InfoSec News Nuggets 9/20/2019

Documents reveal how Russia taps phone companies for surveillance In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country’s largest phone and internet companies. These boxes, some the size of a washing machine, house equipment that gives the Russian security services access to the calls and messages of millions of citizens. This government surveillance system remains largely shrouded in secrecy, even though phone and web companies…
Read More

InfoSec News Nuggets 9/12/2019

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that uncovered the activity.…
Read More

InfoSec News Nuggets 9/11/2019

Toyota Parts Supplier Hit By $37 Million Email Scam The Toyota Boshoku Corporation, a major supplier of Toyota auto parts, reported some distressing news this week. Fraudsters fleeced the company via an email scam to the tune of about ¥ 4 billion (JPY). That works out to just over $37 million at today's exchange rate. On August 14th, attackers managed to convince someone with financial authority to change account information on an electronic funds transfer.…
Read More

InfoSec News Nuggets 9/9/2019

South Korean Firm’s Email Leak Exposes Global Clients Security researchers have discovered a South Korean company leaking highly sensitive client and personal emails, which has refused to engage with either them or journalists asking for more info. Industrial pipe manufacturer DKLOK exposed an unprotected email database to the public internet, where white hat hackers from vpnMentor were able to probe it using simple port scanning techniques. “Our team was able to access this database through a vulnerability…
Read More

InfoSec News Nuggets 9/5/2019

Scamming You Through Social Media Many of us have received phishing email, either at work or home. These emails look legitimate, such as from your bank, your boss, or your favorite online store, but are really an attack, attempting to pressure or trick you into taking an action you should not take, such as opening an infected email attachment, sharing your password, or transferring money. The challenge is, the more savvy we become at spotting…
Read More

InfoSec News Nuggets 8/30/2019

NIST Wants Insight on Combatting Telehealth Cybersecurity Risks The National Institute of Standards and Technology wants to hear from vendors who can deliver technical expertise and products that can help secure health organizations’ telehealth capabilities.  According to a notice set to be published in the Federal Register Thursday, the agency wants vendors to provide insight and demonstrations to support the National Cybersecurity Center of Excellence’s health care sector-specific use case, “Securing Telehealth Remote Patient Monitoring Ecosystem.” “This notice…
Read More

InfoSec News Nuggets 08/27/2019

1 Hostinger Security Breach Impacts 14M Customers Web hosting company Hostinger suffered a security breach on Aug. 23 that allowed an unauthorized third-party to gain access to its internal systems. As TechCrunch reports, the server contained the company's internal system API and associated database which held customer usernames, email addresses, first names, IP addresses, and hashed passwords. The passwords were protected with the SHA-1 algorithm, but that has been proven to be vulnerable to attack.…
Read More

InfoSec News Nuggets 08/26/2019

1 Peripheral Maker Fanatec Hacked, Customer Details Stolen If you've ever been in the market for a high-end gaming controller, racing wheel, or pedals, chances are peripheral maker Fanatec was on your radar. Purchasing directly from Fanatec turned out to be a bad idea, though, as your personal details are probably in the hands of hackers. As Kotaku reports, Fanatec CEO Thomas Jackermeier sent out an email yesterday to all customers informing them that, "our online shop of…
Read More

InfoSec News Nuggets 08/23/2019

1 Intel unveils first artificial intelligence chip Springhill Intel Corp on Tuesday unveiled its latest processor that will be its first using artificial intelligence (AI) and is designed for large computing centers. The chip, developed at its development facility in Haifa, Israel, is known as Nervana NNP-I or Springhill and is based on a 10 nanometer Ice Lake processor that will allow it to cope with high workloads using minimal amounts of energy, Intel said.…
Read More

InfoSec News Nuggets 08/21/2019

1 Cyber Safety for Students As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following…
Read More

InfoSec News Nuggets 08/20/2019

1 Cybersecurity conference attendees possibly exposed to IRL virus They, perhaps more than any other gathered group of industry professionals, know how to defend against viruses. Just, maybe, not this kind. Hackers and cybersecurity researchers who attended this year's annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in…
Read More

InfoSec News Nuggets – 08/16/2019

1 Google employees protest: 'Don't bid for border control cloud contract' Google employees are calling on the company not to bid on a cloud contract with the US Customs and Border Protection (CBP) in protest against the agency's alleged human-rights abuses at the Mexican border. The petition demands that Google does not bid on a recently published CBP request for information (RFI) for a "cloud services provider". However, Google employees also want the company to…
Read More