InfoSec News Nuggets 11/18/2020

DarkSide ransomware is creating a secure data leak service in Iran The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack…
Read More

InfoSec News Nuggets 11/11/2020

The Double-Edged Sword of Cybersecurity Insurance Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer…
Read More

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we…
Read More

InfoSec News Nuggets 10/29/2020

White Castle rolls out more robots from Miso Robotics to cook in its kitchens More robots are coming to White Castle . Expanding a partnership with Miso Robotics,  roughly 10 new White Castle locations will be rolling out the Pasadena, California-based company’s robotic fry cook. The move accelerates the adoption of Miso Robotics’ newly designed Flippy robot into kitchens to speed up production and allow more staff to work in the front of the house to service customers, the…
Read More

InfoSec News Nuggets 10/12/2020

Comcast says gigabit downloads and uploads are now possible over cable Comcast's cable Internet still has a heavy emphasis on download speeds, as even its gigabit-download service only comes with 35Mbps uploads. But that may not be the case forever, as today Comcast announced a "technical milestone" that can deliver gigabit-plus download and upload speeds over existing cable wires. Specifically, Comcast said it conducted "a trial delivering 1.25Gbps upload and download speeds over a live production network using Network Function…
Read More

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More

InfoSec News Nuggets 09/16/2020

Staples discloses data breach exposing customer info Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization. Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email. It is important to note that Staples’ main business is selling office supplies and related products using retail channels and through business-to-business engagements. The office…
Read More

InfoSec News Nuggets 09/09/2020

Amazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch Project Connected Home over IP — the ambitious attempt to bring together Amazon, Apple, Google, and the Zigbee Alliance with a unified, open-source smart home platform — has just posted its latest update on the project. The group has announced (in the first major update since the standard was revealed) that work on the project is still ongoing, and it’s targeting a…
Read More

InfoSec News Nuggets 09/04/2020

Verizon spends big in FCC auction ahead of mid-band 5G launch Verizon (Engadget’s parent company) was the biggest winner in the FCC’s recently concluded auction for licenses in the 3.5 GHz band. In its announcement, the commission has revealed that Verizon placed $1.89 billion in winning bids, followed by Dish Network (under the name Wetterhorn Wireless) with total winning bids worth $912 million. The FCC started auctioning off 70 megahertz of Priority Access Licenses in a band…
Read More

InfoSec News Nuggets 09/01/2020

Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows Thousands of stolen Fortnite accounts are selling like hotcakes in underground marketplaces, amassing around $1.2 million a year for cybercriminals, a new report shows. The Fortnite Underground Cybercrime Economy report sheds light on a million-dollar business that capitalizes on the popularity of the free-to-play video game that managed to attract over 350 million players within three years of its launch. According to researchers from Night Lion Security,…
Read More

InfoSec News Nuggets 08/31/2020

US sues to recover cryptocurrency funds stolen by North Korean hackers The United States government has filed a lawsuit today seeking to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds North Korean hackers stole from two cryptocurrency exchanges. Court documents did not identify the hacked exchanges, but officials said the two hacks took place in July 1, 2019, and September 25, 2019. During the first incident, North Korean…
Read More

InfoSec News Nuggets 08/25/2020

Here's how to turn your old phone into a home security camera for free If you have some old phones collecting dust in a drawer somewhere, don't sell them for a fraction of what you bought them for. If they still turn on, you can put them to good use in your home. You could turn one into a baby monitor or a makeshift Google Home speaker, for example. Those are good ideas and you can find more in the link…
Read More

InfoSec News Nuggets 08/19/2020

Carnival Cruises into Danger After Ransomware Attack British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing. The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15. Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on…
Read More

InfoSec News Nuggets 08/07/2020

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. A subsequent investigation into…
Read More

InfoSec News Nuggets 08/05/2020

US government sites abused to redirect users to porn sites In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. An open redirect is an URL that anyone can use to redirect a visitor to a website of their choosing. Blackhat SEO scammers use these open redirects to get listings in search engines, such as Google, that show the page's title…
Read More

InfoSec News Nuggets 7/14/2020

The real reason Apple is warning users about MacBook camera covers Earlier this month, Apple published a support document that warned MacBook owners against closing their laptop with a camera cover fitted. And just as with the whole wearing masks in public debate, there are some people who don't like being told what to do, even it is for their own good. First off, some clarity. Apple didn't say, "don't use a camera cover." Apple clearly…
Read More

InfoSec News Nuggets 7/3/2020

Facebook admits to improperly giving user data to third-party developers, again In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users' non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.  We…
Read More

InfoSec News Nuggets 6/30/2020

Chinese bank requires foreign firm to install app with covert backdoor A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor. The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it…
Read More

InfoSec News Nuggets 6/29/2020

TikTok caught copying iOS users' clipboard contents, claims it's an anti-spam feature As the Telegraph notes, TikTok was one of several applications discovered to be reading users’ clipboards back in March. A couple of developers found popular applications such as AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon, and Google News were all snooping on both Android and iOS. ByteDance told Forbes this was related to the use of an outdated Google advertising SDK that was being replaced. At…
Read More

