19 Jun 2023
By Mary

InfoSec News Nuggets 06/19/2023

SMS delivery reports can be used to infer recipient's location  A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing of SMS delivery reports to deduce a recipient's location. SMS delivery reports are handled by the SMSC (short message service center) of the mobile network to inform when a message has been delivered, accepted, failed, is undeliverable, has expired, or has been rejected. While there are routing,…
Read More
27 Jan 2023
By Mary

InfoSec News Nuggets 01/27/2023

Morgan Stanley penalizes employees as much as $1 million for WhatsApp breaches  Morgan Stanley has imposed financial penalties on employees who used messaging platforms such as WhatsApp for company business, according to two sources familiar with the situation. The penalties ranged from several thousand dollars for some staff to more than $1 million for others. The amounts were determined by factors such as the number of messages sent, seniority and whether the employees had already received warnings,…
Read More
21 Apr 2022
By Mary

InfoSec News Nuggets 04/21/2022

U.S., allies provide ‘comprehensive’ look at Russia cyber threats to critical infrastructure U.S and international authorities on Wednesday issued a joint alert warning state-backed Russian hackers and criminal groups remain a top threat to critical infrastructure worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) described the public alert as the “most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.” It…
Read More
08 Feb 2022
By Mary

InfoSec News Nuggets 02/08/2022

Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their data "unavailable." Despite requests for…
Read More