Columbia issued his decision Sunday - a few hours before the Trump administration's ban would have forced Apple and Google to remove the TikTok video-sharing app from…
Read More
28 Sep 2020
By Mary

InfoSec News Nuggets 09/28/2020

Google adds a COVID-19 layer to Google Maps Google continues to work on improving Google Maps and on Wednesday a "COVID-19 layer" started rolling out. With this layer, users can see areas where the virus is spreading and it is coded by color based on the number of people with the coronavirus in each region. The layer produces these color codes based on the seven-day average for the number of new COVID-19 cases per 100,000…
Read More
25 Sep 2020
By Mary

InfoSec News Nuggets 09/25/2020

Shopify discloses security incident caused by two rogue employees Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees. The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants). Shopify estimated the number of stores that might be affected by the employees' actions at less than 200. The company boasted more…
Read More
24 Sep 2020
By Mary

InfoSec News Nuggets 09/24/2020

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active.…
Read More
23 Sep 2020
By Mary

InfoSec News Nuggets 09/23/2020

FBI hopes a more aggressive cyber strategy will disrupt foreign hackers Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services. The Department of Treasury issued sanctions, the Department of Homeland Security advised companies on how to fend off hackers and U.S. intelligence agencies likely kept a close eye on possible reactions from Beijing and Tehran. At the center of the coordinated crackdowns, though, were…
Read More
22 Sep 2020
By Mary

InfoSec News Nuggets 09/22/2020

ByteDance says it will not transfer algorithm and technology to Oracle as part of TikTok deal ByteDance will not transfer algorithms and technologies to Oracle as part of a deal announced over the weekend to keep social media app TikTok operating in the U.S. President Donald Trump said he approved a deal on Saturday that will see the creation of a U.S.-headquartered firm called TikTok Global with Oracle and Walmart taking minority stakes. Oracle will become TikTok’s secure cloud…
Read More
21 Sep 2020
By Mary

InfoSec News Nuggets 09/21/2020

CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas…
Read More
18 Sep 2020
By Mary

InfoSec News Nuggets 09/18/2020

Privacy-focused search engine DuckDuckGo is growing fast DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also…
Read More
17 Sep 2020
By Mary

InfoSec News Nuggets 09/17/2020

Schools remain 'easy target' for ransomware as Maze targets big K-12 systems Actors using the Maze ransomware are claiming credit for a recent string of attacks against large public school districts across the United States, just as students and teachers are returning to their mostly virtual learning environments. Last Friday, the school system in Fairfax County, Virginia, which enrolls nearly 200,000 students, reported that it had been compromised by Maze, which posted a file containing…
Read More
16 Sep 2020
By Mary

InfoSec News Nuggets 09/16/2020

Staples discloses data breach exposing customer info Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization. Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email. It is important to note that Staples’ main business is selling office supplies and related products using retail channels and through business-to-business engagements. The office…
Read More
15 Sep 2020
By Mary

InfoSec News Nuggets 09/15/2020

Apple's carbon-neutral goal is a giant task, could echo through big tech An examination into Apple's environmentalism asks whether Apple could truly reach its pledge of making the iPhone carbon neutral, with comments from Apple's executive leadership along with other environmentalists suggesting it is possible, but a very big task. Apple has made numerous strides in its bid to make itself more environmentally friendly, as part of an initiative to become carbon neutral across the entirety of its…
Read More
14 Sep 2020
By Mary

InfoSec News Nuggets 09/14/2020

Walmart begins testing drone deliveries for household goods and groceries Walmart has started making its first deliveries by drone, launching a small pilot program this week in Fayetteville, North Carolina. The retailer will be delivering “select grocery and household essential items” using automated drones operated by Israeli startup Flytrex. Each of the drones can fly at speeds of 32 mph, travel distances of 6.2 miles in a round trip, and carry up to 6.6 pounds (that’s roughly…
Read More
11 Sep 2020
By Mary

InfoSec News Nuggets 09/11/2020

Ransomware accounted for 41% of all cyber insurance claims in H1 2020 Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats. "Ransomware doesn't…
Read More
10 Sep 2020
By Mary

InfoSec News Nuggets 09/10/2020

‘Willful, brazen, and unlawful’: Apple files breach-of-contract countersuit against Epic Apple  has filed a countersuit against Epic over the latter’s attempt to circumvent App Store rules and avoid paying millions in fees. The lawsuit alleges that Epic is deliberately in breach of contract and asks the court to award damages and prohibit Epic from attempting anything like this again. A brief refresher: Epic in mid August slipped in a new way to buy in-game currency for…
Read More
09 Sep 2020
By Mary

InfoSec News Nuggets 09/09/2020

Amazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch Project Connected Home over IP — the ambitious attempt to bring together Amazon, Apple, Google, and the Zigbee Alliance with a unified, open-source smart home platform — has just posted its latest update on the project. The group has announced (in the first major update since the standard was revealed) that work on the project is still ongoing, and it’s targeting a…
Read More
08 Sep 2020
By Mary

