InfoSec News Nuggets 11/30/2020

Networking equipment vendor Belden discloses data breach American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.  The intrusion was detected after the company's IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well…
Read More

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world's biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught…
Read More

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More

InfoSec News Nuggets 09/30/2020

Google to block election ads after Election Day Google informed its advertisers Friday that it will broadly block election ads after polls close Nov. 3, according to an email obtained by Axios. Why it matters: Big Tech platforms have been under pressure to address how their ad policies will handle conflicts over the presidential election's outcome. In the email, Google says that advertisers will not be able to run ads "referencing candidates, the election, or its…
Read More

InfoSec News Nuggets 09/17/2020

Schools remain 'easy target' for ransomware as Maze targets big K-12 systems Actors using the Maze ransomware are claiming credit for a recent string of attacks against large public school districts across the United States, just as students and teachers are returning to their mostly virtual learning environments. Last Friday, the school system in Fairfax County, Virginia, which enrolls nearly 200,000 students, reported that it had been compromised by Maze, which posted a file containing…
Read More

InfoSec News Nuggets 09/08/2020

Apple delays privacy feature to opt out of online ad tracking until 2021 Apple is delaying the rollout of a proposed privacy tweak in iOS 14 that allows users to opt out of ad tracking until early next year. In a statement shared with TechCrunch and The Information, the iPhone maker said it’s doing so “to give developers the time they need to make the necessary changes.” The exact date when the policy would be enforced is expected…
Read More

InfoSec News Nuggets 09/03/2020

Uber to require mask selfies for riders who haven’t been covering up Uber drivers have long had to take a selfie to show they're wearing a mask before accepting rides. Now the same scanning software will be used on  passengers. By the end of September in the U.S. and Canada, Uber passengers that have been flagged for not wearing a mask will have to scan their face through the app before they can request another ride. The…
Read More

InfoSec News Nuggets 08/26/2020

A Chrome feature is creating enormous load on global root DNS servers The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results. The Intranet Redirect Detector, which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root…
Read More

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More

InfoSec News Nuggets 7/14/2020

The real reason Apple is warning users about MacBook camera covers Earlier this month, Apple published a support document that warned MacBook owners against closing their laptop with a camera cover fitted. And just as with the whole wearing masks in public debate, there are some people who don't like being told what to do, even it is for their own good. First off, some clarity. Apple didn't say, "don't use a camera cover." Apple clearly…
Read More

InfoSec News Nuggets 7/10/2020

Mozilla suspends Firefox Send service while it addresses malware abuse Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a "Report abuse" button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send's increasing prevalence in current malware operations. Mozilla launched Firefox Send in March 2019. The service provides secure and private file-hosting and file-sharing capabilities for Firefox…
Read More

InfoSec News Nuggets 7/8/2020

Companies start reporting ransomware attacks as data breaches Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.…
Read More

InfoSec News Nuggets 6/11/2020

Twitter starts aggressively fact-checking tweets linking 5G to COVID-19 Twitter is now fact-checking tweets that link 5G and the COVID-19 pandemic by adding a label that promises to get users “the facts about COVID-19,” Business Insider reports. Clicking the label takes you to a Twitter page titled “No, 5G isn’t causing coronavirus” that includes links to news reports, fact-checking organizations, and government agencies debunking the conspiracy theory. Twitter confirmed the move in a statement given to Business Insider.…
Read More

InfoSec News Nuggets 6/8/2020

City of Austin websites go down, hackers take credit in protest The City of Austin’s websites went offline early Thursday morning, and a group of hackers took credit, claiming it was a protest against the Austin Police Department. The hackers known as Anonymous said they were the ones who took the city’s website, austintexas.gov, offline. This morning it appeared to just impact the user-facing web pages. The outages were intermittent throughout the morning, specifically for austintexas.gov. “We’re seeing…
Read More

InfoSec News Nuggets 6/5/2020

Denial of service attacks against advocacy groups skyrocket In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically. “As we’ve often seen in the past, real world protest and violence is usually accompanied by attacks on the…
Read More

