InfoSec News Nuggets 9/25/2019

Avid Users Are Suddenly Finding That Their Macs Won’t Boot Avid video editors have started reported that when they shutdown their Macs, they will no longer boot up afterwards.  It is not known exactly what is causing this issue, but it appears to be affecting older versions of Mac OS X who have the Avid Media Creator software installed. As reported by Variety, film and TV editors all over the world suddenly found yesterday that after shutting…
Read More

InfoSec News Nuggets 9/24/2019

Android VPN apps found serving disruptive ads A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store. While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of…
Read More

InfoSec News Nuggets 9/20/2019

Documents reveal how Russia taps phone companies for surveillance In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country’s largest phone and internet companies. These boxes, some the size of a washing machine, house equipment that gives the Russian security services access to the calls and messages of millions of citizens. This government surveillance system remains largely shrouded in secrecy, even though phone and web companies…
Read More

InfoSec News Nuggets 9/19/2019

Robocalls now flooding US phones with 200m calls per day This is unlikely to surprise anybody who owns a phone: according to a new report, nearly 30% of all US calls placed in the first half of this year were garbage, as in, nuisance, scam or fraud calls. That puts the approximate volume of sludge coming into people’s phones at a mind-boggling 200 million unwanted calls per day. The TNS 2019 Robocall Investigation Report comes from Transaction…
Read More

InfoSec News Nuggets 9/18/2019

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander. Joint Task Force ARES, the outfit charged with running joint and coalition cyber-operations against ISIS, is working to uncover information about how…
Read More

InfoSec News Nuggets 9/17/2019

T-Mobile Has a Secret Setting to Protect Your Account From Hackers That It Refuses to Talk About It’s called “NOPORT” and, in theory, it makes it a bit harder for criminals to hijack phone numbers with an attack known as “SIM swapping,” a type of social engineering that Motherboard has covered extensively and which is increasingly being used to steal people's phone numbers. SIM swapping attackers usually trick wireless providers into giving them control of…
Read More

InfoSec News Nuggets 9/16/2019

198 Million Car-Buyer Records Exposed Online for All to See Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer Leads, which is a company that gathers information on prospective buyers via a network of SEO-optimized, targeted websites. According to Jeremiah Fowler, senior…
Read More

InfoSec News Nuggets 9/12/2019

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that uncovered the activity.…
Read More

InfoSec News Nuggets 9/11/2019

Toyota Parts Supplier Hit By $37 Million Email Scam The Toyota Boshoku Corporation, a major supplier of Toyota auto parts, reported some distressing news this week. Fraudsters fleeced the company via an email scam to the tune of about ¥ 4 billion (JPY). That works out to just over $37 million at today's exchange rate. On August 14th, attackers managed to convince someone with financial authority to change account information on an electronic funds transfer.…
Read More

InfoSec News Nuggets 9/10/2019

Capital One hacker Paige Thompson pleads not guilty on all counts The alleged Capital One hacker Paige Thompson has pleaded not guilty to all charges on her first appearance in court. Appearing at the Western District of Washington federal court late last week, Thompson pleaded not guilty to charges that included wire fraud, and computer fraud and abuse. She could be sentenced to up to 25 years in prison if convicted. A full trial is…
Read More

InfoSec News Nuggets 9/9/2019

South Korean Firm’s Email Leak Exposes Global Clients Security researchers have discovered a South Korean company leaking highly sensitive client and personal emails, which has refused to engage with either them or journalists asking for more info. Industrial pipe manufacturer DKLOK exposed an unprotected email database to the public internet, where white hat hackers from vpnMentor were able to probe it using simple port scanning techniques. “Our team was able to access this database through a vulnerability…
Read More

InfoSec News Nuggets 9/6/2019

A Chinese APT is now going after Pulse Secure and Fortinet VPN servers A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks. According to a FireEye report, APT5 has been…
Read More

InfoSec News Nuggets 9/5/2019

Scamming You Through Social Media Many of us have received phishing email, either at work or home. These emails look legitimate, such as from your bank, your boss, or your favorite online store, but are really an attack, attempting to pressure or trick you into taking an action you should not take, such as opening an infected email attachment, sharing your password, or transferring money. The challenge is, the more savvy we become at spotting…
Read More

InfoSec News Nuggets 9/4/2019

Over 47,000 Supermicro servers are exposing BMC ports on the internet More than 47,000 workstations and servers, possibly more, running on Supermicro motherboards are currently open to attacks because administrators have left an internal component exposed on the internet. These systems are vulnerable to a new set of vulnerabilities named USBAnywhere that affect the baseboard management controller (BMC) firmware of Supermicro motherboards. Patches are available to fix the USBAnywhere vulnerabilities, but Supermicro and security experts…
Read More

