11 May 2020
By Mary

InfoSec News Nuggets 5/11/2020

South Dakota's Official Coronavirus App Shows Limits of Contact Tracing Tech One of the first official contact tracing apps from U.S. state Departments of Health doesn't reliably record location data, which it is supposed to do in order to help state governments monitor coronavirus infections and warn other residents if they may have been exposed to the virus. This is not to say that app is not working as intended, but the news shows the…
Read More
28 Apr 2020
By Mary

InfoSec News Nuggets 4/28/2020

Microsoft Word now flags double spaces as errors, ending the great space debate Microsoft has settled the great space debate, and sided with everyone who believes one space after a period is correct, not two. The software giant has started to update Microsoft Word to highlight two spaces after a period (a full stop for you Brits) as an error, and to offer a correction to one space. Microsoft recently started testing this change with…
Read More
24 Mar 2020
By Mary

InfoSec News Nuggets 3/24/2020

1 - FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to…
Read More
18 Mar 2020
By Mary

InfoSec News Nuggets 3/18/2020

1 - List of Free Software and Services During Coronavirus Outbreak In response to the Coronavirus (COVID-19) outbreak, many organizations are asking their employees to work remotely. This, though, brings new challenges to the workplace as users adapt to video meetings, screen sharing, and the use of remote collaboration tools. To assist a new wave of remote works and get some publicity at the same time, many software developers and service providers have started to…
Read More
12 Mar 2020
By Mary

InfoSec News Nuggets 3/12/2020

1 - What to expect from the Cybersecurity Solarium Commission report A bipartisan congressional committee is urging the federal government to enact a sweeping set of cybersecurity upgrades in order to modernize American defenses on issues ranging from 5G security to stopping intellectual property theft and mitigating ransomware attacks. The Cybersecurity Solarium Commission on Wednesday released 75 recommendations that call for changes in the way that Congress and the Trump administration oversee crucial security issues that, if…
Read More
06 Mar 2020
By Mary

InfoSec News Nuggets 3/6/2020

1 - Backdoor malware is being spread through fake security certificate alerts Backdoor and Trojan malware variants are being distributed through a new phishing technique that attempts to lure victims into accepting an "update" to website security certificates.  Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server -- especially important for domains providing e-commerce services -- as well as identity validation, which…
Read More
27 Jan 2020
By Mary

InfoSec News Nuggets 1/27/2020

1 - Canadian teen calls cops after fake ID doesn’t arrive, prompts police warning on identity theft scams A Canadian teen’s bizarre call to police on Tuesday to report that the fake ID they ordered online never arrived has authorities stepping up efforts to warn of potential identity theft scams. Const. Ed Sanchuk, of the Ontario Provincial Police, West Region, shared in a video message Wednesday that an unnamed Norfolk County teenager reported the fraud. An investigation determined the teen found an online seller who…
Read More
08 Jan 2020
By Mary

InfoSec News Nuggets 1/8/2020

1 - Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say. Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when customers pay inside, the pump…
Read More
02 Jan 2020
By Mary

InfoSec News Nuggets 1/2/2020

1 - Secure New Internet-Connected Devices During the holidays, internet-connected devices—also known as Internet of Things (IoT) devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal and financial information over the internet. The security of this information, and the security of these devices, is not guaranteed. For example, vendors often store personal information in…
Read More
31 Dec 2019
By Mary

InfoSec News Nuggets 12/31/2019

1 - 160,000 Belgian Allianz Partners clients affected by data theft An Allianz Partners strongbox containing back-up copies of data related to disaster claims was stolen in the Netherlands in August, the insurance and assistance company disclosed on Friday. According to an audit and analysis of the documents concerned, the strongbox contained data on 160,000 Belgian customers who had filed claims for disasters or breakdowns under their assistance contracts or travel insurance. The strongbox was…
Read More
05 Dec 2019
By Mary

InfoSec News Nuggets 12/05/2019

1 - Messaging / Smishing Attacks One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself…
Read More
18 Nov 2019
By Mary

InfoSec News Nuggets 11/18/2019

1 - PrankDial.com Exposes 138 Million Records via Unprotected Database Prank calling service “PrankDial.com” has exposed 138 million log records after they have left a non-password protected database online for anyone to access. The discovery was made in October by Jeremiah Fowler of “Security Discovery”, who reported the incident to the company immediately. The platform secured the database on the same day, but the exposure could have led to the stealing of the sensitive data in the…
Read More
01 Nov 2019
By Mary

InfoSec News Nuggets 11/01/2019

1 - Scammers are now faking voicemail notifications to steal Office 365 login credentials Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access…
Read More
08 Oct 2019
By Mary

InfoSec News Nuggets 10/08/2019

Signal patches Android bug that allowed hackers to answer calls on your behalf  Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end. Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls. Signal has since patched the…
Read More
29 Aug 2019
By Devon

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More