InfoSec News Nuggets 1/3/2020

1 - Apple answers dev concerns that location tracking alerts will upset users When Apple released iOS 13 towards the end of September 2019 it brought with it a new warning that told users when an app repeatedly accessed their location data in the background. A new Wall Street Journal report (via MacRumors) notes that developers are worried that the alerts will make users doubt their apps. But Apple isn't concerned. According to the report…
Read More

InfoSec News Nuggets 12/30/2019

1 - A Twitter app bug was used to match 17 million phone numbers to user accounts A security researcher said he has matched 17 million phone numbers to Twitter  user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. He said…
Read More

InfoSec News Nuggets 12/17/2019

1 - Prosecutors say a man stole $88,000 from a bank vault. The FBI caught him after he flashed stacks of bills on social media. If you're systematically stealing money from a bank vault, it may not be a good idea to post the evidence on your social media pages. A bank employee in Charlotte, North Carolina, allegedly stole $88,000 from the bank's vault, according to a release from the United States Attorney's Office Western District of…
Read More

InfoSec News Nuggets 12/10/2019

1 - Britain investigating whether leaked trade papers were hacked British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.  Beside the fears that Russia could be meddling in another Western election, the disclosure of the classified documents has raised questions about the security of sensitive discussions between the United States and one of its…
Read More

InfoSec News Nuggets 11/04/2019

1 - Windows BlueKeep RDP Attacks Are Here, Infecting with Miners The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP). Security researcher Kevin Beaumont noticed on Saturday that multiple honeypots…
Read More

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. "A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels," said the Mozilla Security Team today.…
Read More