InfoSec News Nuggets 6/26/2020

NVIDIA and Mercedes partner to create a next-gen car computer During a joint press conference held Wednesday, NVIDIA and Mercedes Benz announced that they are teaming up to develop a “revolutionary in-vehicle computing system” for the automakers next generation of luxury automobiles in 2024. Touted as “the most sophisticated and advanced computing architecture ever deployed in an automobile,” per an NVIDIA press release, this new software system will enable Level 2 and 3 driving autonomy…
Read More

InfoSec News Nuggets 6/24/2020

Four California Hotels Redefine Social Distancing with Robots Delivering Groceries, Towels and Pet Treats As the California economy reopens, four California hotels have created a safe environment with elevated cleanliness and Social Distancing Robot Ambassadors.  With many guests preferring a touchless experience, the three-foot robots provide guests with peace of mind as they can deliver everything from pillows and pet treats to towels and groceries. Since the robots have no arms, they do not replace…
Read More

InfoSec News Nuggets 6/22/2020

To evade detection, hackers are requiring targets to complete CAPTCHAs CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an…
Read More

InfoSec News Nuggets 5/22/2020

COVID-19 contact tracing text message scams There’s no question, contact tracing plays a vital role in helping to stop the spread of COVID-19. But scammers, pretending to be contact tracers and taking advantage of how the process works, are also sending text messages. But theirs are spam text messages that ask you to click a link. Check out the image below. Unlike a legitimate text message from a health department, which only wants to let…
Read More

InfoSec News Nuggets 5/21/2020

REvil Ransomware found buyer for Trump data, now targeting Madonna The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna. The hackers breached the network of Grubman Shire Meiselas & Sacks (GSMLaw), a law firm representing a huge number of A-list celebrities, stealing everything they considered of value before encrypting the data. After unfruitful negotiations with…
Read More

InfoSec News Nuggets 5/20/2020

Apple details its plan to safely reopen retail stores Apple’s head of retail Deidre O’Brien has posted a letter on the company’s website detailing how it plans to safely restart operations at its retail stores. Apple shut all of its stores outside Greater China in March as COVID-19 spread worldwide; all the Greater China stores reopened that same month, while Apple is still in the process of taking careful steps elsewhere. “Our commitment is to only move…
Read More

InfoSec News Nuggets 4/29/2020

Online auction of record-breaking whisky collection hit by cyber-attack A record-breaking online auction of rare whiskies has been postponed indefinitely after being targeted in a cyber-attack. The sale of Richard Gooding’s “The Perfect Collection” was marketed as “the largest and most unprecedented private whisky collection ever to be offered for public sale”. The first phase of the auction, consisting of more than 1,900 bottles, fetched more than £3.2m earlier this year. The second phase of…
Read More

InfoSec News Nuggets 4/27/2020

The pandemic is bringing us closer to our robot takeout future Robot deliveries remain rare enough that it's easy to dismiss them as curiosities. But that's a mistake. The technology works now. Starship already has hundreds of robots in service delivering food to real customers. Spurred by demand from locked-down customers, that number could soon soar to the thousands and eventually into the millions. With lower costs and no need to tip, robots could make…
Read More

InfoSec News Nuggets 4/22/2020

CFAA latest: Supremes to tackle old chestnut of what 'authorized use' of a computer really means in America If someone is authorized to use a computer – to access a database, for example – is that a blanket authorization, and can they use it so long as they continue to use their existing login? Or does it depend on the circumstances? Can someone’s authorization be dependent on the application's terms of service? The question may…
Read More

InfoSec News Nuggets 4/15/2020

Amazon stops accepting new online grocery customers amid surging demand Amazon will begin to put new grocery delivery customers on a wait-list and curtail shopping hours at some Whole Foods stores to prioritize orders from existing customers buying food online during the coronavirus outbreak, the company said on Sunday. Many shoppers recently seeking to purchase groceries from the Seattle-based ​e-commerce company found they could not place orders due to a lack of available delivery slots. Amazon…
Read More

InfoSec News Nuggets 4/13/2020

Facebook proposes 3D navigation task for training autonomous robots Researchers at Facebook, the Georgia Institute of Technology, and Oregon State University describe in a preprint paper published this week a new task for AI — navigating a 3D environment by listening to natural language directions (e.g., “Go down the hall and turn left at the wooden desk”). They say this could lay the groundwork for robot assistants that follow natural language instructions. The researchers’ task, which they…
Read More

InfoSec News Nuggets 4/10/2020

MIT develops privacy-preserving COVID-19 contact tracing inspired by Apple’s ‘Find My’ feature One of the efforts that’s been proposed to contain the spread of COVID-19 is a contact trace and track program, that would allow health officials to keep better tabs on individuals who have been infected, and alert them to potential spread. Contract tracing has already seemingly proven effective in some parts of the world that have managed to curb the coronavirus spread, but…
Read More

