05 Sep 2023
By Mary

InfoSec News Nuggets 09/05/2023

Chrome extensions can steal plaintext passwords from websites  A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors,…
Read More
22 Aug 2023
By Mary

InfoSec News Nuggets 08/22/2023

Ivanti warns of new actively exploited MobileIron zero-day bug  US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. Ivanti Sentry (formerly MobileIron Sentry) functions as a gatekeeper for enterprise ActiveSync servers like Microsoft Exchange Server or backend resources such as Sharepoint servers in MobileIron deployments, and it can also operate as a Kerberos Key Distribution Center Proxy (KKDCP) server.    Tesla points to…
Read More
06 Sep 2022
By Mary

InfoSec News Nuggets 09/06/2022

Samsung says customer data stolen in July data breach U.S. electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security numbers and credit card numbers were not affected, but some customer…
Read More
28 Mar 2022
By Mary

InfoSec News Nuggets 03/28/2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide. Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in…
Read More
09 Aug 2021
By Mary

InfoSec News Nuggets 08/09/2021

iMazing app updated with tool to easily detect Pegasus spyware on iPhone You may have heard about Pegasus, which is a spyware created by the NSO group based on zero-day vulnerabilities to collect data from smartphones without user consent. Now iMazing has updated its app to include a new tool that can easily detect Pegasus spyware on iPhone. As we reported last month, Amnesty International has released a tool that helps users detect if a device…
Read More
26 Jan 2021
By Mary

InfoSec News Nuggets 01/26/2021

Apple launches ‘Time to Walk’ for Fitness+ with Dolly Parton, Draymond Green, others Apple today launched a new component of Fitness+ designed to get people out of their homes and away from their TVs. Called Time to Walk, it’s the first outdoor component of Fitness+ and opens the service up to a new world of workouts. Apple seemingly goes out of its way to not call them podcasts, but Time to Walk is a very much in the vein.…
Read More
06 Nov 2020
By Mary

InfoSec News Nuggets 11/06/2020

Update your Chrome again as Google patches second zero-day in two weeks Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in the past two weeks. Last week we…
Read More
15 May 2020
By Mary

InfoSec News Nuggets 5/15/2020

Chrome will soon block resource-draining ads. Here’s how to turn it on now Chrome browser users take heart: Google developers are rolling out a feature that neuters abusive ads that covertly leach your CPU resources, bandwidth, and electricity. The move comes in response to a swarm of sites and ads first noticed in 2017 that surreptitiously use visitors’ computers to mine bitcoin and other cryptocurrencies. As the sites or ads display content, embedded code performs the resource-intensive…
Read More
11 Mar 2020
By Mary

InfoSec News Nuggets 3/11/2020

1 - Malware Unfazed by Google Chrome's New Password, Cookie Encryption Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers. Faced with the threat of having their business disrupted, developers of malware that steals data from web browsers quickly updated their tools to overcome the hurdle, many of their offers highlighting support for the new Chrome. Even AZORult, abandoned by its original author…
Read More