InfoSec News Nuggets 11/16/2020

Microsoft says it’s time for you to stop using SMS and voice calls for multi-factor authentication Multi-factor authentication makes it much harder for hackers to break their way into your online accounts, even if they already know your password. An online account protected by MFA will prompt you to enter a separate one-time code – often constructed out of six random digits that expire after a short period of time – after you have entered…
Read More

InfoSec News Nuggets 10/21/2020

Seven mobile browsers vulnerable to address bar spoofing attacks An "address bar spoofing" vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there…
Read More

InfoSec News Nuggets 10/06/2020

SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it.…
Read More

InfoSec News Nuggets 09/28/2020

Google adds a COVID-19 layer to Google Maps Google continues to work on improving Google Maps and on Wednesday a "COVID-19 layer" started rolling out. With this layer, users can see areas where the virus is spreading and it is coded by color based on the number of people with the coronavirus in each region. The layer produces these color codes based on the seven-day average for the number of new COVID-19 cases per 100,000…
Read More

InfoSec News Nuggets 09/23/2020

FBI hopes a more aggressive cyber strategy will disrupt foreign hackers Last week saw a flurry of U.S. indictments of alleged Chinese and Iranian hackers as part of a multi-agency crackdown on foreign intelligence services. The Department of Treasury issued sanctions, the Department of Homeland Security advised companies on how to fend off hackers and U.S. intelligence agencies likely kept a close eye on possible reactions from Beijing and Tehran. At the center of the coordinated crackdowns, though, were…
Read More

InfoSec News Nuggets 09/02/2020

Former engineer pleads guilty to Cisco network damage, causing Webex Teams account chaos A former Cisco engineer has admitted to illegally accessing Cisco's network and wiping 456 virtual machines as well as causing disruption to over 16,000 Webex Teams accounts. Sudhish Kasaba Ramesh has taken a plea agreement in a federal court in San Jose after being accused of intentionally accessing a protected computer without authorization and recklessly causing damage, according to the US Department of Justice…
Read More

InfoSec News Nuggets 08/25/2020

Here's how to turn your old phone into a home security camera for free If you have some old phones collecting dust in a drawer somewhere, don't sell them for a fraction of what you bought them for. If they still turn on, you can put them to good use in your home. You could turn one into a baby monitor or a makeshift Google Home speaker, for example. Those are good ideas and you can find more in the link…
Read More

InfoSec News Nuggets 7/31/2020

US provides new expanded set of espionage charges against former Twitter employees The two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, and the third person named Ahmed Almutairi were originally charged with fraudulently accessing private information and acting as illegal agents of a foreign government for allegedly spying on Twitter users critical of the Saudi royal family. This time around, the individuals have been charged with seven offences instead of two. The charges include acting as…
Read More

InfoSec News Nuggets 7/28/2020

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation. According to Cryptolaemus, a group of white-hat security researchers tracking…
Read More

InfoSec News Nuggets 7/23/2020

TikTok might be sold to US investors to ward off security concerns Chinese short video platform TikTok is currently facing close scrutiny and risks being booted out of the US — which is home to some of its most popular content creators — but the app may find a lifeline there. The Information reports that a number of US-based investors who already have a stake in TikTok‘s parent company, ByteDance, are considering purchasing the subsidiary company to…
Read More

InfoSec News Nuggets 7/15/2020

MIT creates a soft-fingered robotic gripper than could eventually tie knots and sew stitches MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) has shared the results of a new project in which it built a two-fingered robotic gripper, which has soft pads for dedicated and fine manipulation of objects like cables, sheets and more. The robot’s design is based on how humans use their fingers to do things like untangle wires and tie knots. To…
Read More

InfoSec News Nuggets 7/2/2020

Creepto Cash: personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage bitcoin scam. Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs used to redirect people to websites posing…
Read More

InfoSec News Nuggets 6/25/2020

Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected male from Kazakhstan who claimed to have broken…
Read More

InfoSec News Nuggets 6/23/2020

Activists publish 269GB of hacked US police force data Dubbed BlueLeaks, the group known as Distributed Denial of Secrets (DDoSecrets) has published 269GB of material providing insights into law enforcement and a wide array of US government activities. The public can also access the information in its entirety. These files include hundreds of thousands of images, as well as documents, tables, text files, videos and emails, with the complete dataset available to download by anybody…
Read More

