InfoSec News Nuggets 04/06/2021

Technology could make fighting COVID less restrictive but privacy will take a hit Now that the world has completed a full circuit around the Sun with COVID as a passenger, it is possible to see which jurisdictions responded well, and which are still struggling to come to grips with the virus. Two of the nations held up as exemplars of how to fight COVID were Taiwan and New Zealand, but the approaches were very different: One has…
Read More

InfoSec News Nuggets 03/30/2021

Ransomware gang leaks data from US military contractor the PDI Group A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack. The victim is the PDI Group, an Ohio-based company that manufactures a wide range of ground support equipment for military needs, such as dollies, trollies, and platforms for transporting weapons, engines, and airplane parts during servicing operations. On Tuesday, the…
Read More

InfoSec News Nuggets 12/18/2020

Google sued by 10 states for alleged "anti-competitive conduct" in advertising Ten states on Wednesday brought a lawsuit against Google, accusing the search giant of "anti-competitive conduct" in the online advertising industry, including a deal to manipulate sales with rival Facebook. Texas Attorney General Ken Paxton announced the suit, which was filed in a federal court in Texas, saying Google is using its "monopolistic power" to control pricing of online advertisements, fixing the market in…
Read More

InfoSec News Nuggets 11/03/2020

Twitter explains how it will handle misleading tweets about the US election results Twitter recently updated its policies in advance of the U.S. elections to include specific rules that detailed how it would handle tweets making claims about election results before they were official. Today, the company offered more information about how it plans to prioritize the enforcement of its rules and how it will label any tweets that fall under the new guidelines. In…
Read More

InfoSec News Nuggets 10/01/2020

Cyberattack could trigger Article 5 response, NATO deputy secretary warns NATO is adapting to security threats in cyberspace despite vulnerabilities exploited in the COVID-19 pandemic, Deputy Secretary Mircea Geoana said on Monday. He noted that NATO will establish a Cyberspace Operations Center as a part of its command structure, adding that a military cyber attack on a country qualifies as a cause for all NATO nations to come to its aid. "We agreed that a cyberattack could trigger Article…
Read More

InfoSec News Nuggets 7/20/2020

Iran-linked hackers recently targeted coronavirus drugmaker Gilead Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers, as the company races to deploy a treatment for the COVID-19 virus. In one case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs, according…
Read More

InfoSec News Nuggets 11/15/2019

1 - Ransom payments averaging $41,000 per incident The average ransom payment paid out by victims increased 13 percent, to $41,000, during the last three months, but researchers noted the rate of increase has plateaued. Researchers at Coveware credited the victims with being better prepared to restore their data on their own negating the need to pay the ransom. However, that was not enough to offset malicious actors using Sodinokibi and Globelmposter variants to go…
Read More

InfoSec News Nuggets 10/31/2019

1 - Apple Patches Tens of Vulnerabilities in macOS Catalina, iOS 13 Security updates released by Apple this week for iOS 13 and macOS Catalina 10.15 address roughly 40 vulnerabilities, including issues that affect both operating systems. macOS Catalina 10.15.1, the first security update for the latest major version of the operating system, fixes 33 vulnerabilities, including flaws that can be exploited through malicious applications or by getting the targeted user to process a specially crafted file.…
Read More