InfoSec News Nuggets 11/24/2022

France says non to Office 365 and Google Workspace in school The French minister of national education and youth has said that free versions of Microsoft Office 365 and Google Workspace should not be used in schools – a position that reflects ongoing European concerns about cloud data sovereignty, competition, and privacy rules. In August, Philippe Latombe, a member of the French National Assembly, advised [PDF] Pap Ndiaye, the minister of national education, that the…
Read More

InfoSec News Nuggets 02/11/2022

Mac malware spreading for ~14 months installs backdoor on infected systems Mac malware known as UpdateAgent has been spreading for more than a year, and it is growing increasingly malevolent as its developers add new bells and whistles. The additions include the pushing of an aggressive second-stage adware payload that installs a persistent backdoor on infected Macs. The UpdateAgent malware family began circulating no later than November or December 2020 as a relatively basic information-stealer.…
Read More

InfoSec News Nuggets 1/6/2022

US Police Warn of Parking Meters with Phishing QR Codes In a hurry to park your car?  Don't want to fumble around in your pocket to find cash for the parking meter, and don't have the correct payment app installed on your phone? Well, think carefully before rushing to scan the payment QR code stuck on the side of the meter - it may well be an attempt by fraudsters to phish your financial information.…
Read More

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. "A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels," said the Mozilla Security Team today.…
Read More

InfoSec News Nuggets 9/17/2019

T-Mobile Has a Secret Setting to Protect Your Account From Hackers That It Refuses to Talk About It’s called “NOPORT” and, in theory, it makes it a bit harder for criminals to hijack phone numbers with an attack known as “SIM swapping,” a type of social engineering that Motherboard has covered extensively and which is increasingly being used to steal people's phone numbers. SIM swapping attackers usually trick wireless providers into giving them control of…
Read More