InfoSec News Nuggets 01/12/2023

The FBI Won't Say Whether It Hacked Dark Web ISIS Site  U.S. government lawyers are hampering efforts that could reveal how the FBI managed to obtain the real IP address of an alleged visitor to an ISIS website on the dark web, according to court records reviewed by Motherboard. The case involves Muhammed Momtaz Al-Azhari, who was charged in May 2020 with attempting to provide material support to ISIS. According to the complaint against him, Al-Azhari allegedly visited…
Read More

InfoSec News Nuggets 12/23/2022

Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’ The email went out to students at Knox College, a small liberal arts school in Illinois, on the evening of Dec. 12. A hacker group known as Hive had broken into the college’s computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students. “We have compromised your collage networks,” the…
Read More

InfoSec News Nuggets 12/01/2022

[U: Fix coming] Months-old security vulnerability still hasn’t been patched on Pixel, Samsung Google’s Project Zero this week highlighted the “gap” in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability. The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices…
Read More

InfoSec News Nuggets 09/19/2022

Trojanized versions of PuTTY utility being used to spread backdoor Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to…
Read More

InfoSec News Nuggets 08/26/2022

Twitter confirms it is testing a phone number verification badge Last week, app researcher Jane Manchun Wong pointed out that Twitter is testing a new profile badge for people who have verified their phone numbers. Earlier this month, app sleuth Nima Owji also pointed out that the company is testing a phone verification badge. On Tuesday, the company confirmed that it is running this experiment to “allow people to add context to their accounts.” This could be to essentially…
Read More

InfoSec News Nuggets 12/30/2021

LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’ LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the attempted login was valid. When LastPass noticed an unexpected rise in the…
Read More

InfoSec News Nuggets 03/01/2021

78% of top security leaders say their organizations are unprepared for a cyberattack Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in…
Read More

InfoSec News Nuggets 02/17/2021

Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion, “to push his malicious proof-of-concept (PoC) code to internal…
Read More

InfoSec News Nuggets 1/21/2020

1 - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices…
Read More