InfoSec News Nuggets 09/28/2023

Valve fails to get out of paying its EU geo-blocking fine Valve has failed to convince a court that it didn't infringe EU law by geo-blocking activation keys, according to a new ruling. The company argued that, based on copyright law, publishers had the right to charge different prices for games in different countries. However, the EU General Court confirmed that its geo-blocking actions "infringed EU competition law"and that copyright law didn't apply.   Google…
Read More

InfoSec News Nuggets 07/03/2023

Tech firms sue Arkansas over social media age verification law  The technology industry isn't thrilled with Arkansas' law requiring social media age checks. NetChoice, a tech trade group that includes Google, Meta and TikTok, has sued the state of Arkansas over claimed US Constitution violations in the Social Media Safety Act. The measure allegedly treads on First Amendment free speech rights by making users hand over private data in order to access social networks. It also "seizes decision making"…
Read More

InfoSec News Nuggets 11/22/2021

US regulators order banks to report cyberattacks within 36 hours US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability. Bank service providers will also have to notify customers…
Read More

InfoSec News Nuggets 11/03/2021

Facebook to Shut Down Face-Recognition System, Delete Data Facebook said it will shut down its face-recognition system and delete the faceprints of more than 1 billion people.“This change will represent one of the largest shifts in facial recognition usage in the technology’s history,” said a blog post Tuesday from Jerome Pesenti, vice president of artificial intelligence for Facebook’s new parent company, Meta. “More than a third of Facebook’s daily active users have opted in to our Face Recognition setting…
Read More

InfoSec News Nuggets 10/05/2021

Company That Routes Billions of Text Messages Quietly Says It Was Hacked A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Syniverse, revealed in a filing dated September 27 with the…
Read More

InfoSec News Nuggets 09/21/2021

Even the Mafia is getting involved in phishing attacks now Cybercriminals have raked in millions from phishing attacks which is why it's not a big surprise that the Italian Mafia has adopted similar tactics in recent years. According to a new press release from Europol, the Spanish National Police with support from the Italian National Police, Europol and Eurojust have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking…
Read More

InfoSec News Nuggets 06/17/2021

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. "Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds," CISA said in the alert. ThroughTek's point-to-point (P2P) SDK…
Read More

InfoSec News Nuggets 04/05/2021

Virginia lawmakers unanimously approve bill that bans facial recognition technology In February, Virginia lawmakers from both parties unanimously approved a bill that would restrict the use of facial recognition technology. Right now, law enforcement agencies across the state can use this technology without the knowledge of local or state leaders. Your images could be in these systems without you even knowing it. Under the bill, any law enforcement agency using facial recognition technology must stop, and they…
Read More

InfoSec News Nuggets 02/03/2021

Facebook strikes back against Apple privacy change, prompts users to accept tracking to get ‘better ads experience’ With a forthcoming update to iOS 14, each app that wants to use these identifiers will ask users to opt in to tracking when the app is first launched. If users opt out, it will make these ads a lot less effective. Facebook has warned investors that these looming changes could hurt its advertising business as soon as this quarter.…
Read More

InfoSec News Nuggets 01/28/2021

23M Gamer Records Exposed in VIPGames Leak VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left exposed thanks to a cloud misconfiguration, according to a new report from WizCase. Aside from its desktop users, VIPGames…
Read More

InfoSec News Nuggets 01/15/2021

Apple drops 'exclusion list' which allowed its own apps to bypass firewalls The latest beta of macOS Big Sur has reportedly removed the contentious ability for Apple's own apps to bypass firewalls, and hide their network use. Apple's release of the macOS Big Sur 11.2 beta appears to show that the company is dropping a controversial network feature. In the current public version of Big Sur, 56 of Apple's own apps and system processes can use the internet…
Read More

InfoSec News Nuggets 12/14/2020

Facebook links APT32, Vietnam's primary hacking group, to local IT firm In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today's most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users. "Our investigation linked this activity to CyberOne Group, an…
Read More

