InfoSec News Nuggets 7/15/2024

Banks in Singapore to phase out one-time passwords in 3 months The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and other scams. "The use of OTP was introduced in…
Read More

InfoSec News Nuggets 4/1/2024

Amazon reverses course, revokes police access to Ring footage via Neighbors app  Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly…
Read More

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last…
Read More

InfoSec News Nuggets 09/07/2023

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach  In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is…
Read More

InfoSec News Nuggets 03/10/2023

Bitwarden flaw can let hackers steal passwords using iframes  Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker. The issue was reported by analysts at Flashpoint, who said Bitwarden first learned of the problem in 2018 but chose to allow it to accommodate legitimate sites that use iframes. Although the auto-fill feature is disabled on Bitwarden by default, and the conditions to exploit it aren't abundant, Flashpoint says there…
Read More

InfoSec News Nuggets 12/02/2021

Chinese could hack data for future quantum decryption, report warns Chinese hackers could target heavily encrypted datasets such as weapon designs or details of undercover intelligence officers with a view to unlocking them at a later date when quantum computing makes decryption possible, a report warns. Analysts at Booz Allen Hamilton, a consulting firm, say Chinese hackers could also steal pharmaceutical, chemical and material science research that can be processed by quantum computers – machines capable of…
Read More

InfoSec News Nuggets 08/23/2021

AT&T denies data breach after hacker auctions 70 million user database AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1…
Read More

InfoSec News Nuggets 02/16/2021

AT&T scrambles to install fiber for 90-year-old after his viral WSJ ad When 90-year-old Aaron Epstein bought a Wall Street Journal print ad to complain about his slow AT&T Internet service, the impact was immediate. Reporters like me called him and wrote articles, talk of his plight went viral on the Internet, his ad made an appearance on Stephen Colbert's Late Show, TV networks interviewed him for nightly news broadcasts, and AT&T executives sprang into action…
Read More

InfoSec News Nuggets 12/19/2019

1 - ISIS Is Experimenting with This New Blockchain Messaging App The Islamic State has discovered blockchain. The technology that powers cryptocurrencies like bitcoin and ethereum promises to revolutionize almost all facets of society, from payment processing to online voting. Now ISIS is actively testing a blockchain-based messaging app that could provide everything it needs to thrive: secure, anonymous communication, a tamper-proof repository for beheading videos and other ISIS propaganda, and perhaps most ominously, the…
Read More