InfoSec News Nuggets 03/13/2023

FBI Warns of Crypto-Stealing Play-to-Earn Games  Consumers have been warned not to fall for a new type of fake gaming application which has already stolen millions in cryptocurrency from victims. Victims are typically contacted by scammers online, before being introduced in time to the online or mobile game, according to a new Public Service Announcement from the FBI’s Internet Crime Complaint Center (IC3). The game purports to reward the user with cryptocurrency simply for playing. Although there…
Read More

InfoSec News Nuggets 03/07/2023

Thousands of Websites Hijacked Using Compromised FTP Credentials  Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. Likely ongoing since September 2022, the campaign has resulted in the compromise of at least 10,000 websites, many…
Read More

InfoSec News Nuggets 12/13/2021

Hackers start pushing malware in worldwide Log4Shell attacks Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we have compiled the known payloads, scans, and attacks using the Log4j vulnerability. Early Friday morning, an exploit was publicly released for a critical zero-day vulnerability dubbed 'Log4Shell' in the Apache Log4j Java-based logging platform. This vulnerability allows attackers to remotely execute a command…
Read More

InfoSec News Nuggets 2/11/2020

1 -  FBI is investigating more than 1,000 cases of Chinese theft of US technology Members of the US government held a conference in Washington this week on the topic of Chinese theft of intellectual property from US technology firms and the US academic sector. Officials said the purpose of the conference -- named the China Initiative Conference -- was to bring the US private sector and the academic and research communities up to speed…
Read More