InfoSec News Nuggets 09/08/2020

Apple delays privacy feature to opt out of online ad tracking until 2021 Apple is delaying the rollout of a proposed privacy tweak in iOS 14 that allows users to opt out of ad tracking until early next year. In a statement shared with TechCrunch and The Information, the iPhone maker said it’s doing so “to give developers the time they need to make the necessary changes.” The exact date when the policy would be enforced is expected…
Read More
04 Sep 2020
By Mary

InfoSec News Nuggets 09/04/2020

Verizon spends big in FCC auction ahead of mid-band 5G launch Verizon (Engadget’s parent company) was the biggest winner in the FCC’s recently concluded auction for licenses in the 3.5 GHz band. In its announcement, the commission has revealed that Verizon placed $1.89 billion in winning bids, followed by Dish Network (under the name Wetterhorn Wireless) with total winning bids worth $912 million. The FCC started auctioning off 70 megahertz of Priority Access Licenses in a band…
Read More
03 Sep 2020
By Mary

InfoSec News Nuggets 09/03/2020

Uber to require mask selfies for riders who haven’t been covering up Uber drivers have long had to take a selfie to show they're wearing a mask before accepting rides. Now the same scanning software will be used on  passengers. By the end of September in the U.S. and Canada, Uber passengers that have been flagged for not wearing a mask will have to scan their face through the app before they can request another ride. The…
Read More
02 Sep 2020
By Mary

InfoSec News Nuggets 09/02/2020

Former engineer pleads guilty to Cisco network damage, causing Webex Teams account chaos A former Cisco engineer has admitted to illegally accessing Cisco's network and wiping 456 virtual machines as well as causing disruption to over 16,000 Webex Teams accounts. Sudhish Kasaba Ramesh has taken a plea agreement in a federal court in San Jose after being accused of intentionally accessing a protected computer without authorization and recklessly causing damage, according to the US Department of Justice…
Read More
01 Sep 2020
By Mary

InfoSec News Nuggets 09/01/2020

Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows Thousands of stolen Fortnite accounts are selling like hotcakes in underground marketplaces, amassing around $1.2 million a year for cybercriminals, a new report shows. The Fortnite Underground Cybercrime Economy report sheds light on a million-dollar business that capitalizes on the popularity of the free-to-play video game that managed to attract over 350 million players within three years of its launch. According to researchers from Night Lion Security,…
Read More
31 Aug 2020
By Mary

InfoSec News Nuggets 08/31/2020

US sues to recover cryptocurrency funds stolen by North Korean hackers The United States government has filed a lawsuit today seeking to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds North Korean hackers stole from two cryptocurrency exchanges. Court documents did not identify the hacked exchanges, but officials said the two hacks took place in July 1, 2019, and September 25, 2019. During the first incident, North Korean…
Read More
28 Aug 2020
By Mary

InfoSec News Nuggets 08/28/2020

Tesla Insider Works with FBI to Turn the Tables on Russia’s Million Dollar Attempt to Hijack the Network On August 25, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a citizen of Russia for conspiring to breach the network of a U.S. company, which media has identified as Tesla (their GigaFactory in Sparks, NV) and introduce malware into the company’s network. Kriuchkov was arrested on August 22 as he tried to depart…
Read More
27 Aug 2020
By Mary

InfoSec News Nuggets 08/27/2020

Tomorrow’s Fortnite Update Won’t Be Coming for Apple Users, Epic Says It’s a 'Matter of Principle' In its first statement since Monday’s captivating hearing, this morning Epic Games sought to further clarify its position against Apple while also admitting that the latest chapter of Fortnite would not be appearing on either iOS or macOS when it launches August 27. If you listened in on Monday’s trial, Epic’s latest statement will sound like a refrain. “Apple is asking that Epic…
Read More
26 Aug 2020
By Mary

InfoSec News Nuggets 08/26/2020

A Chrome feature is creating enormous load on global root DNS servers The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results. The Intranet Redirect Detector, which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root…
Read More
25 Aug 2020
By Mary

InfoSec News Nuggets 08/25/2020

Here's how to turn your old phone into a home security camera for free If you have some old phones collecting dust in a drawer somewhere, don't sell them for a fraction of what you bought them for. If they still turn on, you can put them to good use in your home. You could turn one into a baby monitor or a makeshift Google Home speaker, for example. Those are good ideas and you can find more in the link…
Read More
24 Aug 2020
By Mary

InfoSec News Nuggets 08/24/2020

Vishing Becomes Suspect in Recent Social Media Breach for Major Influencers The ZeroFOX Alpha Team has been assisting industry and threat-sharing partners in tracking a large-scale vishing (voice phishing) campaign targeting financial institutions, cryptocurrency exchanges, telecommunication companies and single-sign-on (SSO) providers. The actors target employees of a company and do an extensive amount of research on the employees and the company to build a convincing persona of an IT contractor working with the victim company.…
Read More
19 Aug 2020
By Mary

