InfoSec News Nuggets 03/30/2023

WiFi protocol flaw allows attackers to hijack network traffic Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, and management data. These frames are ordered in queues and…
Read More

InfoSec News Nuggets 05/20/2022

Texas social media law will cause “chaos” online, Supreme Court is told More than two dozen groups have urged the US Supreme Court to block a Texas law that prohibits large social media companies from moderating content based on a user's "viewpoint." The Texas law, HB20, "results in blatant violations of the First Amendment rights of platform providers," said a Supreme Court brief filed yesterday. The law taking effect means that "chaos will ensue online with disastrous and…
Read More

InfoSec News Nuggets 05/17/2022

Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity The IT security researchers at Website Planet have identified two exposed ElasticSearch servers belonging to an unnamed organization using open-source data analytics software developed by the London, England-based software vendor, SnowPlow Analytics. This software allows companies to track and store information on their website (s) visitors apparently without their knowledge. It is worth noting that a web analytics tool can collect versatile data metrics. The data is then used…
Read More

InfoSec News Nuggets 05/09/2022

FBI says business email compromise is a $43 billion scam The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. From June 2016 until July 2019, IC3 received victim complaints regarding 241,206 domestic and international incidents, with a total exposed dollar loss of $43,312,749,946.…
Read More

InfoSec News Nuggets 04/11/2022

Move over Apple Pay - Hitachi has created a fingerprint payment system A new biometric finger vein-based biometric authentication system could one day replace your smartphone as the easiest way to pay for goods and services. Nikkei Asia reports that Hitachi has developed just such a system for payments using only your finger: Hitachi has developed a finger vein-based biometrics authentication system to enable the user to check in to a hotel or make payments at…
Read More

InfoSec News Nuggets 03/09/2022

Rompetrol gas station network hit by Hive ransomware Romania's Rompetrol gas station network has been hit by a ransomware attack. A subsidiary of KMG International, Rompetrol announced today that it is dealing with a "complex cyberattack" that forced it to shut down its websites and the Fill&Go service at gas stations. Today, Romania's petroleum provider Rompetrol has announced that it is battling a "complex cyberattack." BleepingComputer has learned that Hive ransomware gang is behind this attack, and…
Read More

InfoSec News Nuggets 03/02/2022

New Chinese hacking tool found, spurring U.S. warning to allies Security researchers with U.S. cybersecurity firm Symantec said they have discovered a “highly sophisticated” Chinese hacking tool that has been able to escape public attention for more than a decade. The discovery was shared with the U.S. government in recent months, who have shared the information with foreign partners, said a U.S. official. Symantec, a division of chipmaker Broadcom (AVGO.O), published its research about the tool,…
Read More

InfoSec News Nuggets 02/22/2022

Conti ransomware gang takes over TrickBot malware operation After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, password stealing, infiltrating Windows domains, initial access to networks, and malware delivery.…
Read More