InfoSec News Nuggets 5/18/2020

Hackers Say They Have Trump's 'Dirty Laundry' and Want $42 Million to Keep It Secret The anonymous hackers this week crippled the computer systems of high-profile celebrity law firm Grubman Shire Meiselas & Sacks claiming to have stolen 756GB of highly-confidential documents including contracts and personal emails from the firm’s client list, which includes Madonna, Drake, Lady Gaga, Elton John, Robert De Niro, U2 and Bruce Springsteen. The hackers initially demanded $21 million from the law firm…
Read More

InfoSec News Nuggets 5/8/2020

‘Dramatic Rise’ in Scam Websites Mimicking Online Streaming Services The meteoric rise in new signups to streaming services such as Netflix and Disney+ in recent weeks has given opportunistic scammers the chance to take advantage of the situation. This is evidenced by new research by the cybersecurity firm Mimecast, which revealed that some 700 scam websites have popped up on the internet between April 6 and 13, designed with the sole purpose of stealing personal…
Read More

InfoSec News Nuggets 5/7/2020

DigiCert hit as hackers wriggle through (patched) holes in buggy config tool DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised. The company joins Ghost.org and LineageOS in being the target of ne'er do wells as attackers exploited a disclosed (and patched) vulnerability in the Salt configuration tool over the weekend, spraying exposed infrastructure with cryptocurrency mining software.…
Read More

InfoSec News Nuggets 4/30/2020

Comcast waives data cap until at least June 30 in response to pandemic After promising 60 days without data caps and overage fees for all customers, Comcast has decided to extend the data-cap waiver until at least June 30. Comcast announced the data-cap waiver on March 13, saying the waiver would last until May 13 to help customers deal with the pandemic. Today, Comcast said it will extend the data-cap waiver and other pandemic-related changes "through June 30 to…
Read More

InfoSec News Nuggets 4/21/2020

IT services giant Cognizant suffers Maze Ransomware cyber attack Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As part of its operations, Cognizant remotely manages its clients through end-point clients, or agents, that are installed on customer's workstations…
Read More

InfoSec News Nuggets 4/17/2020

Cyber attacks on banks seen spiking, says Carbon Black In what has been referred to as an “unprecedented anomaly”, cyber criminals are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March to account for 52% of all attacks observed by VMware’s Carbon Black Cloud. The sudden shift observed by Carbon Black threat researchers Patrick Upatham and Jim Treinen was also reflected…
Read More

InfoSec News Nuggets 4/16/2020

MIT’s AI-powered device lets doctors monitor coronavirus patients remotely A new device that uses AI to monitor coronavirus symptoms is helping doctors treat patients beyond the reach of infection. The box-like device emits wireless signals that bounce off human bodies before returning to the system. Algorithms then analyze changes in the signals to infer the person’s breathing rate, sleep patterns, and movements. The system, named Emerald, was developed at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).…
Read More

InfoSec News Nuggets 4/9/2020

The US is formalizing Team Telecom rules to restrict foreign ownership of internet and telecom assets It has the simplest name, but the sort of shadowy overtones that national security writers lust after. Team Telecom, a mostly informal working committee of the Departments of Defense, Homeland Security and Justice (along with affiliated agencies) has for years been quietly tasked with evaluating and maintaining the security of America telecom infrastructure in concert with the FCC. Its…
Read More

InfoSec News Nuggets 4/1/2020

Spotify is bringing its kids app to the US, Canada, and France Spotify’s expanding the rollout of its kids app, just as more kids are at home with nothing to do. The company announced that it’s bringing Spotify Kids to the US, Canada, and France today. The ad-free iOS / Android app is only available to Spotify Premium Family subscribers and features content appropriate for kids ages three and older. Spotify first launched the app in Ireland…
Read More

