InfoSec News Nuggets 9/27/2024

US sanctions crypto exchanges used by Russian ransomware gangs The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. Cryptex (which used the cryptex[.]net domain) reportedly provides financial services to cybercriminals and laundered over $51 million in funds linked to ransomware attacks. "Cryptex is also associated with over $720 million in transactions to services frequently used…
Read More

InfoSec News Nuggets 07/11/2023

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns," the company said in its Release Notes for Firefox 115.0 released last week.…
Read More

InfoSec News Nuggets 05/04/2022

Mozilla finds mental health apps fail 'spectacularly' at user security, data policies An investigation into mental health and prayer apps has revealed a disturbing lack of concern surrounding user security and privacy. On Monday, Mozilla released the findings of a new study into these types of apps, which often deal with sensitive topics including depression, mental health awareness, anxiety, domestic violence, PTSD, and more, alongside religion-themed services. According to Mozilla's latest *Privacy Not Included guide, despite the…
Read More

InfoSec News Nuggets 09/18/2020

Privacy-focused search engine DuckDuckGo is growing fast DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform. While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet. DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also…
Read More

InfoSec News Nuggets 7/17/2020

Mozilla project exposes YouTube's recommendation 'bubbles' We’ve all seen social media posts from our climate change-denying cousin or ultra-liberal college friend, and have wondered how they came to certain conclusions. Mozilla’s new project, “TheirTube,” created by Amsterdam-based designer Tomo Kihara, is offering a glance at theoretical YouTube homepages for users in six different categories. Those personas include: fruitarian, doomsday prepper, liberal, conservative, conspiracist and climate denier.  Through these different personas, Mozilla hopes to demonstrate how…
Read More

InfoSec News Nuggets 7/10/2020

Mozilla suspends Firefox Send service while it addresses malware abuse Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a "Report abuse" button. The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send's increasing prevalence in current malware operations. Mozilla launched Firefox Send in March 2019. The service provides secure and private file-hosting and file-sharing capabilities for Firefox…
Read More

InfoSec News Nuggets 5/26/2020

Home Chef announces data breach after hacker sells 8M user records Home Chef, a US-based meal kit and food delivery service, announced a data breach today after a hacker sold 8 million user records on a dark web marketplace. Last week, BleepingComputer reported that a hacking group actor named Shiny Hunters was selling the user records for eleven companies on a dark web marketplace. The threat actor was selling these databases for $500 to $2,500. The user records for…
Read More

InfoSec News Nuggets 2/14/2020

1 - Apple joins Microsoft, Samsung, Intel in FIDO security alliance Apple has now joined the FIDO or "Fast Identity Online" Alliance, several years after competitors including Microsoft, Samsung, Intel and Google. FIDO is concerned with fostering and promoting higher security for users, and specifically using authentication technology such as biometric sensors rather than passwords. FIDO was formed in July 2012 by a small group of companies including PayPal and Lenovo. Its open specifications called…
Read More

InfoSec News Nuggets 1/3/2020

1 - Apple answers dev concerns that location tracking alerts will upset users When Apple released iOS 13 towards the end of September 2019 it brought with it a new warning that told users when an app repeatedly accessed their location data in the background. A new Wall Street Journal report (via MacRumors) notes that developers are worried that the alerts will make users doubt their apps. But Apple isn't concerned. According to the report…
Read More

InfoSec News Nuggets 12/04/2019

1 - Apple's tap-and-go Express payments come to London public transport Paying for daily necessities using your phone might feel like the future, but the reality can sometimes be slower as mobile payments require authentication that can take time to approve. To combat this issue, Apple has brought its Express feature to London, making it far quicker and easier to use Apple Pay on services like the Tube. Apple's Express Mode can now be used on all Transport…
Read More

InfoSec News Nuggets 10/16/2019

1- Mozilla Rolls Out Code Injection Attack Protection in Firefox Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. "A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening the code at various levels," said the Mozilla Security Team today.…
Read More