InfoSec News Nuggets 09/30/2022

Covert malware targets VMware for hypervisor-level espionage Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year. The now-Google-owned threat intel team attributed the intrusions to an uncategorized group it calls UNC3886 and says it suspects the criminals' motivation to be espionage. It also asserts "with…
Read More

InfoSec News Nuggets 09/29/2022

Stealthy hackers target military and weapons contractors in recent attack Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The highly targeted attacks begin with a phishing email sent to employees, leading to a multi-stage infection involving many persistence and detection avoidance systems. The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell…
Read More

InfoSec News Nuggets 09/28/2022

Optus hacker apologizes and allegedly deletes all stolen data The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. Optus, Australia's second-largest mobile operator, first disclosed the security breach on September 22, 2022, saying that an attacker might have gained access to…
Read More

InfoSec News Nuggets 09/27/2022

Ukraine warns of 'massive cyberattacks' coming from Russia on critical infrastructure sites The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday. The Russians are also planning to “increase the intensity of the DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic state,” the country’s Defense Intelligence agency said in a statement posted…
Read More

InfoSec News Nuggets 09/26/2022

Oracle Cloud admits users could access other customer data A vulnerability in Oracle Cloud Infrastructure (OCI) could have allowed basically any user to read and write data belonging to any other OCI customer, researchers have claimed. Experts from cloud security firm Wiz said they stumbled upon the vulnerability when building an OCI connector for their own tech stack, discovering that they could attach other people’s virtual disks to their virtual machine instances. The only thing…
Read More

InfoSec News Nuggets 09/23/2022

Denmark latest to conclude Google Analytics is unlawful The Danish Data Protection Agency (DPA), Datatilsynet, has become the fourth national regulator to conclude that the manner in which companies are currently using Google Analytics breaches European Union regulations that demand stricter safeguards for personal data moved outside the bloc. In a judgement published on Wednesday, the regulator said that the use of Google's popular tool is illegal because it enables companies to move users' data outside the…
Read More

InfoSec News Nuggets 09/22/2022

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of unauthorized access that was first documented in…
Read More

InfoSec News Nuggets 09/21/2022

Mobile phone hackers wield “Violence-as-a-service” for money, revenge If you ask ‘Yuki’ why he helped found a channel on Telegram to facilitate the settling of scores in the mobile phone hacking community, he says it was about supply and demand. Lots of young SIM swappers were looking for a way to get back at enemies in the real world. SIM swapping at its most basic level entails someone hijacking your mobile phone. They swap your…
Read More

InfoSec News Nuggets 09/20/2022

Eyeglass Reflections Can Leak Information During Video Calls A group of academic researchers have devised a method of reconstructing text exposed via participants’ eyeglasses and other reflective objects during video conferences. Zoom and other video conferencing tools, which have been widely adopted over the past couple of years as a result of the Covid-19 pandemic, may be used by attackers to leak information unintentionally reflected in objects such as eyeglasses, the researchers say. “Using mathematical…
Read More

InfoSec News Nuggets 09/19/2022

Trojanized versions of PuTTY utility being used to spread backdoor Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to…
Read More

InfoSec News Nuggets 09/16/2022

Proton and DuckDuckGo want Congress to approve tech antitrust reform ‘as soon as possible’ More than a dozen smaller tech companies, including Proton and DuckDuckGo are urging lawmakers to pass comprehensive antitrust legislation “as soon as possible.” For them, passing the bill would kill two birds with one stone, allowing lawmakers to address anti-competitive conduct and privacy failures in one go.  In a letter to top congressional leaders on Tuesday, executives from a dozen smaller tech…
Read More

InfoSec News Nuggets 09/15/2022

Period tracking app Flo rolls out ‘Anonymous Mode’ on iOS, Android launch coming next month Period tracking app Flo has released a new “Anonymous Mode” setting that gives users the option to access the app without their name, email address, and technical identifiers being associated with their health data. Flo promised to release the mode shortly after the Supreme Court overturned Roe v. Wade. The company launched the new Anonymous Mode setting on Wednesday for all iOS…
Read More