InfoSec News Nuggets 12/10/2020

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers at Forescout and dubbed Amnesia-33, are buried deep in the supply chain: third-party software used in components…
Read More

InfoSec News Nuggets 11/30/2020

Networking equipment vendor Belden discloses data breach American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.  The intrusion was detected after the company's IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well…
Read More

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world's biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught…
Read More

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More

InfoSec News Nuggets 09/17/2020

Schools remain 'easy target' for ransomware as Maze targets big K-12 systems Actors using the Maze ransomware are claiming credit for a recent string of attacks against large public school districts across the United States, just as students and teachers are returning to their mostly virtual learning environments. Last Friday, the school system in Fairfax County, Virginia, which enrolls nearly 200,000 students, reported that it had been compromised by Maze, which posted a file containing…
Read More

InfoSec News Nuggets 09/08/2020

Apple delays privacy feature to opt out of online ad tracking until 2021 Apple is delaying the rollout of a proposed privacy tweak in iOS 14 that allows users to opt out of ad tracking until early next year. In a statement shared with TechCrunch and The Information, the iPhone maker said it’s doing so “to give developers the time they need to make the necessary changes.” The exact date when the policy would be enforced is expected…
Read More

InfoSec News Nuggets 09/03/2020

Uber to require mask selfies for riders who haven’t been covering up Uber drivers have long had to take a selfie to show they're wearing a mask before accepting rides. Now the same scanning software will be used on  passengers. By the end of September in the U.S. and Canada, Uber passengers that have been flagged for not wearing a mask will have to scan their face through the app before they can request another ride. The…
Read More

InfoSec News Nuggets 08/26/2020

A Chrome feature is creating enormous load on global root DNS servers The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results. The Intranet Redirect Detector, which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root…
Read More

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More

InfoSec News Nuggets 7/14/2020

The real reason Apple is warning users about MacBook camera covers Earlier this month, Apple published a support document that warned MacBook owners against closing their laptop with a camera cover fitted. And just as with the whole wearing masks in public debate, there are some people who don't like being told what to do, even it is for their own good. First off, some clarity. Apple didn't say, "don't use a camera cover." Apple clearly…
Read More

InfoSec News Nuggets 7/10/2020

Mozilla suspends Firefox Send service while it addresses malware abuse Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a "Report abuse" button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send's increasing prevalence in current malware operations. Mozilla launched Firefox Send in March 2019. The service provides secure and private file-hosting and file-sharing capabilities for Firefox…
Read More

InfoSec News Nuggets 7/8/2020

Companies start reporting ransomware attacks as data breaches Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.…
Read More

InfoSec News Nuggets 6/11/2020

Twitter starts aggressively fact-checking tweets linking 5G to COVID-19 Twitter is now fact-checking tweets that link 5G and the COVID-19 pandemic by adding a label that promises to get users “the facts about COVID-19,” Business Insider reports. Clicking the label takes you to a Twitter page titled “No, 5G isn’t causing coronavirus” that includes links to news reports, fact-checking organizations, and government agencies debunking the conspiracy theory. Twitter confirmed the move in a statement given to Business Insider.…
Read More

InfoSec News Nuggets 6/8/2020

City of Austin websites go down, hackers take credit in protest The City of Austin’s websites went offline early Thursday morning, and a group of hackers took credit, claiming it was a protest against the Austin Police Department. The hackers known as Anonymous said they were the ones who took the city’s website, austintexas.gov, offline. This morning it appeared to just impact the user-facing web pages. The outages were intermittent throughout the morning, specifically for austintexas.gov. “We’re seeing…
Read More

InfoSec News Nuggets 6/5/2020

Denial of service attacks against advocacy groups skyrocket In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically. “As we’ve often seen in the past, real world protest and violence is usually accompanied by attacks on the…
Read More

