InfoSec News Nuggets 5/6/2024

NSA warns of North Korean hackers exploiting weak DMARC email policies The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East…
Read More

InfoSec News Nuggets 12/05/2022

NATO Launches Massive Cyber-Defense Exercise NATO this week kicked off its Cyber Coalition 22 exercise with a mission to enhance cyber resilience among its members. The military alliance brought together 1000 defenders from 26 member countries plus Finland and Sweden, Georgia, Ireland, Japan, Switzerland and the EU, as well as participants from industry and academia. The five-day exercise is designed to pose real-life challenges to participants such as cyber-attacks on power grids and NATO assets,…
Read More

InfoSec News Nuggets 05/06/2022

A lone-wolf researcher has turned the table on the hackers A researcher going by the name hyp3rlinx has discovered that some of the most popular ransomware strains, such as Conti, REvil, LockBit, including many others, carry a flaw that makes them vulnerable to DLL hijacking. By exploiting the flaw, the researcher was able to prevent the ransomware from its key selling proposition - encrypting files. As reported by Bleeping Computer, DLL hijacking is usually used to inject…
Read More

InfoSec News Nuggets 04/20/2021

1 - “Huge upsurge” in DDoS attacks during pandemic Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at length. And even a record-breaking year in Distributed Denial of Service (DDoS) attacks might have been expected as it follows the upward trend over the years.…
Read More

InfoSec News Nuggets 12/16/2020

Amazon, TikTok, Facebook, Others Ordered To Explain What They Do With User Data The Federal Trade Commission is demanding that nine social media and tech companies share details on how they harness users' data and what they do with the information. Amazon.com, TikTok owner ByteDance, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp (also owned by Facebook), and YouTube were sent orders by the FTC on Monday to provide the commission with details on their data collection and advertising…
Read More