InfoSec News Nuggets 09/14/2022

Woman whose rape kit DNA was used against her in separate crime sues San Francisco A woman whose rape kit DNA was used to link her to an unrelated property crime has filed a lawsuit against the city of San Francisco over the incident, which sparked a national outcry earlier this year. It was revealed in February that the San Francisco police department used the DNA and later dropped the charges against her. Her DNA had been collected and…
Read More

InfoSec News Nuggets 09/13/2022

Microsoft investigates Iranian attacks against the Albanian government Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement by the Albanian government, Microsoft publicly stated that “Microsoft is committed to helping our customers be secure while achieving more. During this event, we quickly mobilized our…
Read More

InfoSec News Nuggets 09/12/2022

EU to introduce strict IoT security regulation The EU is set to introduce a law that would require smart devices to follow strict cyber security rules, on threat of a device ban. Internet of Things (IoT) devices such as smart home controls or fitness trackers are becoming more ubiquitous, making life more convenient while also increasing the vectors through which threat actors can perpetrate cyber crime. The proposal, which Reuters reports is titled the Cyber Resilience Act, will…
Read More

InfoSec News Nuggets 09/09/2022

Go programming language arrives at security warnings that are useful The open source Go programming language, developed by Google, has added support for vulnerability management in a way designed to preserve programmers' patience. The Go team recently set up a website at vuln.go.dev to host a selection of known vulnerabilities in packages that can be imported from public Go modules. These chosen vulnerabilities have been curated and reviewed by the Go security team, based on CVEs, GitHub…
Read More

InfoSec News Nuggets 09/08/2022

Minecraft is hackers’ favorite game title for hiding malware Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals, who use it to lure unsuspecting players into installing malware. Based on stats collected by the security firm between July 2021 and July 2022, Minecraft-related files accounted for roughly 25% of malicious files spreading via game brand abuse, followed by FIFA (11%), Roblox (9.5%), Far Cry (9.4%), and Call of Duty…
Read More

InfoSec News Nuggets 09/07/2022

Ireland fines Instagram a record $400 mln over children's data Ireland's data privacy regulator has agreed to levy a record fine of 405 million euros ($402 million) against social network Instagram following an investigation into its handling of children's data, a spokesperson for the watchdog said. Instagram plans to appeal against the fine, a spokesperson for parent Meta Platforms Inc (META.O) said in an emailed statement. The investigation, which started in 2020, focused on child users between…
Read More

InfoSec News Nuggets 09/06/2022

Samsung says customer data stolen in July data breach U.S. electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Samsung said Social Security numbers and credit card numbers were not affected, but some customer…
Read More

InfoSec News Nuggets 09/02/2022

Russian streaming platform Start discloses a data breach impacting 7.5M users According to the company, the attackers stole a 2021 database from its infrastructure and also shared a samples online to demonstrate the authenticity of the claims. Russian news outlet Medusa verified that the leaked data are valid. “As follows from the leak, 24.6 million Start users registered from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.” reads the post published by Medusa…
Read More

InfoSec News Nuggets 09/01/2022

TikShock: Don’t get caught out by these 5 TikTok scams TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six years it has become the dominant social media platform for sharing and viewing short videos and now boasts that viewers in the UK and US are spending more time on TikTok than on YouTube. Cybercriminals are very…
Read More

InfoSec News Nuggets 08/31/2022

Singapore clocks higher ransomware attacks, warns of IoT risks Ransomware and phishing attacks continue to climb in Singapore, hitting small and midsize businesses (SMBs) and social media platforms. Cybercriminals also are expected to turn their attention to Internet of Things (IoT) devices and crypto-based transactions, leveraging the lack of security safeguards on these platforms.  Some 55,000 local-hosted phishing URLs were identified last year, up 17% from 2020, with social media companies accounting for more than…
Read More

InfoSec News Nuggets 08/30/2022

Justice Department in early stages of filing an antitrust lawsuit against Apple, says report The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had…
Read More

InfoSec News Nuggets 08/29/2022

A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organizations Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others. The news comes from research conducted by…
Read More

