InfoSec News Nuggets 09/08/2022

Minecraft is hackers’ favorite game title for hiding malware Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals, who use it to lure unsuspecting players into installing malware. Based on stats collected by the security firm between July 2021 and July 2022, Minecraft-related files accounted for roughly 25% of malicious files spreading via game brand abuse, followed by FIFA (11%), Roblox (9.5%), Far Cry (9.4%), and Call of Duty…
Read More

InfoSec News Nuggets 08/30/2022

Justice Department in early stages of filing an antitrust lawsuit against Apple, says report The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had…
Read More

InfoSec News Nuggets 7/19/2022

US Cybersecurity Agency CISA to Open London Office The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration. The cyber defense agency’s first Attaché Office will open later this month in London and its goal is to “serve as a focal point for international collaboration between CISA, UK government officials, and other federal agency…
Read More

InfoSec News Nuggets 06/23/2022

Mega says it can’t decrypt your files. New POC exploit shows otherwise In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On…
Read More

InfoSec News Nuggets 06/10/2022

Researchers Detail How Cyber Criminals Target Cryptocurrency Users Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies," Proofpoint said in…
Read More

InfoSec News Nuggets 04/18/2022

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks On April 13, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices can be targeted by advanced persistent threat (APT) actors who have the capability to gain full system access.…
Read More

InfoSec News Nuggets 12/16/2021

CISA warns critical infrastructure to stay vigilant for ongoing threats The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. The federal agency also issued guidance to help executives and senior leaders proactively reinforce their orgs' resilience against threats arising from malicious activity coordinated by nation-state-sponsored threat actors and their proxies. "In the lead up to the holidays and in light of persistent and ongoing cyber threats,…
Read More

InfoSec News Nuggets 09/24/2021

A new APT is targeting hotels across the world A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world. Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019. “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil,…
Read More

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More

InfoSec News Nuggets 10/23/2020

Quibi is shutting down Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the…
Read More

InfoSec News Nuggets 2/19/2020

1 - IRS Urges Taxpayers to Enable Multi-Factor Authentication The US Internal Revenue Service (IRS) and Security Summit partners urged tax professionals and taxpayers today to enable multi-factor authentication (MFA) in their tax preparation software products to defend against data theft. "Already, nearly two dozen tax practitioner firms have reported data thefts to the IRS this year," the IRS said. "Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners' offices…
Read More