InfoSec News Nuggets 5/18/2020

Hackers Say They Have Trump's 'Dirty Laundry' and Want $42 Million to Keep It Secret The anonymous hackers this week crippled the computer systems of high-profile celebrity law firm Grubman Shire Meiselas & Sacks claiming to have stolen 756GB of highly-confidential documents including contracts and personal emails from the firm’s client list, which includes Madonna, Drake, Lady Gaga, Elton John, Robert De Niro, U2 and Bruce Springsteen. The hackers initially demanded $21 million from the law firm…
Read More

InfoSec News Nuggets 5/8/2020

‘Dramatic Rise’ in Scam Websites Mimicking Online Streaming Services The meteoric rise in new signups to streaming services such as Netflix and Disney+ in recent weeks has given opportunistic scammers the chance to take advantage of the situation. This is evidenced by new research by the cybersecurity firm Mimecast, which revealed that some 700 scam websites have popped up on the internet between April 6 and 13, designed with the sole purpose of stealing personal…
Read More

InfoSec News Nuggets 5/7/2020

DigiCert hit as hackers wriggle through (patched) holes in buggy config tool DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised. The company joins Ghost.org and LineageOS in being the target of ne'er do wells as attackers exploited a disclosed (and patched) vulnerability in the Salt configuration tool over the weekend, spraying exposed infrastructure with cryptocurrency mining software.…
Read More

InfoSec News Nuggets 4/30/2020

Comcast waives data cap until at least June 30 in response to pandemic After promising 60 days without data caps and overage fees for all customers, Comcast has decided to extend the data-cap waiver until at least June 30. Comcast announced the data-cap waiver on March 13, saying the waiver would last until May 13 to help customers deal with the pandemic. Today, Comcast said it will extend the data-cap waiver and other pandemic-related changes "through June 30 to…
Read More

InfoSec News Nuggets 4/21/2020

IT services giant Cognizant suffers Maze Ransomware cyber attack Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As part of its operations, Cognizant remotely manages its clients through end-point clients, or agents, that are installed on customer's workstations…
Read More

InfoSec News Nuggets 4/17/2020

Cyber attacks on banks seen spiking, says Carbon Black In what has been referred to as an “unprecedented anomaly”, cyber criminals are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March to account for 52% of all attacks observed by VMware’s Carbon Black Cloud. The sudden shift observed by Carbon Black threat researchers Patrick Upatham and Jim Treinen was also reflected…
Read More

InfoSec News Nuggets 4/16/2020

MIT’s AI-powered device lets doctors monitor coronavirus patients remotely A new device that uses AI to monitor coronavirus symptoms is helping doctors treat patients beyond the reach of infection. The box-like device emits wireless signals that bounce off human bodies before returning to the system. Algorithms then analyze changes in the signals to infer the person’s breathing rate, sleep patterns, and movements. The system, named Emerald, was developed at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).…
Read More

InfoSec News Nuggets 4/9/2020

The US is formalizing Team Telecom rules to restrict foreign ownership of internet and telecom assets It has the simplest name, but the sort of shadowy overtones that national security writers lust after. Team Telecom, a mostly informal working committee of the Departments of Defense, Homeland Security and Justice (along with affiliated agencies) has for years been quietly tasked with evaluating and maintaining the security of America telecom infrastructure in concert with the FCC. Its…
Read More

InfoSec News Nuggets 4/1/2020

Spotify is bringing its kids app to the US, Canada, and France Spotify’s expanding the rollout of its kids app, just as more kids are at home with nothing to do. The company announced that it’s bringing Spotify Kids to the US, Canada, and France today. The ad-free iOS / Android app is only available to Spotify Premium Family subscribers and features content appropriate for kids ages three and older. Spotify first launched the app in Ireland…
Read More

