InfoSec News Nuggets 4/29/2024

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said in an analysis, which was presented at the…
Read More

InfoSec News Nuggets 09/27/2023

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations  The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are finance and professional services and education, which account for 13.8 percent and 51.1 percent of incidents respectively,” Emsisoft researchers have shared on Monday. IT market research company KonBriefing Research shows similar numbers, and links to data breach notification alerts by…
Read More

InfoSec News Nuggets 04/15/2022

DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday. Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts…
Read More

InfoSec News Nuggets 10/14/2020

Largest cruise line operator Carnival confirms ransomware data theft Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack. "While the investigation is ongoing, early indications are that the unauthorized third-party gained access to certain personal information relating to some guests, employees, and crew for some of our operations," Carnival said. "There is currently no indication of any misuse…
Read More

InfoSec News Nuggets 5/13/2020

Scrabble fans slam 'sparkly abomination' new app Scrabble Go, a new game which will replace the existing official Scrabble mobile app made by Electronic Arts (EA) has sparked hundreds of complaints. Its vivid colours, treasure-style rewards and in-app purchase model has angered long-time players. The EA game will be discontinued on 5 June because the official franchise is now owned by games firm Scopely. Scrabble Go was launched on 5 March and had been downloaded…
Read More

InfoSec News Nuggets 1/8/2020

1 - Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say. Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when customers pay inside, the pump…
Read More

InfoSec News Nuggets 1/6/2020

1 - CCPA Kickoff: What Businesses Need to Know New year, new privacy regulations: The California Consumer Privacy Act (CCPA) went into effect on January 1, marking the start of a widespread law that will likely have implications beyond state lines. For businesses, it's high time to think about what this means and how to get ahead. CCPA, the original version of which was passed in 2018, was introduced to protect the personal data of…
Read More

InfoSec News Nuggets 12/02/2019

1 - Top Senate Democrats unveil new online privacy bill, promising tough penalties for data abuse Senate Democrats on Tuesday proposed tough new punishments for Facebook, Google and other Silicon Valley tech giants that mishandle their users’ personal data, unveiling a sweeping new online privacy bill that aims to provide people their “Miranda rights” for the digital age. The effort, led by Sen. Maria Cantwell, a Washington state Democrat who previously worked in the tech…
Read More