InfoSec News Nuggets 4/7/2020

Microsoft: Emotet Took Down a Network by Overheating All Computers Microsoft says that an Emotet infection was able to take down an organization's entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment. "After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s…
Read More

InfoSec News Nuggets 3/31/2020

Leave the pandemic out of your phishing simulations, Cofense says to industry At least one anti-phishing company says it won’t be testing its customers with coronavirus-themed emails, out of concerns that it’s not socially responsible to play into fears around the current pandemic. Cofense says it has removed all COVID-19-themed spearphishing templates from its repository of attacks, and the Virginia-based company is recommending other organizations join it in a pledge to avoid using the global health crisis as fodder. Like other…
Read More

InfoSec News Nuggets 3/30/2020

Rare BadUSB attack detected in the wild against US hospitality provider A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive. The receiving company was told to plug the USB thumb drive into a computer to access a list of items the…
Read More

InfoSec News Nuggets 3/16/2020

1 - US is preparing to ban foreign-made drones from government use The Trump administration is preparing an executive order to ban federal departments and agencies from buying or using foreign-made drones, citing a risk to national security, TechCrunch has learned. The draft order, which was drafted in the past few weeks and seen by TechCrunch, would effectively ban both foreign-made drones or drones made with foreign components out of fear that sensitive data collected…
Read More

InfoSec News Nuggets 3/2/2020

1 - DNC warns campaigns about cybersecurity after attempted scam An online “impersonator” of a Democratic National Committee (DNC) staffer tried to contact presidential campaigns, including Sen. Bernie Sanders’s (I-Vt.) campaign, the committee said in a statement to the candidates Wednesday. Bob Lord, the DNC’s chief security officer, wrote in an email to the campaigns obtained by The Hill that “adversaries will often try to impersonate real people on a campaign." He added that the “adversaries”…
Read More

InfoSec News Nuggets 1/29/2020

1 - Watch out Google. You've got competition. Verizon has a new 'privacy-focused' search engine Verizon has slung out a new, privacy-focused search engine in an effort to win over customers who prefer not to have their browsing habits tracked by ad-slingers and the like. Verizon said the new search engine, named One Search, won't share user's personal information with advertisers, or store their search history. A new "Advanced Privacy Mode" will encrypt search terms…
Read More

InfoSec News Nuggets 1/14/2020

1 - Australia Bushfire Donors Affected by Credit Card Skimming Attack Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off…
Read More

InfoSec News Nuggets 1/9/2020

1 - U of O gives notice of potential privacy breach impacting 188 people The University of Ottawa has given notice of a potential privacy breach impacting 188 people, including elementary and high school students who attended a summer program on campus. The breach stems from an incident in late November 2019 when a password-protected laptop was stolen from a university employee’s vehicle, the administration said in a press release on Friday. The laptop was used for Destination Clic,…
Read More

InfoSec News Nuggets 1/6/2020

1 - CCPA Kickoff: What Businesses Need to Know New year, new privacy regulations: The California Consumer Privacy Act (CCPA) went into effect on January 1, marking the start of a widespread law that will likely have implications beyond state lines. For businesses, it's high time to think about what this means and how to get ahead. CCPA, the original version of which was passed in 2018, was introduced to protect the personal data of…
Read More

InfoSec News Nuggets 1/3/2020

1 - Apple answers dev concerns that location tracking alerts will upset users When Apple released iOS 13 towards the end of September 2019 it brought with it a new warning that told users when an app repeatedly accessed their location data in the background. A new Wall Street Journal report (via MacRumors) notes that developers are worried that the alerts will make users doubt their apps. But Apple isn't concerned. According to the report…
Read More

InfoSec News Nuggets 12/30/2019

1 - A Twitter app bug was used to match 17 million phone numbers to user accounts A security researcher said he has matched 17 million phone numbers to Twitter  user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. He said…
Read More

InfoSec News Nuggets 12/17/2019

1 - Prosecutors say a man stole $88,000 from a bank vault. The FBI caught him after he flashed stacks of bills on social media. If you're systematically stealing money from a bank vault, it may not be a good idea to post the evidence on your social media pages. A bank employee in Charlotte, North Carolina, allegedly stole $88,000 from the bank's vault, according to a release from the United States Attorney's Office Western District of…
Read More

InfoSec News Nuggets 12/10/2019

1 - Britain investigating whether leaked trade papers were hacked British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.  Beside the fears that Russia could be meddling in another Western election, the disclosure of the classified documents has raised questions about the security of sensitive discussions between the United States and one of its…
Read More

InfoSec News Nuggets 11/04/2019

1 - Windows BlueKeep RDP Attacks Are Here, Infecting with Miners The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP). Security researcher Kevin Beaumont noticed on Saturday that multiple honeypots…
Read More

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. "A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels," said the Mozilla Security Team today.…
Read More