InfoSec News Nuggets 3/24/2020

1 - FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to…
Read More

InfoSec News Nuggets 3/20/2020

1 - US Commerce Dept Shares Tips On Securing Virtual Meetings The US National Institute of Standards and Technology (NIST) today shared a number of measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic. Jeff Greene, the director of the National Cybersecurity Center of Excellence (NCCoE) at the NIST said that "if virtual meetings are not set up correctly,…
Read More

InfoSec News Nuggets 3/11/2020

1 - Malware Unfazed by Google Chrome's New Password, Cookie Encryption Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers. Faced with the threat of having their business disrupted, developers of malware that steals data from web browsers quickly updated their tools to overcome the hurdle, many of their offers highlighting support for the new Chrome. Even AZORult, abandoned by its original author…
Read More

InfoSec News Nuggets 3/10/2020

1 - Dutch Privacy Regulator Fines Tennis Association for Selling Personal Data Without Proper Consent The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent. In 2018, the KNLTB unlawfully provided personal data of a few hundred thousand of its members to two sponsors for a fee. The Royal Dutch Lawn Tennis Association (KNLTB) provided the sponsors with personal data such…
Read More

InfoSec News Nuggets 3/9/2020

1 - One of Roman Abramovich's companies got hit by ransomware EVRAZ, one of the world's largest steel manufacturers and mining operations, has been hit by ransomware, a source inside the company told ZDNet today. The infection has been identified as a result of the Ryuk ransomware strain. The ransomware infection has hit and brought down the company's North American branches. These include primarily steel production plants across Canada and the US. Manufacturing has been…
Read More

InfoSec News Nuggets 2/27/2020

1 - FCA admits data breach The Financial Conduct Authority has admitted it had revealed the confidential details of consumers on its website in a data breach last year. In a statement published today (February 25) the regulator said it had referred itself to the Information Commissioner’s Office over the incident, which occurred in November 2019. In response to a Freedom of Information request the FCA mistakenly published on its website the details of individuals who had made…
Read More

InfoSec News Nuggets 2/25/2020

1 - Developers Hack McDonald’s Reward System to Get Free Hamburgers A couple of German software developers discovered an oversight in McDonalds’ promotion systems that allowed them to get as many hamburgers as they wanted, without paying anything. While software vulnerabilities or loopholes are sometimes used for nefarious purposes, that’s not always the case. The same can be said of white hackers and software developers who want to make the online world a safer place.…
Read More

InfoSec News Nuggets 2/21/2020

1 - MGM hack exposes personal data of 10.6 million guests The personal information of 10.6 million guests who stayed at MGM Resorts hotels was hacked last summer. The hack was first reported by ZDNet on Wednesday, which said the stolen information was posted to a hacking forum this week. MGM confirmed the attack took place to the BBC. The data exposed included names, address, and passport numbers for former guests. MGM said it was…
Read More

InfoSec News Nuggets 2/10/2020

1 - Data Breach at Mitsubishi Electric Caused by Zero-Day Vulnerability in Antivirus Software When antivirus software is installed and activated, there is usually an assumption that the system is automatically safer. Antivirus software can be penetrated just like any other software can, however, as a 2019 data breach at Japanese electronics giant Mitsubishi Electric demonstrates. Mitsubishi Electric did not disclose what software they were using or exactly what the nature of the data breach…
Read More

InfoSec News Nuggets 2/7/2020

1 - No expectation of privacy in an IP address, Alberta judge rules Police in Alberta don’t need a court order to get an external IP address from a service provider in trying to identify an internet user, according to a recent Calgary judicial ruling. The decision is a first in Canadian privacy law. The precedent applies for now only in Alberta but it will be cited in other courts across the country and could be…
Read More

InfoSec News Nuggets 1/30/2020

1 - Hackers stole $13,103.91 from me. Learn from my mistakes. It began with dumplings. When I got an email at midnight last March from Grubhub notifying me that my order from Dumpling Depot was on its way to an address 3,000 miles away from my location in New York City, I thought there must have been some mistake. And there was: mine. Because I didn’t take a few basic internet security precautions, hackers robbed…
Read More