InfoSec News Nuggets 10/23/2020

Quibi is shutting down Quibi — the shortform mobile-focused streaming service — is shutting down after just over six months of operation, making it one of the shortest-lived streaming services to date, according to The Wall Street Journal. The company since confirmed that it’ll be shutting down in a Medium post from Jeffrey Katzenberg and Meg Whitman. “We feel that we’ve exhausted all our options. As a result we have reluctantly come to the difficult decision to wind down the…
Read More

InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More

InfoSec News Nuggets 09/23/2020

FBI hopes a more aggressive cyber strategy will disrupt foreign hackers Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services. The Department of Treasury issued sanctions, the Department of Homeland Security advised companies on how to fend off hackers and U.S. intelligence agencies likely kept a close eye on possible reactions from Beijing and Tehran. At the center of the coordinated crackdowns, though, were…
Read More

InfoSec News Nuggets 08/27/2020

Tomorrow’s Fortnite Update Won’t Be Coming for Apple Users, Epic Says It’s a 'Matter of Principle' In its first statement since Monday’s captivating hearing, this morning Epic Games sought to further clarify its position against Apple while also admitting that the latest chapter of Fortnite would not be appearing on either iOS or macOS when it launches August 27. If you listened in on Monday’s trial, Epic’s latest statement will sound like a refrain. “Apple is asking that Epic…
Read More

InfoSec News Nuggets 7/21/2020

Seven 'no log' VPN providers accused of leaking A string of "zero logging" VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet. This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon. It all came to light this week after Comparitech's Bob…
Read More

InfoSec News Nuggets 7/16/2020

Twitter lost control of its internal systems to Bitcoin-scamming hackers Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that’s growing increasingly influential. The first signs of compromise occurred around 1 PM California time when hijacked accounts—belonging to Vice President Joe Biden, Elon Musk, Bill Gates, and other people with millions or tens of millions of…
Read More

InfoSec News Nuggets 7/1/2020

Roblox accounts being hacked in support of Trump reelection A hacking campaign is targeting Roblox accounts to support President Trump in the upcoming U.S. Presidential elections in November. Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform. While used by people of all…
Read More

InfoSec News Nuggets 5/13/2020

Scrabble fans slam 'sparkly abomination' new app Scrabble Go, a new game which will replace the existing official Scrabble mobile app made by Electronic Arts (EA) has sparked hundreds of complaints. Its vivid colours, treasure-style rewards and in-app purchase model has angered long-time players. The EA game will be discontinued on 5 June because the official franchise is now owned by games firm Scopely. Scrabble Go was launched on 5 March and had been downloaded…
Read More

InfoSec News Nuggets 4/23/2020

ITU-WHO Joint Statement: Unleashing information technology to defeat COVID-19 The World Health Organization, the International Telecommunication Union (ITU) with support from UNICEF are set to work with telecommunication companies to text people directly on their mobile phones with vital health messaging to help protect them from COVID-19. These text messages will reach billions of people that aren’t able to connect to the internet for information. Now more than ever, technology must ensure that everyone can…
Read More

InfoSec News Nuggets 4/21/2020

IT services giant Cognizant suffers Maze Ransomware cyber attack Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As part of its operations, Cognizant remotely manages its clients through end-point clients, or agents, that are installed on customer's workstations…
Read More

InfoSec News Nuggets 4/8/2020

Firefox's revamped address bar is designed to make searching a lot faster Mozilla has given Firefox’s address bar a refreshed look and a couple of updates that can make searches go faster. To start with, the browser will now enlarge the address bar whenever you want to do a search and will show the popular sites that show up when you type with larger fonts and shorter URLs. It has also introduced “smarter searches,” which shows additional bolded keywords…
Read More

InfoSec News Nuggets 3/13/2020

1 - New action to disrupt world’s largest online criminal network Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure…
Read More

InfoSec News Nuggets 3/6/2020

1 - Backdoor malware is being spread through fake security certificate alerts Backdoor and Trojan malware variants are being distributed through a new phishing technique that attempts to lure victims into accepting an "update" to website security certificates.  Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server -- especially important for domains providing e-commerce services -- as well as identity validation, which…
Read More

InfoSec News Nuggets 2/26/2020

1 - Google denies claims that free school Chromebooks are illegally collecting student data Google has branded claims made in a new lawsuit that free school Chromebooks are harvesting student information in violation of COPPA as "factually wrong." The lawsuit, filed against the tech giant on Thursday by New Mexico Attorney General Hector Balderas, alleges that Google is illegally collecting data belonging to minors. According to the complaint (.PDF), Chromebooks offered to schools in the area for free…
Read More

InfoSec News Nuggets 1/31/2020

1 - Avast Antivirus Is Shutting Down Its Data Collection Arm, Effective Immediately Avast, an antivirus program with more than 435 million users worldwide, said it will stop collecting and selling the private web browsing histories of its users following a joint investigation by Motherboard and PCMag into the sale of that data. In addition, Avast said it will completely shut down Jumpshot, the subsidiary company it used to sell this data. Our investigation found that Avast,…
Read More

InfoSec News Nuggets 1/21/2020

1 - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices…
Read More

InfoSec News Nuggets 1/15/2020

1 - Texas school district falls for email scam, hands over $2.3 million A successful phishing scam has left a Texan school district $2.3 million out of pocket. Last week, the Manor Independent School District, in Manor, Texas, said an inquiry is underway to track down the cybercriminals responsible for the fraudulent email campaign. Phishing emails were sent to the organization in November, leading to three separate transactions taking place. An employee uncovered the scheme a month later,…
Read More

InfoSec News Nuggets 12/04/2019

1 - Apple's tap-and-go Express payments come to London public transport Paying for daily necessities using your phone might feel like the future, but the reality can sometimes be slower as mobile payments require authentication that can take time to approve. To combat this issue, Apple has brought its Express feature to London, making it far quicker and easier to use Apple Pay on services like the Tube. Apple's Express Mode can now be used on all Transport…
Read More

InfoSec News Nuggets 11/25/2019

1 - Google ups bug bounties for Android flaws, exploits ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as…
Read More

InfoSec News Nuggets 10/10/2019

Twitter says user data meant for security purposes may have been used for advertising Twitter said on Tuesday email addresses and phone numbers uploaded by users to meet its security requirements may have been ‘inadvertently’ used for advertising purposes. The micro-blogging site said the issue was rectified as of Sept. 17, without disclosing how many users were impacted. “This was an error and we apologize,” the company said in a blog post. Social media companies, including Twitter and Facebook,…
Read More

InfoSec News Nuggets 9/12/2019

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that uncovered the activity.…
Read More