InfoSec News Nuggets 8/12/2024

It’s not worth paying to be removed from people-finder sites, study says  If you've searched your name online in the last few years, you know what's out there, and it's bad. Alternately, you've seen the lowest-common-denominator ads begging you to search out people from your past to see what crimes are on their record. People-search sites are a gross loophole in the public records system, and it doesn't feel like there's much you can do…
Read More

InfoSec News Nuggets 5/24/2024

Dutch cybercops tracked a crypto theft to one of the world’s worst botnets After years of hacking servers to swindle millions of dollars, the notorious Ebury malware gang had slipped into the shadows by 2021. Suddenly, they reemerged with a bang. The new evidence surfaced during a police investigation in the Netherlands. A cryptocurrency theft had been reported to the Dutch National High Tech Crime Unit (NHTCU). On the victim’s server, the cybercops found a familiar foe: Ebury. The discovery…
Read More

InfoSec News Nuggets 5/15/2024

Cybercriminal puts INC Ransom source code up for sale  A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports. The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in…
Read More

InfoSec News Nuggets 09/05/2023

Chrome extensions can steal plaintext passwords from websites  A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors,…
Read More

InfoSec News Nuggets 08/22/2023

Ivanti warns of new actively exploited MobileIron zero-day bug  US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. Ivanti Sentry (formerly MobileIron Sentry) functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server.    Tesla points to…
Read More

InfoSec News Nuggets 09/06/2022

Samsung says customer data stolen in July data breach U.S. electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security numbers and credit card numbers were not affected, but some customer…
Read More

InfoSec News Nuggets 03/28/2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide. Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in…
Read More

InfoSec News Nuggets 08/09/2021

iMazing app updated with tool to easily detect Pegasus spyware on iPhone You may have heard about Pegasus, which is a spyware created by the NSO group based on zero-day vulnerabilities to collect data from smartphones without user consent. Now iMazing has updated its app to include a new tool that can easily detect Pegasus spyware on iPhone. As we reported last month, Amnesty International has released a tool that helps users detect if a device…
Read More

InfoSec News Nuggets 01/26/2021

Apple launches ‘Time to Walk’ for Fitness+ with Dolly Parton, Draymond Green, others Apple today launched a new component of Fitness+ designed to get people out of their homes and away from their TVs. Called Time to Walk, it’s the first outdoor component of Fitness+ and opens the service up to a new world of workouts. Apple seemingly goes out of its way to not call them podcasts, but Time to Walk is a very much in the vein.…
Read More

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we…
Read More

InfoSec News Nuggets 5/15/2020

Chrome will soon block resource-draining ads. Here’s how to turn it on now Chrome browser users take heart: Google developers are rolling out a feature that neuters abusive ads that covertly leach your CPU resources, bandwidth, and electricity. The move comes in response to a swarm of sites and ads first noticed in 2017 that surreptitiously use visitors’ computers to mine bitcoin and other cryptocurrencies. As the sites or ads display content, embedded code performs the resource-intensive…
Read More

InfoSec News Nuggets 3/11/2020

1 - Malware Unfazed by Google Chrome's New Password, Cookie Encryption Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers. Faced with the threat of having their business disrupted, developers of malware that steals data from web browsers quickly updated their tools to overcome the hurdle, many of their offers highlighting support for the new Chrome. Even AZORult, abandoned by its original author…
Read More