InfoSec News Nuggets 08/19/2020

Carnival Cruises into Danger After Ransomware Attack British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing. The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15. Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on…
Read More
18 Aug 2020
By Mary

InfoSec News Nuggets 08/18/2020

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel's, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach;…
Read More
17 Aug 2020
By Mary

InfoSec News Nuggets 08/17/2020

Instagram Retained Deleted Photos and Messages on Its Servers for Over a Year Instagram has awarded a security researcher a $6,000 bug bounty payout after he found photos and private direct messages on the platform's servers that he had deleted more than a year ago (via TechCrunch). Saugat Pokharel discovered that his content hadn't been removed in October after downloading a copy of his data from the photo-sharing app. Instagram introduced the download option two years ago to…
Read More
14 Aug 2020
By Mary

InfoSec News Nuggets 08/14/2020

Network intruders selling access to high-value companies Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the…
Read More
13 Aug 2020
By Mary

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More
12 Aug 2020
By Mary

InfoSec News Nuggets 08/12/2020

Twitter 'looking' at a possible TikTok tie-up Twitter has approached TikTok's Chinese owner ByteDance to express an interest in buying its US operations, according to reports. Video-sharing platform TikTok has been at the centre of fierce debate in recent weeks and takeover talk. Last week US Donald Trump ordered firms to stop doing business with TikTok within 45 days over security concerns. Tech giant Microsoft is the front-runner to buy TikTok but now Twitter has…
Read More
11 Aug 2020
By Mary

InfoSec News Nuggets 08/11/2020

#DEFCON: How the International Space Station Enables Cybersecurity Like any other IT environment, there are potential cyber-risks to the International Space Station (ISS), though the station is quite literally like no environment on Earth. In a session on August 9 at the Aerospace Village within the DEFCON virtual security conference, former NASA astronaut Pamela Melroy outlined the cybersecurity lessons learned from human spaceflight and what still remains a risk. Melroy flew on two space shuttle missions during her tenure…
Read More
10 Aug 2020
By Mary

InfoSec News Nuggets 08/10/2020

TikTok threatens to sue the Trump administration over the executive order barring US firms from doing business with its parent TikTok has threatened to sue the Trump administration over Thursday's executive order that bans US citizens and companies from doing business with its Chinese parent company ByteDance. TikTok responded to the order on Friday, saying it was issued "without any due process." The executive order prohibits US individuals and companies from making "any transactions" with…
Read More
07 Aug 2020
By Mary

InfoSec News Nuggets 08/07/2020

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. A subsequent investigation into…
Read More
06 Aug 2020
By Mary

InfoSec News Nuggets 08/06/2020

New feature lets you easily fact-check WhatsApp messages After addressing those who just mindlessly forward messages to all their contacts, the company is now targeting those who want to be responsible and fact-check WhatsApp messages before forwarding them. We’re piloting a simple way to double check these messages by tapping a magnifying glass button in the chat. Providing a simple way to search messages that have been forwarded many times may help people find news results or…
Read More
05 Aug 2020
By Mary

InfoSec News Nuggets 08/05/2020

US government sites abused to redirect users to porn sites In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. An open redirect is an URL that anyone can use to redirect a visitor to a website of their choosing. Blackhat SEO scammers use these open redirects to get listings in search engines, such as Google, that show the page's title…
Read More
04 Aug 2020
By Mary

InfoSec News Nuggets 08/04/2020

Hackers Broke Into Real News Sites to Plant Fake Stories OVER THE PAST few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents—both real and fabricated—to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they’re…
Read More
31 Jul 2020
By Mary

InfoSec News Nuggets 7/31/2020

US provides new expanded set of espionage charges against former Twitter employees The two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, and the third person named Ahmed Almutairi were originally charged with fraudulently accessing private information and acting as illegal agents of a foreign government for allegedly spying on Twitter users critical of the Saudi royal family. This time around, the individuals have been charged with seven offences instead of two. The charges include acting as…
Read More
30 Jul 2020
By Mary

InfoSec News Nuggets 7/30/2020

A Cyberattack on Garmin Disrupted More Than Workouts ON THURSDAY, HACKERS hit the navigation and fitness giant Garmin with a ransomware attack that took down numerous services across the company. Garmin Connect, the cloud platform that syncs user activity data, went dark, as did portions of Garmin.com. But as athletes found themselves unable to record runs and workouts, pilots who use Garmin products for position, navigation, and timing services in airplanes were dealing with their own problems.  …
Read More
29 Jul 2020
By Mary

InfoSec News Nuggets 7/29/2020

Dave ShinyHunters hack exposes 7.5 million user records Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group ShinyHunters, included personal user information including names, emails, birth dates, physical addresses and…
Read More