InfoSec News Nuggets 3/24/2020

1 - FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to…
Read More

InfoSec News Nuggets 3/20/2020

1 - US Commerce Dept Shares Tips On Securing Virtual Meetings The US National Institute of Standards and Technology (NIST) today shared a number of measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic. Jeff Greene, the director of the National Cybersecurity Center of Excellence (NCCoE) at the NIST said that "if virtual meetings are not set up correctly,…
Read More

InfoSec News Nuggets 3/11/2020

1 - Malware Unfazed by Google Chrome's New Password, Cookie Encryption Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers. Faced with the threat of having their business disrupted, developers of malware that steals data from web browsers quickly updated their tools to overcome the hurdle, many of their offers highlighting support for the new Chrome. Even AZORult, abandoned by its original author…
Read More

InfoSec News Nuggets 3/10/2020

1 - Dutch Privacy Regulator Fines Tennis Association for Selling Personal Data Without Proper Consent The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent. In 2018, the KNLTB unlawfully provided personal data of a few hundred thousand of its members to two sponsors for a fee. The Royal Dutch Lawn Tennis Association (KNLTB) provided the sponsors with personal data such…
Read More

InfoSec News Nuggets 3/9/2020

1 - One of Roman Abramovich's companies got hit by ransomware EVRAZ, one of the world's largest steel manufacturers and mining operations, has been hit by ransomware, a source inside the company told ZDNet today. The infection has been identified as a result of the Ryuk ransomware strain. The ransomware infection has hit and brought down the company's North American branches. These include primarily steel production plants across Canada and the US. Manufacturing has been…
Read More

InfoSec News Nuggets 2/27/2020

1 - FCA admits data breach The Financial Conduct Authority has admitted it had revealed the confidential details of consumers on its website in a data breach last year. In a statement published today (February 25) the regulator said it had referred itself to the Information Commissioner’s Office over the incident, which occurred in November 2019. In response to a Freedom of Information request the FCA mistakenly published on its website the details of individuals who had made…
Read More

InfoSec News Nuggets 2/25/2020

1 - Developers Hack McDonald’s Reward System to Get Free Hamburgers A couple of German software developers discovered an oversight in McDonalds’ promotion systems that allowed them to get as many hamburgers as they wanted, without paying anything. While software vulnerabilities or loopholes are sometimes used for nefarious purposes, that’s not always the case. The same can be said of white hackers and software developers who want to make the online world a safer place.…
Read More

InfoSec News Nuggets 2/21/2020

1 - MGM hack exposes personal data of 10.6 million guests The personal information of 10.6 million guests who stayed at MGM Resorts hotels was hacked last summer. The hack was first reported by ZDNet on Wednesday, which said the stolen information was posted to a hacking forum this week. MGM confirmed the attack took place to the BBC. The data exposed included names, address, and passport numbers for former guests. MGM said it was…
Read More

InfoSec News Nuggets 2/10/2020

1 - Data Breach at Mitsubishi Electric Caused by Zero-Day Vulnerability in Antivirus Software When antivirus software is installed and activated, there is usually an assumption that the system is automatically safer. Antivirus software can be penetrated just like any other software can, however, as a 2019 data breach at Japanese electronics giant Mitsubishi Electric demonstrates. Mitsubishi Electric did not disclose what software they were using or exactly what the nature of the data breach…
Read More

InfoSec News Nuggets 2/7/2020

1 - No expectation of privacy in an IP address, Alberta judge rules Police in Alberta don’t need a court order to get an external IP address from a service provider in trying to identify an internet user, according to a recent Calgary judicial ruling. The decision is a first in Canadian privacy law. The precedent applies for now only in Alberta but it will be cited in other courts across the country and could be…
Read More

InfoSec News Nuggets 1/30/2020

1 - Hackers stole $13,103.91 from me. Learn from my mistakes. It began with dumplings. When I got an email at midnight last March from Grubhub notifying me that my order from Dumpling Depot was on its way to an address 3,000 miles away from my location in New York City, I thought there must have been some mistake. And there was: mine. Because I didn’t take a few basic internet security precautions, hackers robbed…
Read More

