InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More

InfoSec News Nuggets 08/05/2020

US government sites abused to redirect users to porn sites In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. An open redirect is an URL that anyone can use to redirect a visitor to a website of their choosing. Blackhat SEO scammers use these open redirects to get listings in search engines, such as Google, that show the page's title…
Read More

InfoSec News Nuggets 6/18/2020

SPACEX INTERNET SERVICE STARLINK ASKS FOR PEOPLE TO TRY IT OUT SpaceX has announced that it is looking for beta testers for its Starlink low-earth orbit internet service. The company, owned by Tesla CEO Elon Musk, was launched in 2015, with the first prototype satellites launched in 2018. Since then, the company has launched a host of new satellites from Nasa's Kennedy Space Center in Florida. There are currently 540 Starlink satellites in orbit. Eventually, they will form part…
Read More

InfoSec News Nuggets 6/10/2020

Apple adds anonymous symptom and health info sharing to its COVID-19 app and website Apple has updated its own COVID-19 iOS app and website with new features to allow users to anonymously share info including their age, existing health conditions, symptoms, potential exposure risks and the state in which they’re located. This info, which is not associated with any of their personal identifying data in any way according to the company, will be used in an aggregated way to…
Read More

InfoSec News Nuggets 5/18/2020

Hackers Say They Have Trump's 'Dirty Laundry' and Want $42 Million to Keep It Secret The anonymous hackers this week crippled the computer systems of high-profile celebrity law firm Grubman Shire Meiselas & Sacks claiming to have stolen 756GB of highly-confidential documents including contracts and personal emails from the firm’s client list, which includes Madonna, Drake, Lady Gaga, Elton John, Robert De Niro, U2 and Bruce Springsteen. The hackers initially demanded $21 million from the law firm…
Read More

InfoSec News Nuggets 5/6/2020

The New United Nations Coronavirus Social Distancing App Doesn’t Even Work This week a division of the United Nations announced its new social distancing app designed to help alert people when they get too close to another person during the ongoing coronavirus pandemic. Motherboard has found that the app, called 1point5, is barely functional, and an independent researcher highlighted how the app may be largely ineffective due to how it informs users when they are…
Read More

InfoSec News Nuggets 5/4/2020

Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation Rep. Adam Schiff, D-Calif., has a message for the CEOs of Google, YouTube and Twitter when it comes to coronavirus misinformation: please be more like Facebook. It’s an unusual request from a D.C. lawmaker after Congress has spent the past few years scolding Facebook for its policies on misinformation. The company has struggled to escape the shadow of the 2018 Cambridge Analytica scandal and its role in spreading disinformation…
Read More

InfoSec News Nuggets 4/27/2020

The pandemic is bringing us closer to our robot takeout future Robot deliveries remain rare enough that it's easy to dismiss them as curiosities. But that's a mistake. The technology works now. Starship already has hundreds of robots in service delivering food to real customers. Spurred by demand from locked-down customers, that number could soon soar to the thousands and eventually into the millions. With lower costs and no need to tip, robots could make…
Read More

InfoSec News Nuggets 4/1/2020

Spotify is bringing its kids app to the US, Canada, and France Spotify’s expanding the rollout of its kids app, just as more kids are at home with nothing to do. The company announced that it’s bringing Spotify Kids to the US, Canada, and France today. The ad-free iOS / Android app is only available to Spotify Premium Family subscribers and features content appropriate for kids ages three and older. Spotify first launched the app in Ireland…
Read More

InfoSec News Nuggets 2/28/2020

1 - Clearview AI's entire client list stolen in data breach Clearview AI, a facial-recognition software maker that has sparked privacy concerns, said Wednesday it suffered a data breach. The data stolen included its entire list of customers, the number of searches those customers have made and how many accounts each customer had set up. "Security is Clearview's top priority," Tor Ekeland, Clearview AI's attorney, said in a statement. "Unfortunately, data breaches are part of life in…
Read More

InfoSec News Nuggets 11/25/2019

1 - Google ups bug bounties for Android flaws, exploits ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as…
Read More

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The…
Read More