InfoSec News Nuggets 9/3/2019

Facebook is thinking about hiding like counts, too Facebook might start testing whether it should begin hiding public-facing like counts. App researcher Jane Manchun Wong found code inside Facebook’s Android app that hides the exact amount of likes on a post from everyone but the original poster. Other users will just see a few reaction emoji and a note that it was liked by “[a friend] and others” instead of a specific number of other people. Facebook confirmed…
Read More

InfoSec News Nuggets 9/02/2019

Another convincing deepfake app goes viral prompting immediate privacy backlash Zao, a free deepfake face-swapping app that’s able to to place your likeness into scenes from hundreds of movies and TV shows after uploading just a single photograph, has gone viral in China. Bloomberg reports that the app was released on Friday, and quickly reached the top of the free charts on the Chinese iOS App Store. And like the FaceApp aging app before it, the creators of Zao are now…
Read More

InfoSec News Nuggets 8/30/2019

NIST Wants Insight on Combatting Telehealth Cybersecurity Risks The National Institute of Standards and Technology wants to hear from vendors who can deliver technical expertise and products that can help secure health organizations’ telehealth capabilities.  According to a notice set to be published in the Federal Register Thursday, the agency wants vendors to provide insight and demonstrations to support the National Cybersecurity Center of Excellence’s health care sector-specific use case, “Securing Telehealth Remote Patient Monitoring Ecosystem.” “This notice…
Read More

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More

InfoSec News Nuggets 08/28/2019

1 Senators Question NHTSA on Risks of Connected Vehicles Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles. In their letter, Senator Edward J. Markey (D-Mass.) and Senator Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, also expressed concerns regarding the lack of publicly available information on the cyber-vulnerabilities associated with these automobiles. The letter (PDF) also asks NHTSA…
Read More

InfoSec News Nuggets 08/27/2019

1 Hostinger Security Breach Impacts 14M Customers Web hosting company Hostinger suffered a security breach on Aug. 23 that allowed an unauthorized third-party to gain access to its internal systems. As TechCrunch reports, the server contained the company's internal system API and associated database which held customer usernames, email addresses, first names, IP addresses, and hashed passwords. The passwords were protected with the SHA-1 algorithm, but that has been proven to be vulnerable to attack.…
Read More

InfoSec News Nuggets 08/26/2019

1 Peripheral Maker Fanatec Hacked, Customer Details Stolen If you've ever been in the market for a high-end gaming controller, racing wheel, or pedals, chances are peripheral maker Fanatec was on your radar. Purchasing directly from Fanatec turned out to be a bad idea, though, as your personal details are probably in the hands of hackers. As Kotaku reports, Fanatec CEO Thomas Jackermeier sent out an email yesterday to all customers informing them that, "our online shop of…
Read More

InfoSec News Nuggets 08/23/2019

1 Intel unveils first artificial intelligence chip Springhill Intel Corp on Tuesday unveiled its latest processor that will be its first using artificial intelligence (AI) and is designed for large computing centers. The chip, developed at its development facility in Haifa, Israel, is known as Nervana NNP-I or Springhill and is based on a 10 nanometer Ice Lake processor that will allow it to cope with high workloads using minimal amounts of energy, Intel said.…
Read More

InfoSec News Nuggets 08/22/2019

1 DoorDash takes another step toward automated food delivery TechCrunch speculates that the acquisition is the latest attempt by DoorDash to reduce its reliance on human delivery drivers, by using more automated systems to deliver food. Back in 2017 the company partnered with Starship Technologies to test food deliveries using a small semi-autonomous robot, and earlier this year it started working with GM to use its autonomous vehicles to deliver food in San Francisco.  …
Read More

InfoSec News Nuggets 08/21/2019

1 Cyber Safety for Students As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following…
Read More

InfoSec News Nuggets 08/20/2019

1 Cybersecurity conference attendees possibly exposed to IRL virus They, perhaps more than any other gathered group of industry professionals, know how to defend against viruses. Just, maybe, not this kind. Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in…
Read More

InfoSec News Nuggets – 08/16/2019

1 Google employees protest: 'Don't bid for border control cloud contract' Google employees are calling on the company not to bid on a cloud contract with the US Customs and Border Protection (CBP) in protest against the agency's alleged human-rights abuses at the Mexican border. The petition demands that Google does not bid on a recently published CBP request for information (RFI) for a "cloud services provider". However, Google employees also want the company to…
Read More