InfoSec News Nuggets 08/26/2022

Twitter confirms it is testing a phone number verification badge Last week, app researcher Jane Manchun Wong pointed out that Twitter is testing a new profile badge for people who have verified their phone numbers. Earlier this month, app sleuth Nima Owji also pointed out that the company is testing a phone verification badge. On Tuesday, the company confirmed that it is running this experiment to “allow people to add context to their accounts.” This could be to essentially…
Read More

InfoSec News Nuggets 08/25/2022

University can’t scan students’ rooms during remote tests, judge rules An Ohio judge has ruled that a Cleveland State University’s virtual scan of a student’s room prior to an online test was unconstitutional. The ruling marks a victory for digital privacy advocates around the country, who have spoken loudly against the practices of online test proctoring for many years. Chemistry student Aaron Ogletree sat for an online test in the spring 2021 semester. Ogletree was…
Read More

InfoSec News Nuggets 08/24/2022

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege," researchers…
Read More

InfoSec News Nuggets 08/23/2022

Lloyd’s to end insurance coverage for state cyber attacks Insurance market Lloyd’s of London has indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023. According to the Wall Street Journal, which was first to report the story, the change will supposedly ensure that the scope of cyber insurance policies is made clear to buyers, and is being made because Lloyd’s believes the…
Read More

InfoSec News Nuggets 08/22/2022

Google blocks largest HTTPS DDoS attack 'reported to date' A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in…
Read More

InfoSec News Nuggets 08/19/2022

AirTag leads to arrest of airline worker accused of stealing at least $15,000 worth of items from luggage An Apple AirTag led to the arrest of an airline subcontractor accused of stealing thousands of dollars’ worth of items from luggage at a Florida airport. Giovanni De Luca, 19, was charged with two counts of grand theft after authorities recovered the stolen items from his home, the Okaloosa County Sheriff’s Office said in a news release…
Read More

InfoSec News Nuggets 08/18/2022

In Post Roe v. Wade Era, Mozilla Labels 18 of 25 Popular Period and Pregnancy Tracking Tech With *Privacy Not Included Warning Eighteen out of 25 reproductive health apps and wearable devices that Mozilla investigated for privacy and security practices received a *Privacy Not Included warning label. These findings raise concerns in the post-Roe landscape that data could be used by authorities to determine if users are pregnant, seeking abortion information or services, or crossing state lines…
Read More

InfoSec News Nuggets 08/17/2022

Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm. South Staffordshire Water says it has been the "target of a criminal cyber attack" which is causing disruption to…
Read More

InfoSec News Nuggets 08/16/2022

Hacker offers to sell data of 48.5 million users of Shanghai's COVID app A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub's data in just over a month. The hacker with the username as "XJP" posted an offer to sell the data for $4,000 on the…
Read More

InfoSec News Nuggets 08/15/2022

Diagnostic Robotics has AI catching health problems before they take you to the ER A stitch in time saves nine, they say — and a blood thinner in time saves a trip to the emergency room for a heart attack, as Diagnostic Robotics hopes to show. The company’s machine learning-powered preventative care aims to predict and avoid dangerous (and costly) medical crises, saving everyone money and hopefully keeping them healthier in general —  and it’s raised $45…
Read More

InfoSec News Nuggets 08/12/2022

It Might Be Our Data, But It’s Not Our Breach A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do…
Read More

InfoSec News Nuggets 08/11/2022

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account. "Cisco experienced a security incident on our corporate network in late May…
Read More

InfoSec News Nuggets 08/10/2022

Phishing attack adds pressure with countdown clock A new phishing attack tries to panic users into entering their company email login credentials by displaying a countdown clock that supposedly shows how much time remains before their account is deleted. When the time runs out, nothing actually happens, but the attackers hope the ruse, taken straight from the ransomware handbook, will pressure victims into acting without thinking. The attack begins with a message falsely telling the…
Read More

InfoSec News Nuggets 08/09/2022

Slack leaked hashed passwords from its servers for years Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users. The issue occurred when a user created or revoked a shared invitation link for their workspace. The good news is that the password wasn't plaintext, and it wasn't visible in any Slack clients. The bad news is that it could be picked up by monitoring…
Read More

