InfoSec News Nuggets 09/29/2020

Federal Judge Temporarily Blocks Trump's TikTok Ban A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. starting Monday. Judge Carl Nichols of the U.S. District Court for the District of Columbia issued his decision Sunday - a few hours before the Trump administration's ban would have forced Apple and Google to remove the TikTok video-sharing app from…
Read More

InfoSec News Nuggets 09/24/2020

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active.…
Read More

InfoSec News Nuggets 08/18/2020

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel's, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach;…
Read More

InfoSec News Nuggets 08/10/2020

TikTok threatens to sue the Trump administration over the executive order barring US firms from doing business with its parent TikTok has threatened to sue the Trump administration over Thursday's executive order that bans US citizens and companies from doing business with its Chinese parent company ByteDance. TikTok responded to the order on Friday, saying it was issued "without any due process." The executive order prohibits US individuals and companies from making "any transactions" with…
Read More

InfoSec News Nuggets 6/29/2020

TikTok caught copying iOS users' clipboard contents, claims it's an anti-spam feature As the Telegraph notes, TikTok was one of several applications discovered to be reading users’ clipboards back in March. A couple of developers found popular applications such as AccuWeather, Overstock, AliExpress, Call of Duty Mobile, Patreon, and Google News were all snooping on both Android and iOS. ByteDance told Forbes this was related to the use of an outdated Google advertising SDK that was being replaced. At…
Read More

InfoSec News Nuggets 6/15/2020

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place. “We will not sell facial recognition tech to police in the U.S. until there is a national…
Read More

InfoSec News Nuggets 6/4/2020

Ransomware gang says it breached one of NASA's IT contractors The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to…
Read More

InfoSec News Nuggets 5/19/2020

Crooks are using realistic-looking webpage templates to trick you into handing over personal data Cyber criminals are still attempting to exploit the coronavirus pandemic for their own gain and they're being helped by website templates that allow them to mimic government agencies and companies. Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and bank details from victims – and many are using sites that are indistinguishable from the real thing, complete…
Read More

InfoSec News Nuggets 5/15/2020

Chrome will soon block resource-draining ads. Here’s how to turn it on now Chrome browser users take heart: Google developers are rolling out a feature that neuters abusive ads that covertly leach your CPU resources, bandwidth, and electricity. The move comes in response to a swarm of sites and ads first noticed in 2017 that surreptitiously use visitors’ computers to mine bitcoin and other cryptocurrencies. As the sites or ads display content, embedded code performs the resource-intensive…
Read More

InfoSec News Nuggets 5/12/2020

Google expects its staff to work from home until 2021 and it's not alone According to a Bloomberg report, Sundar Pichai, Google's CEO, told Google employees on Thursday to be ready to work remotely through October and possibly to the end of the year. Actually, a Google spokeswoman said most Google workers are expected to work from home until 2021. So, life's going back to normal? Not at this tech giant.  It's not just Google. Facebook has also told…
Read More

InfoSec News Nuggets 5/11/2020

South Dakota's Official Coronavirus App Shows Limits of Contact Tracing Tech One of the first official contact tracing apps from U.S. state Departments of Health doesn't reliably record location data, which it is supposed to do in order to help state governments monitor coronavirus infections and warn other residents if they may have been exposed to the virus. This is not to say that app is not working as intended, but the news shows the…
Read More

InfoSec News Nuggets 4/28/2020

Microsoft Word now flags double spaces as errors, ending the great space debate Microsoft has settled the great space debate, and sided with everyone who believes one space after a period is correct, not two. The software giant has started to update Microsoft Word to highlight two spaces after a period (a full stop for you Brits) as an error, and to offer a correction to one space. Microsoft recently started testing this change with…
Read More

InfoSec News Nuggets 3/24/2020

1 - FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to…
Read More

InfoSec News Nuggets 3/18/2020

1 - List of Free Software and Services During Coronavirus Outbreak In response to the Coronavirus (COVID-19) outbreak, many organizations are asking their employees to work remotely. This, though, brings new challenges to the workplace as users adapt to video meetings, screen sharing, and the use of remote collaboration tools. To assist a new wave of remote works and get some publicity at the same time, many software developers and service providers have started to…
Read More

InfoSec News Nuggets 3/12/2020

1 - What to expect from the Cybersecurity Solarium Commission report A bipartisan congressional committee is urging the federal government to enact a sweeping set of cybersecurity upgrades in order to modernize American defenses on issues ranging from 5G security to stopping intellectual property theft and mitigating ransomware attacks. The Cybersecurity Solarium Commission on Wednesday released 75 recommendations that call for changes in the way that Congress and the Trump administration oversee crucial security issues that, if…
Read More

InfoSec News Nuggets 3/6/2020

1 - Backdoor malware is being spread through fake security certificate alerts Backdoor and Trojan malware variants are being distributed through a new phishing technique that attempts to lure victims into accepting an "update" to website security certificates.  Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server -- especially important for domains providing e-commerce services -- as well as identity validation, which…
Read More

InfoSec News Nuggets 1/27/2020

1 - Canadian teen calls cops after fake ID doesn’t arrive, prompts police warning on identity theft scams A Canadian teen’s bizarre call to police on Tuesday to report that the fake ID they ordered online never arrived has authorities stepping up efforts to warn of potential identity theft scams. Const. Ed Sanchuk, of the Ontario Provincial Police, West Region, shared in a video message Wednesday that an unnamed Norfolk County teenager reported the fraud. An investigation determined the teen found an online seller who…
Read More

InfoSec News Nuggets 1/8/2020

1 - Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say. Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when customers pay inside, the pump…
Read More

InfoSec News Nuggets 1/2/2020

1 - Secure New Internet-Connected Devices During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in…
Read More

InfoSec News Nuggets 12/31/2019

1 - 160,000 Belgian Allianz Partners clients affected by data theft An Allianz Partners strongbox containing back-up copies of data related to disaster claims was stolen in the Netherlands in August, the insurance and assistance company disclosed on Friday. According to an audit and analysis of the documents concerned, the strongbox contained data on 160,000 Belgian customers who had filed claims for disasters or breakdowns under their assistance contracts or travel insurance. The strongbox was…
Read More

InfoSec News Nuggets 12/05/2019

1 - Messaging / Smishing Attacks One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself…
Read More

InfoSec News Nuggets 11/18/2019

1 - PrankDial.com Exposes 138 Million Records via Unprotected Database Prank calling service “PrankDial.com” has exposed 138 million log records after they have left a non-password protected database online for anyone to access. The discovery was made in October by Jeremiah Fowler of “Security Discovery”, who reported the incident to the company immediately. The platform secured the database on the same day, but the exposure could have led to the stealing of the sensitive data in the…
Read More

InfoSec News Nuggets 11/01/2019

1 - Scammers are now faking voicemail notifications to steal Office 365 login credentials Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access…
Read More

InfoSec News Nuggets 10/08/2019

Signal patches Android bug that allowed hackers to answer calls on your behalf  Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end. Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls. Signal has since patched the…
Read More

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More