InfoSec News Nuggets 9/3/2024

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights. Ian Carroll and Sam Curry worked on the findings together after the Known Crewmember (KCM) queue caught their attention at an airport during their routine travel. The lane can sometimes be seen at airports and it…
Read More

InfoSec News Nuggets 7/23/2024

CrowdStrike aftermath: Microsoft claims it cannot legally implement the same protections as Apple The CrowdStrike aftermath is seeing IT teams around the world struggle to restore the 8.5 million Windows PCs taken out by the bug. The mess included thousands of flights cancelled, health centers unable to make appointments, retailer payment terminals down, and even some 911 services unavailable. Macs weren’t affected thanks to protections put in place by Apple, but Microsoft has reportedly claimed that antitrust law means it’s unable…
Read More

InfoSec News Nuggets 7/22/2024

Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet A notorious cybercriminal group known as FIN7 advertises its custom tool for security evasion on darknet forums and sells it to other criminal gangs, researchers have found. The tool, known as AvNeutralizer, is used by criminal hackers to bypass threat detection systems on victims' devices. Researchers have previously discovered that the tool was used exclusively for six months by another hacker group,…
Read More

InfoSec News Nuggets 7/19/2024

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years An elusive and highly covert Chinese hacking group tracked as GhostEmperor — notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia — has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. Cybersecurity company Sygnia, in a report published Wednesday, said it…
Read More

InfoSec News Nuggets 04/08/2022

The Ukraine War Is Giving Commercial Space an ‘Internet Moment’ Capabilities honed by commercial space companies to document the destruction inflicted by Russia in Ukraine are likely to have long-lasting effects on the industry. Satellites have brought the world unprecedented glimpses into the brutal war, whether through commercial imagery showing the Russian destruction of a shelter clearly labeled as having kids inside, social-media videos shared via SpaceX’s Starlink satellites, or a photojournalist’s pictures from Mariupol filed through satellite phones. It’s likely…
Read More

InfoSec News Nuggets 02/25/2021

Firefox 86 Introduces Total Cookie Protection Cookies, those well-known morsels of data that web browsers store on a website’s behalf, are a useful technology, but also a serious privacy vulnerability. That’s because the prevailing behavior of web browsers allows cookies to be shared between websites, thereby enabling those who would spy on you to “tag” your browser and track you as you browse. This type of cookie-based tracking has long been the most prevalent method…
Read More

InfoSec News Nuggets 01/04/2021

Apply brakes to Apple Car expectations, analyst says The idea of an Apple Car landing in showrooms hit the headlines again last week when a Reuters report suggested the tech giant is aiming to have an electric vehicle (EV) with autonomous capabilities ready for market in 2024. But a new research note from respected Apple analyst Ming-Chi Kuo suggests the car’s precise design specifications have yet to be decided, adding that any such vehicle may not arrive until 2028…
Read More