InfoSec News Nuggets 6/19/2020

Amazon owes answers on facial recognition moratorium, lawmaker says Amazon's move to stop providing facial recognition to law enforcement until June 2021 has left more questions than answers. The company's announcement, limited to 102 words in a blog post, left out a lot of details on what the moratorium actually means, and a House representative is demanding answers from Amazon founder Jeff Bezos. In a letter sent to Bezos and Amazon on Wednesday, Rep. Jimmy Gomez, is asking the…
Read More

InfoSec News Nuggets 6/5/2020

Denial of service attacks against advocacy groups skyrocket In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically. “As we’ve often seen in the past, real world protest and violence is usually accompanied by attacks on the…
Read More

InfoSec News Nuggets 6/3/2020

Trump's social media executive order faces lawsuit The nonprofit Center for Democracy and Technology is taking aim at US President Donald Trump's social media executive order. The CDT filed a lawsuit against the president on Tuesday, alleging that the order violates the First Amendment and the right to free speech. "The order is plainly retaliatory: it attacks a private company, Twitter, for exercising its First Amendment right to comment on the President's statements," the lawsuit says. "More fundamentally, the…
Read More

InfoSec News Nuggets 6/1/2020

Meet the Victims of Online Scams Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible. The victims of online scams each possess unique characteristics. And in the eyes of bad…
Read More

InfoSec News Nuggets 5/29/2020

How to Unlock Hidden Browser Games in Edge, Firefox and Chrome Your web browser is full of secrets. I typically spend my time poring over new features I can unlock via pages like chrome://flags and about:config, but it’s also nice to take a little break and play the hidden games that come packed into the most popular browsers. Yes, your desktop browser is filled with hidden games. Don’t crack your knuckles and expect to hunker down for a Civilization VI-like session—they’re not that great.…
Read More

InfoSec News Nuggets 5/21/2020

REvil Ransomware found buyer for Trump data, now targeting Madonna The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna. The hackers breached the network of Grubman Shire Meiselas & Sacks (GSMLaw), a law firm representing a huge number of A-list celebrities, stealing everything they considered of value before encrypting the data. After unfruitful negotiations with…
Read More

InfoSec News Nuggets 5/12/2020

Google expects its staff to work from home until 2021 and it's not alone According to a Bloomberg report, Sundar Pichai, Google's CEO, told Google employees on Thursday to be ready to work remotely through October and possibly to the end of the year. Actually, a Google spokeswoman said most Google workers are expected to work from home until 2021. So, life's going back to normal? Not at this tech giant.  It's not just Google. Facebook has also told…
Read More

InfoSec News Nuggets 4/24/2020

Zoom will soon let you report meeting participants to help bust Zoombombers Zoom is adding a way for hosts to report meeting participants, according to the app’s release notes published on April 19th (via PC Mag). In theory, that could help the company track down trolls that take over Zoom calls and share inappropriate material, a practice more colloquially known as “Zoombombing.” Zoom says the reporting feature will be available in an update that’s scheduled to release on Sunday, April…
Read More

InfoSec News Nuggets 4/16/2020

MIT’s AI-powered device lets doctors monitor coronavirus patients remotely A new device that uses AI to monitor coronavirus symptoms is helping doctors treat patients beyond the reach of infection. The box-like device emits wireless signals that bounce off human bodies before returning to the system. Algorithms then analyze changes in the signals to infer the person’s breathing rate, sleep patterns, and movements. The system, named Emerald, was developed at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).…
Read More

InfoSec News Nuggets 4/14/2020

Apps collecting data to help stop the virus spread must limit sharing of information, cybersecurity expert says Apple and Google’s joint initiative to build a platform that helps contain the spread of the coronavirus looks promising, but steps have to be taken to prevent it from invading the privacy of users for the long term, an academic with expertise on science and tech policy told CNBC. The tech giants announced Friday they were working together to provide tools that help…
Read More

InfoSec News Nuggets 4/9/2020

The US is formalizing Team Telecom rules to restrict foreign ownership of internet and telecom assets It has the simplest name, but the sort of shadowy overtones that national security writers lust after. Team Telecom, a mostly informal working committee of the Departments of Defense, Homeland Security and Justice (along with affiliated agencies) has for years been quietly tasked with evaluating and maintaining the security of America telecom infrastructure in concert with the FCC. Its…
Read More

