InfoSec News Nuggets 7/16/2024

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year. The theory is that cybercriminals may have picked up on a flaw in the method Squarespace used to migrate Google Domains customer data over to its servers, allowing them to guess the email addresses associated with admin accounts and register the account…
Read More

InfoSec News Nuggets 3/11/2024

Microsoft says Russian hackers stole source code after spying on its executives Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. “In recent weeks, we have seen evidence that Midnight Blizzard…
Read More

InfoSec News Nuggets 1/11/2024

Here’s Some Bitcoin: Oh, and You’ve Been Served!  A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide…
Read More

InfoSec News Nuggets 08/03/2023

Reddit beats film industry, won’t have to identify users who admitted torrenting Film companies lost another attempt to force Reddit to identify anonymous users who discussed piracy. A federal court on Saturday quashed a subpoena demanding users' names and other identifying details, agreeing with Reddit's argument that the film companies' demands violate the First Amendment. The plaintiffs are 20 producers of popular movies who are trying to prove that Internet service provider Grande is liable for its subscribers' copyright…
Read More

InfoSec News Nuggets 03/15/2023

Cybercriminals exploit SVB collapse to steal money and data  The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. As multiple security researchers report, threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks.    Two U.S. Men Charged in 2022 Hacking of…
Read More

InfoSec News Nuggets 09/08/2022

Minecraft is hackers’ favorite game title for hiding malware Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals, who use it to lure unsuspecting players into installing malware. Based on stats collected by the security firm between July 2021 and July 2022, Minecraft-related files accounted for roughly 25% of malicious files spreading via game brand abuse, followed by FIFA (11%), Roblox (9.5%), Far Cry (9.4%), and Call of Duty…
Read More

InfoSec News Nuggets 08/30/2022

Justice Department in early stages of filing an antitrust lawsuit against Apple, says report The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had…
Read More

InfoSec News Nuggets 7/19/2022

US Cybersecurity Agency CISA to Open London Office The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration. The cyber defense agency’s first Attaché Office will open later this month in London and its goal is to “serve as a focal point for international collaboration between CISA, UK government officials, and other federal agency…
Read More

InfoSec News Nuggets 06/23/2022

Mega says it can’t decrypt your files. New POC exploit shows otherwise In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On…
Read More

InfoSec News Nuggets 06/10/2022

Researchers Detail How Cyber Criminals Target Cryptocurrency Users Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies," Proofpoint said in…
Read More

InfoSec News Nuggets 04/18/2022

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks On April 13, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory to warn that certain industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices can be targeted by advanced persistent threat (APT) actors who have the capability to gain full system access.…
Read More

InfoSec News Nuggets 12/16/2021

CISA warns critical infrastructure to stay vigilant for ongoing threats The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. The federal agency also issued guidance to help executives and senior leaders proactively reinforce their orgs' resilience against threats arising from malicious activity coordinated by nation-state-sponsored threat actors and their proxies. "In the lead up to the holidays and in light of persistent and ongoing cyber threats,…
Read More

InfoSec News Nuggets 09/24/2021

A new APT is targeting hotels across the world A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world. Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019. “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil,…
Read More

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More

InfoSec News Nuggets 10/23/2020

Quibi is shutting down Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the…
Read More

InfoSec News Nuggets 2/19/2020

1 - IRS Urges Taxpayers to Enable Multi-Factor Authentication The US Internal Revenue Service (IRS) and Security Summit partners urged tax professionals and taxpayers today to enable multi-factor authentication (MFA) in their tax preparation software products to defend against data theft. "Already, nearly two dozen tax practitioner firms have reported data thefts to the IRS this year," the IRS said. "Use of the multi-factor authentication feature is a free and easy way to protect clients and practitioners' offices…
Read More