InfoSec News Nuggets 09/19/2022

Trojanized versions of PuTTY utility being used to spread backdoor Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to…
Read More

InfoSec News Nuggets 08/26/2022

Twitter confirms it is testing a phone number verification badge Last week, app researcher Jane Manchun Wong pointed out that Twitter is testing a new profile badge for people who have verified their phone numbers. Earlier this month, app sleuth Nima Owji also pointed out that the company is testing a phone verification badge. On Tuesday, the company confirmed that it is running this experiment to “allow people to add context to their accounts.” This could be to essentially…
Read More

InfoSec News Nuggets 12/30/2021

LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’ LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the attempted login was valid. When LastPass noticed an unexpected rise in the…
Read More

InfoSec News Nuggets 03/01/2021

78% of top security leaders say their organizations are unprepared for a cyberattack Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in…
Read More

InfoSec News Nuggets 02/17/2021

Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion, “to push his malicious proof-of-concept (PoC) code to internal…
Read More

InfoSec News Nuggets 1/21/2020

1 - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices…
Read More