InfoSec News Nuggets 08/15/2023

Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles  American car maker Ford says that a vulnerability in the Wi-Fi driver of the SYNC 3 infotainment system on certain Ford and Lincoln vehicles does not pose a safety risk. Tracked as CVE-2023-29468, the bug impacts the Texas Instruments-supplied Wi-Fi driver used in the infotainment system of at least a dozen vehicles. The issue is described as a buffer overflow that could lead to remote…
Read More

InfoSec News Nuggets 05/24/2023

FTC Accuses Defunct Edtech Company Edmodo of Violating Kids' Privacy The Federal Trade Commission announced a proposed $6 million settlement with education technology company Edmodo Tuesday for collecting data from kids without parental consent and using it to sell ads in violation of the Children’s Online Privacy Protection Act (COPPA). The case is unusual for several reasons, including the fact that the Edmodo went out of business while the government was still investigating. The FTC is on a tear in recent months, upending the…
Read More

InfoSec News Nuggets 04/19/2023

This ATM Scam Is Masquerading As an Act of Kindness  Taking money out of an ATM can be a fairly nerve-wracking thing to do depending on where you are and what time of the day or night it is. Having someone show you any kind of altruistic behavior, like letting you know you dropped some cash on the floor, can lower your defenses and give you hope that the universe is not out to get you. Except…
Read More

InfoSec News Nuggets 08/30/2022

Justice Department in early stages of filing an antitrust lawsuit against Apple, says report The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had…
Read More

InfoSec News Nuggets 04/25/2022

Russian hackers are seeking alternative money-laundering options The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets. Although the options are few, cybecriminals are discussing viable solutions to cash out or safe keep stolen funds and cryptocurrency, analysts at Flashpoint observed in conversations from threat actors. First came the bank sanctions and the blocking of SWIFT payments, a result of…
Read More

InfoSec News Nuggets 02/16/2022

Outrage over Telenor Myanmar sale grows as more ties between military and new owner revealed Activists in Myanmar have released troves of data linking the country's military dictatorship to a company that will be purchasing a majority stake in Telenor Myanmar -- a subsidiary of Norwegian telecom giant Telenor that controls the personal data of 18 million Myanmar subscribers. Telenor, which is owned and controlled by the Norwegian government, has faced significant backlash for weeks after it announced a decision to sell its…
Read More

InfoSec News Nuggets 12/03/2021

Really stupid “smart contract” bug let hackers steal $31 million in digital coin Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. “Project owners can list their tokens without the burden of capital…
Read More

InfoSec News Nuggets 10/25/2021

Groove ransomware calls on all extortion gangs to attack US interests The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week. Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains. As part of this shutdown, a known REvil operator claimed that the unknown party was "looking" for them by modifying…
Read More

InfoSec News Nuggets 09/17/2021

Anonymous leaks gigabytes of data from alt-right web host Epik Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180GB in size, contains a "decade's worth of…
Read More

InfoSec News Nuggets 09/15/2021

BlackMatter ransomware hits medical technology giant Olympus Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company's camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has been selling…
Read More

InfoSec News Nuggets 01/25/2021

After big hack of U.S. government, Biden enlists 'world class' cybersecurity team President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Disclosed in December, the hack struck eight federal agencies and numerous companies, including software provider SolarWinds Corp. U.S. intelligence agencies…
Read More

InfoSec News Nuggets 10/27/2020

FTC Launches New Fraud Reporting Tool for US Consumers The US Federal Trade Commission (FTC) has launched a new cyber-fraud reporting platform, where consumers can easily report fraud, scams or bad business practices. As fraud has surged during the pandemic, the consumer protection agency has created ReportFraud.ftc.gov, a user-friendly platform providing a “streamlined experience” for people bombarded with online scams and impostor calls. “Every time you report scams or bad business practices to the FTC, you’re…
Read More

InfoSec News Nuggets 3/31/2020

Leave the pandemic out of your phishing simulations, Cofense says to industry At least one anti-phishing company says it won’t be testing its customers with coronavirus-themed emails, out of concerns that it’s not socially responsible to play into fears around the current pandemic. Cofense says it has removed all COVID-19-themed spearphishing templates from its repository of attacks, and the Virginia-based company is recommending other organizations join it in a pledge to avoid using the global health crisis as fodder. Like other…
Read More

InfoSec News Nuggets 12/11/2019

1 - Bitcoin-hungry hackers broke their own decryption tool, analysts warn Cybersecurity researchers warn that paying Bitcoin $BTC▼2.23% to retrieve files locked by the prolific Ryuk ransomware may still result in data loss. This means that Ryuk‘s latest victims are stuck between a rock and a hard place. If they refuse to send their attackers Bitcoin, they’ll lose access to their data altogether, but if they pay, the hackers will provide them with a decryption tool that doesn’t work. Software…
Read More