19 Nov 2024
By Mary

InfoSec News Nuggets 11/19/2024

Porch pirates appear to be accessing AT&T data to track iPhone deliveries A new report today suggests that porch pirates – thieves who steal packages left on doorsteps shortly after delivery – have accessed tracking data from AT&T systems to follow iPhone deliveries. There has been a marked uptick in iPhones being stolen from doorsteps after being ordered from AT&T and delivered by Fedex, apparently with the help of real-time delivery updates.   Phobos Ransomware Administrator Extradited from South…
Read More
02 Nov 2023
By Mary

InfoSec News Nuggets 11/02/2023

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online  Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. Thanks to the project's support for a diverse set of secure authentication and authorization mechanisms, it is widely used…
Read More
24 Aug 2023
By Mary

InfoSec News Nuggets 08/24/2023

Experian Pays $650,000 to Settle Spam Claims  Experian Consumer Services has agreed to a permanent injunction and to pay a civil penalty of $650,000 to settle allegations relating to the CAN-SPAM Act. The firm, whose parent company is credit agency giant Experian, provides online credit reports, scores and monitoring products to customers. A case filed in the US District Court for the Central District of California revolved around emails sent by the company to consumers who had…
Read More
10 Mar 2023
By Mary

InfoSec News Nuggets 03/10/2023

Bitwarden flaw can let hackers steal passwords using iframes  Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker. The issue was reported by analysts at Flashpoint, who said Bitwarden first learned of the problem in 2018 but chose to allow it to accommodate legitimate sites that use iframes. Although the auto-fill feature is disabled on Bitwarden by default, and the conditions to exploit it aren't abundant, Flashpoint says there…
Read More