06 Nov 2023
By Mary

InfoSec News Nuggets 11/06/2023

Discord will switch to temporary file links to block malware delivery  Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware. "Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content,…
Read More
31 May 2023
By Mary

InfoSec News Nuggets 05/31/2023

The Sobering Truth About Ransomware—For The 80% Who Paid Up  Newly published research of 1,200 organizations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research from data resilience specialists Veeam, some 80% of the organizations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This despite 41% of those organizations having a “do…
Read More
15 May 2023
By Mary

InfoSec News Nuggets 05/15/2023

Brightly says SchoolDude data breach spilled 3 million user accounts  Software maker Brightly has confirmed that hackers stole close to three million SchoolDude user accounts in an April data breach. SchoolDude is a cloud-based work order management system, used primarily by schools and universities, to submit and track maintenance orders. Its users are school employees, like principals, executives and maintenance workers, as well as students and other staff submitting repair requests. In a data breach notice filed with the Maine attorney general’s…
Read More
21 Nov 2022
By Mary

InfoSec News Nuggets 11/21/2022

Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns The Australian government's defiant proclamation recently that it would hack back against hackers that sought to target organizations in the country represents a break from the usual cautious manner in which nations have approached international cyber threats. How effective the country's newly announced "joint standing operation against cybercriminal syndicates" will be remains an open question, as does the issue of whether other nations will follow suit. Also…
Read More
20 Jun 2022
By Mary

InfoSec News Nuggets 06/20/2022

2,000 arrests in crackdown on social engineering and business email scams The international police organization Interpol has arrested 2,000 people in a crackdown on social-engineering rackets and intercepted $50 million in illicit funds. Interpol announced it had conducted raids at 1,700 locations over two months, seizing $50 million in fraudulently gained proceeds and arresting 2,000 people, which it described as "operators, fraudsters and money launderers" as part of its crackdown on social engineering and business email compromise (BEC)…
Read More
02 Jun 2022
By Mary

InfoSec News Nuggets 06/02/2022

Wray: FBI blocked planned cyberattack on children's hospital The FBI thwarted a planned cyberattack on a children's hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government, FBI Director Christopher Wray said Wednesday. Wray told a Boston College cybersecurity conference that his agents learned of the planned digital attack from an unspecified intelligence partner and got Boston Children's Hospital the information it needed last summer to block what…
Read More
22 Jun 2020
By Mary

InfoSec News Nuggets 6/22/2020

To evade detection, hackers are requiring targets to complete CAPTCHAs CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an…
Read More
01 Nov 2019
By Mary

InfoSec News Nuggets 11/01/2019

1 - Scammers are now faking voicemail notifications to steal Office 365 login credentials Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access…
Read More