InfoSec News Nuggets 04/15/2021

1 - DuckDuckGo can now block the Google Chrome tracking method, FLoC In an attempt to better track users and predict their search habits, Google Chrome has developed FLoC (Federated Learning of Cohorts). FLoC provides visibility into user data to any website that desires this information. In fact, FLoC places each user in an ID group to help websites recognize and target individuals. In response, the alternative search engine DuckDuckGo has come out with an extension for…
Read More

InfoSec News Nuggets 01/13/2021

Mac malware uses 'run-only' AppleScripts to evade analysis A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. Yet, analyzing it is difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code a tall order. A recently observed variant…
Read More

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More

InfoSec News Nuggets 12/24/2020

FireEye's Mandia on SolarWinds hack: 'This was a sniper round' The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special…
Read More

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe…
Read More