InfoSec News Nuggets 4/3/2020

Cybercriminals targeting Zoom, Google and Teams domains Popular video conferencing applications such as Zoom, Teams and Google are seeing their names used by malicious actors to create newly registered fake domains with Zoom seemingly being singled out at this time. Since January 1 the security firm has seen about 1,700 new domains registered using the word “zoom” in some fashion with 25 percent of these new registrations happing in the last seven days. Cyber gangs…
Read More

InfoSec News Nuggets 3/26/2020

You Can FaceTime Your Doctor Now Last week, the Centers for Medicare and Medicaid Services (CMS) and the Department of Health and Human Services (HHS) announced two measures to expand telehealth access for patients across the country. As of March 6, 2020, providers can offer telehealth visits to all of their Medicare and Medicaid patients, regardless of location, and still get reimbursed for the costs. (Previously, only patients in certain rural areas were eligible.) And, until…
Read More

InfoSec News Nuggets 3/16/2020

1 - US is preparing to ban foreign-made drones from government use The Trump administration is preparing an executive order to ban federal departments and agencies from buying or using foreign-made drones, citing a risk to national security, TechCrunch has learned. The draft order, which was drafted in the past few weeks and seen by TechCrunch, would effectively ban both foreign-made drones or drones made with foreign components out of fear that sensitive data collected…
Read More

InfoSec News Nuggets 3/13/2020

1 - New action to disrupt world’s largest online criminal network Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure…
Read More

InfoSec News Nuggets 3/2/2020

1 - DNC warns campaigns about cybersecurity after attempted scam An online “impersonator” of a Democratic National Committee (DNC) staffer tried to contact presidential campaigns, including Sen. Bernie Sanders’s (I-Vt.) campaign, the committee said in a statement to the candidates Wednesday. Bob Lord, the DNC’s chief security officer, wrote in an email to the campaigns obtained by The Hill that “adversaries will often try to impersonate real people on a campaign." He added that the “adversaries”…
Read More

InfoSec News Nuggets 2/25/2020

1 - Developers Hack McDonald’s Reward System to Get Free Hamburgers A couple of German software developers discovered an oversight in McDonalds’ promotion systems that allowed them to get as many hamburgers as they wanted, without paying anything. While software vulnerabilities or loopholes are sometimes used for nefarious purposes, that’s not always the case. The same can be said of white hackers and software developers who want to make the online world a safer place.…
Read More

InfoSec News Nuggets 2/18/2020

1 - Reuters Partners With Facebook For Fact-Checking Program Reuters has joined Facebook’s fact-checking crusade. As part of the social network’s third-party program, Reuters will comb through photos, videos, headlines, and other content—in the run-up to the U.S. election and beyond—to verify information in English and Spanish. The global news provider will then publish its findings on a specially created blog. “We are steadfastly recognizing the magnitude of misinformation taking place around the world. It’s a…
Read More

InfoSec News Nuggets 2/14/2020

1 - Apple joins Microsoft, Samsung, Intel in FIDO security alliance Apple has now joined the FIDO or "Fast Identity Online" Alliance, several years after competitors including Microsoft, Samsung, Intel and Google. FIDO is concerned with fostering and promoting higher security for users, and specifically using authentication technology such as biometric sensors rather than passwords. FIDO was formed in July 2012 by a small group of companies including PayPal and Lenovo. Its open specifications called…
Read More

InfoSec News Nuggets 2/6/2020

1 - Maze ransomware publicly shaming victims into paying At least five law firms have been hit and held hostage by the Maze ransomware group in the last four days with these attacks being part of a wider campaign possibly affecting between 45 and 180 total victims in January. Maze is using a somewhat unique tactic with its latest victims. Instead of simply placing a ransom note on the infected system and waiting for payment,…
Read More

InfoSec News Nuggets 1/27/2020

1 - Canadian teen calls cops after fake ID doesn’t arrive, prompts police warning on identity theft scams A Canadian teen’s bizarre call to police on Tuesday to report that the fake ID they ordered online never arrived has authorities stepping up efforts to warn of potential identity theft scams. Const. Ed Sanchuk, of the Ontario Provincial Police, West Region, shared in a video message Wednesday that an unnamed Norfolk County teenager reported the fraud. An investigation determined the teen found an online seller who…
Read More

InfoSec News Nuggets 1/24/2020

1 - Soft robotic hands may soon have a firm grip on the industry Soft Robotics, a company that develops enterprise level soft robotic grippers for a variety of materials handling and pick and place applications, is on a roll. After securing a high level strategic partnership in 2019, the company has announced an oversubscribed Series B worth $23M. Back in December, Soft Robotics rolled out an innovative adaptable gripper system designed especially to work with FANUC robots…
Read More