InfoSec News Nuggets 1/22/2020

1 - Smart homes will turn dumb overnight as Charter kills security service Charter is killing its home-security service and telling customers that security devices they've purchased will stop working once the service is shut down on February 5. The impending shutdown and customers' anger at Charter—a cable company also known by the brand name "Spectrum"—has been widely reported over the past month. Over the years, some customers have spent large sums on products that will no longer work.…
Read More

InfoSec News Nuggets 1/17/2020

1 - Proof-of-concept exploits published for the Microsoft-NSA crypto bug Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher…
Read More

InfoSec News Nuggets 1/14/2020

1 - Australia Bushfire Donors Affected by Credit Card Skimming Attack Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off…
Read More

InfoSec News Nuggets 1/13/2020

1 - Facebook Is Forcing Its Moderators to Log Every Second of Their Days — Even in the Bathroom When Valera Zaicev began working in Dublin as one of Facebook’s moderators a couple years ago, he knew he’d be looking at some of the most graphic and violent content on the internet. What he didn’t know was that Facebook would be counting the seconds of his bathroom breaks. “People have to clock in and clock…
Read More

InfoSec News Nuggets 1/9/2020

1 - U of O gives notice of potential privacy breach impacting 188 people The University of Ottawa has given notice of a potential privacy breach impacting 188 people, including elementary and high school students who attended a summer program on campus. The breach stems from an incident in late November 2019 when a password-protected laptop was stolen from a university employee’s vehicle, the administration said in a press release on Friday. The laptop was used for Destination Clic,…
Read More

InfoSec News Nuggets 12/23/2019

1 - FBI program offers companies data protection via deception The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some…
Read More

InfoSec News Nuggets 12/20/2019

1 - The weird future of brain-computer interfaces: Replacing passwords with thoughts and mind-reading bosses who can tell when you are bored Brain computer interfaces may sound futuristic, but adoption of such systems -- which allow signals from the brain to be recorded or used to control technology -- is on the rise. Much of the development work going on around BCIs is focused on medical uses for the tech, but consumer applications of BCIs…
Read More

InfoSec News Nuggets 12/16/2019

1 - Google rolls out Verified SMS and Spam Protection in Android Google announced today two updates for Messages, the default SMS app in the Android mobile operating system. Starting today, Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. As the name of the first feature hints, Verified SMS works by confirming the identity of the SMS sender. "When a message is…
Read More

InfoSec News Nuggets 11/20/2019

1 - Wikipedia co-founder offers a Facebook/Twitter wannabe How much would you pay for a Facebook- or Twitter-like social network experience, but one in which you’re not tracked, your personal information and web history aren’t gobbled up, and you aren’t e-hounded by targeted ads? For those of us who haven’t already jumped the Facebook ship and might still be interested in relinquishing our roles as products, Wikipedia co-founder Jimmy Wales has set up a social…
Read More

InfoSec News Nuggets 11/15/2019

1 - Ransom payments averaging $41,000 per incident The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not enough to offset malicious actors using Sodinokibi and Globelmposter variants to go…
Read More

InfoSec News Nuggets 11/13/2019

1 - Microsoft says it will follow California's digital privacy law Microsoft is taking a step toward guarding customer privacy that will impact the bottom line. The company said in a blog post on Monday that it would honor California's privacy law throughout the United States, according to Reuters. The law called the California Consumer Privacy Act or CCPA, which goes into effect on Jan. 1. It is a strict set of rules meant to protect consumers and…
Read More

InfoSec News Nuggets 11/08/2019

1 - Cisco: All these routers have the same embedded crypto keys, so update firmware Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues. The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key. The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access…
Read More

InfoSec News Nuggets 10/30/2019

1 - iPhone 5 users risk losing internet access Apple iPhone 5 users have been warned to update their software before the weekend or face losing access to the internet. The technology giant said users who did not download iOS 10.3.4 by 3 November would be locked out of features that rely on the correct time and date. This includes the App Store, email, web browsing and storage service iCloud. While it is not the latest…
Read More