InfoSec News Nuggets 08/16/2023

Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums  A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube tutorials directing victims to download infected software," Hudson Rock CTO Alon Gal…
Read More

InfoSec News Nuggets 10/06/2022

Former Uber security chief convicted of covering up 2016 data breach  A former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016. Joe Sullivan was found guilty of obstructing justice for hiding the breach from the Federal Trade Commission, which had been probing Uber’s privacy protections at the time, and of actively hiding a felony. The verdict ended a dramatic…
Read More

InfoSec News Nuggets 05/10/2022

All internet service providers in US must block 3 pirate streaming sites, federal judge rules A federal judge in New York City has ordered every internet service provider in the United States to block three pirate streaming services that are rebroadcasting copyrighted Israeli shows in this country. U.S. District Judge Katherine Polk Failla of the Southern District of New York issued default judgments and permanent injunctions last week against streaming services Israel.tv, Israeli-tv.com and Sdarot.tv, report Ars…
Read More

InfoSec News Nuggets 04/20/2022

Court reaffirms that data scraping isn't hacking in LinkedIn appeal The Ninth Circuit Court of Appeals on Monday reaffirmed a 2019 ruling that LinkedIn could not ban competitor hiQ Labs from scraping publicly available data on its platform by citing federal hacking laws. The case dates back to a 2019 lawsuit by HiQ Labs to block a cease-and-desist letter from LinkedIn aimed at halting the company from scraping public data from the social networking site. The…
Read More

InfoSec News Nuggets 03/29/2022

Hundreds more packages found in malicious npm 'factory' Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on March 21 and grew rapidly, with each npm package deliberately named to mimic legitimate software. An automated script targeted…
Read More

InfoSec News Nuggets 11/18/2020

DarkSide ransomware is creating a secure data leak service in Iran The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack…
Read More

InfoSec News Nuggets 7/6/2020

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix. Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized applications. Software engineer and app…
Read More

InfoSec News Nuggets 10/18/2019

1 - California adds biometric specs to data breach law California is changing its Information Practices Act of 1977 to expand the definition of personal information with additional identifiers, including biometric data of those affected. The amendment comes with new instructions on how to notify affected parties by a breach. The legislation is old and uses a definition too broad to describe personal information in all the shapes and forms found today. As such, amendment…
Read More