InfoSec News Nuggets 1/17/2020

1 - Proof-of-concept exploits published for the Microsoft-NSA crypto bug Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher…
Read More

InfoSec News Nuggets 1/16/2020

1 - Production company data breach exposes personal data of Dove ‘real people’ ad participants A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign. The company inadvertently exposed the data, which included bank details and passport scans, by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket. This meant…
Read More

InfoSec News Nuggets 1/15/2020

1 - Texas school district falls for email scam, hands over $2.3 million A successful phishing scam has left a Texan school district $2.3 million out of pocket. Last week, the Manor Independent School District, in Manor, Texas, said an inquiry is underway to track down the cybercriminals responsible for the fraudulent email campaign. Phishing emails were sent to the organization in November, leading to three separate transactions taking place. An employee uncovered the scheme a month later,…
Read More

InfoSec News Nuggets 1/13/2020

1 - Facebook Is Forcing Its Moderators to Log Every Second of Their Days — Even in the Bathroom When Valera Zaicev began working in Dublin as one of Facebook’s moderators a couple years ago, he knew he’d be looking at some of the most graphic and violent content on the internet. What he didn’t know was that Facebook would be counting the seconds of his bathroom breaks. “People have to clock in and clock…
Read More

InfoSec News Nuggets 1/2/2020

1 - Secure New Internet-Connected Devices During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in…
Read More

InfoSec News Nuggets 12/23/2019

1 - FBI program offers companies data protection via deception The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some…
Read More

InfoSec News Nuggets 12/16/2019

1 - Google rolls out Verified SMS and Spam Protection in Android Google announced today two updates for Messages, the default SMS app in the Android mobile operating system. Starting today, Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. As the name of the first feature hints, Verified SMS works by confirming the identity of the SMS sender. "When a message is…
Read More

InfoSec News Nuggets 11/19/2019

1 - Phishers Targeting Microsoft Office 365 Admin Credentials Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations. The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from validated domains that don’t belong to Microsoft. Digital fraudsters are stealing Microsoft Office 365…
Read More

InfoSec News Nuggets 11/18/2019

1 - PrankDial.com Exposes 138 Million Records via Unprotected Database Prank calling service “PrankDial.com” has exposed 138 million log records after they have left a non-password protected database online for anyone to access. The discovery was made in October by Jeremiah Fowler of “Security Discovery”, who reported the incident to the company immediately. The platform secured the database on the same day, but the exposure could have led to the stealing of the sensitive data in the…
Read More

InfoSec News Nuggets 11/14/2019

1 - Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded The state of Iowa contracted with a prominent cybersecurity company to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses.  In September, two employees of the company were arrested in the course of doing their jobs. The charges still have not been dropped. The incident has sparked concern across the cybersecurity industry, including worries that…
Read More

InfoSec News Nuggets 11/07/2019

1 - LA is fast becoming a fintech hub as HMBradley launches another West Coast challenger bank Add HMBradley to the list of Los Angeles based startups looking to shake up the world of high finance typically dominated by East Coast giants with names like JPMorgan Chase, Citigroup, Morgan Stanley, and Goldman Sachs. The new Santa Monica, Calif.-based bank joins companies like Aspiration and Acorns in trying to offer consumers new ways to manage their finances. Founded…
Read More

InfoSec News Nuggets 11/05/2019

1 - Conveyancing law firms targeted in new multimillion-rand cyber scam A new multimillion-rand cyber fraud scam allegedly headed by Nigerians and targeting attorneys dealing with big-money property transactions has been exposed in a graft case in the Joburg Commercial Crime Court. Olutunji Abdul, a Nigerian, and Siphosihle Sithole, a South African, are standing trial in a R7.8million matter in what investigators termed the new “business email compromise” (BEC) fraud. Last week in the Joburg…
Read More

InfoSec News Nuggets 11/04/2019

1 - Windows BlueKeep RDP Attacks Are Here, Infecting with Miners The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP). Security researcher Kevin Beaumont noticed on Saturday that multiple honeypots…
Read More

InfoSec News Nuggets 10/29/2019

1 - UniCredit reveals data breach exposing 3 million customer records UniCredit has revealed a data breach resulting in the leak of information belonging to three million customers. On Monday, the Italian bank and financial services organization said that a compromised file, generated in 2015, is the source of the security incident. In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered. While UniCredit caters to an international…
Read More