22 Jan 2020
By Mary

InfoSec News Nuggets 1/22/2020

1 - Smart homes will turn dumb overnight as Charter kills security service Charter is killing its home-security service and telling customers that security devices they've purchased will stop working once the service is shut down on February 5. The impending shutdown and customers' anger at Charter—a cable company also known by the brand name "Spectrum"—has been widely reported over the past month. Over the years, some customers have spent large sums on products that will no longer work.…
Read More
17 Jan 2020
By Mary

InfoSec News Nuggets 1/17/2020

1 - Proof-of-concept exploits published for the Microsoft-NSA crypto bug Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher…
Read More
14 Jan 2020
By Mary

InfoSec News Nuggets 1/14/2020

1 - Australia Bushfire Donors Affected by Credit Card Skimming Attack Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off…
Read More
13 Jan 2020
By Mary

InfoSec News Nuggets 1/13/2020

1 - Facebook Is Forcing Its Moderators to Log Every Second of Their Days — Even in the Bathroom When Valera Zaicev began working in Dublin as one of Facebook’s moderators a couple years ago, he knew he’d be looking at some of the most graphic and violent content on the internet. What he didn’t know was that Facebook would be counting the seconds of his bathroom breaks. “People have to clock in and clock…
Read More
09 Jan 2020
By Mary

InfoSec News Nuggets 1/9/2020

1 - U of O gives notice of potential privacy breach impacting 188 people The University of Ottawa has given notice of a potential privacy breach impacting 188 people, including elementary and high school students who attended a summer program on campus. The breach stems from an incident in late November 2019 when a password-protected laptop was stolen from a university employee’s vehicle, the administration said in a press release on Friday. The laptop was used for Destination Clic,…
Read More
23 Dec 2019
By Mary

InfoSec News Nuggets 12/23/2019

1 - FBI program offers companies data protection via deception The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some…
Read More
20 Dec 2019
By Mary

InfoSec News Nuggets 12/20/2019

1 - The weird future of brain-computer interfaces: Replacing passwords with thoughts and mind-reading bosses who can tell when you are bored Brain computer interfaces may sound futuristic, but adoption of such systems -- which allow signals from the brain to be recorded or used to control technology -- is on the rise. Much of the development work going on around BCIs is focused on medical uses for the tech, but consumer applications of BCIs…
Read More
16 Dec 2019
By Mary

InfoSec News Nuggets 12/16/2019

1 - Google rolls out Verified SMS and Spam Protection in Android Google announced today two updates for Messages, the default SMS app in the Android mobile operating system. Starting today, Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. As the name of the first feature hints, Verified SMS works by confirming the identity of the SMS sender. "When a message is…
Read More
20 Nov 2019
By Mary

InfoSec News Nuggets 11/20/2019

1 - Wikipedia co-founder offers a Facebook/Twitter wannabe How much would you pay for a Facebook- or Twitter-like social network experience, but one in which you’re not tracked, your personal information and web history aren’t gobbled up, and you aren’t e-hounded by targeted ads? For those of us who haven’t already jumped the Facebook ship and might still be interested in relinquishing our roles as products, Wikipedia co-founder Jimmy Wales has set up a social…
Read More
15 Nov 2019
By Mary

InfoSec News Nuggets 11/15/2019

1 - Ransom payments averaging $41,000 per incident The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not enough to offset malicious actors using Sodinokibi and Globelmposter variants to go…
Read More
13 Nov 2019
By Mary

InfoSec News Nuggets 11/13/2019

1 - Microsoft says it will follow California's digital privacy law Microsoft is taking a step toward guarding customer privacy that will impact the bottom line. The company said in a blog post on Monday that it would honor California's privacy law throughout the United States, according to Reuters. The law called the California Consumer Privacy Act or CCPA, which goes into effect on Jan. 1. It is a strict set of rules meant to protect consumers and…
Read More
08 Nov 2019
By Mary

InfoSec News Nuggets 11/08/2019

1 - Cisco: All these routers have the same embedded crypto keys, so update firmware Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues. The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key. The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access…
Read More
30 Oct 2019
By Mary

InfoSec News Nuggets 10/30/2019

1 - iPhone 5 users risk losing internet access Apple iPhone 5 users have been warned to update their software before the weekend or face losing access to the internet. The technology giant said users who did not download iOS 10.3.4 by 3 November would be locked out of features that rely on the correct time and date. This includes the App Store, email, web browsing and storage service iCloud. While it is not the latest…
Read More
17 Oct 2019
By Mary

InfoSec News Nuggets 10/17/2019

1 - Argentinian security researcher arrested after tweeting about government hack Argentinian police briefly detained and raided the home of a well-known security researcher last week on suspicion of hacking and leaking data from government systems. Following his release, Javier Smaldone, the security researcher, obtained and published court documents pertaining to his arrest on Twitter. The documents showed that authorities arrested and raided the security expert just for tweeting about a recent government hack, with…
Read More
04 Oct 2019
By Mary

InfoSec News Nuggets 10/04/2019

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC Nation-state spy agencies are only as good as their operational security—the care they take to keep their digital spy operations from being discovered. But occasionally a government threat actor appears on the scene that gets it all wrong. This is the case with a threat actor recently discovered by Kaspersky Lab that it’s calling SandCat—believed to be Uzbekistan’s repressive and much-feared intelligence agency, the State…
Read More
24 Sep 2019
By Mary

InfoSec News Nuggets 9/24/2019

Android VPN apps found serving disruptive ads A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store. While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of…
Read More
18 Sep 2019
By Mary

InfoSec News Nuggets 9/18/2019

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander. Joint Task Force ARES, the outfit charged with running joint and coalition cyber-operations against ISIS, is working to uncover information about how…
Read More
06 Sep 2019
By Mary

InfoSec News Nuggets 9/6/2019

A Chinese APT is now going after Pulse Secure and Fortinet VPN servers A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks. According to a FireEye report, APT5 has been…
Read More
29 Aug 2019
By Andrew Rathbun

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More