InfoSec News Nuggets 08/08/2022

LinkedIn Continues its Reign as the Most-Impersonated Brand in Phishing Attacks As cybercriminals look for novel and effective ways to gain entrance to a victim network, LinkedIn is proving to be fruitful enough to keep the attention of phishing scammers. I hope you can appreciate the sophistication of a phishing attack that targets not just a specific company, or even an individual, but a role within the organization – complete with a tailored socially engineered campaign of…
Read More

InfoSec News Nuggets 08/05/2022

Scammers Sent Uber to Take Elderly Lady to the Bank Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.  In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go…
Read More

InfoSec News Nuggets 08/04/2022

Ukraine Shutters Major Russian Bot Farm Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country. The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000. This included fake news on the situation at the front, an alleged conflict between the…
Read More

InfoSec News Nuggets 08/03/2022

Russian national charged in sweeping influence operation to disrupt U.S. elections, sow discord A federal grand jury indicted a Russian national on charges of attempting to disrupt U.S. elections beginning as early as 2014, spreading disinformation to further Moscow’s political aims and infiltrating various American political organizations to carry out his plans. The indictment, unsealed Friday in Tampa, Florida, paints the portrait of a cunning Russian operative who was carrying out a sophisticated and potentially…
Read More

InfoSec News Nuggets 08/02/2022

What does Tim Hortons think your data is worth? A coffee and donut, apparently Tim Hortons, the Canadian fast food chain accused of using its mobile app to collect “vast amounts of sensitive location data” in violation of Canadian privacy laws, says it’s reached a proposed settlement in the resulting class action lawsuits, Vice reports. To make up for tracking users, recording their movements “every few minutes” even when the app was closed, the chain is proposing…
Read More

InfoSec News Nuggets 08/01/2022

Huge network of 11,000 fake investment sites targets Europe Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. The goal of the operation is to trick users into an opportunity for high-return investments and convince them to deposit a minimum…
Read More

InfoSec News Nuggets 07/22/2022

Windows 11 is getting a new security setting to block ransomware attacks Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed…
Read More

InfoSec News Nuggets 07/21/2022

Don’t Look Now, but Congress Might Pass an Actually Good Privacy Bill USUALLY, WHEN CONGRESS is working on major tech legislation, the inboxes of tech reporters get flooded with PR emails from politicians and nonprofits either denouncing or trumpeting the proposed statute. Not so with the American Data Privacy and Protection Act. A first draft of the bill seemed to pop up out of nowhere in June. Over the next month, it went through so many…
Read More

InfoSec News Nuggets 07/20/2022

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems 300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. Magecart campaigns have been skimming payment-card credentials of unsuspecting customers using three online restaurant-ordering systems, affecting about 300 restaurants that use the services and compromising tens of thousands of cards so far, researchers have found. Two separate ongoing Magecart campaigns have injected e-skimmer scripts into the online ordering…
Read More

InfoSec News Nuggets 7/19/2022

US Cybersecurity Agency CISA to Open London Office The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration. The cyber defense agency’s first Attaché Office will open later this month in London and its goal is to “serve as a focal point for international collaboration between CISA, UK government officials, and other federal agency…
Read More

InfoSec News Nuggets 07/18/2022

Public Cloud Customers Admit Security Challenges Most global organizations aren’t fully confident in the effectiveness of their security controls in the public cloud, despite storing sensitive data there, according to a new Cloud Security Alliance (CSA) study. Sponsored by Anjuna Security, the Sensitive Data in the Cloud report is compiled from interviews with 452 IT and security professionals, from various organization sizes and locations. It revealed that over two-thirds (67%) of respondents now store sensitive data or…
Read More

InfoSec News Nuggets 07/14/2022

Joshua Schulte: Former CIA hacker convicted of 'brazen' data leak Joshua Schulte was convicted of sending the CIA's "Vault 7" cyber-warfare tools to the whistle-blowing platform. He had denied the allegations. The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices. Prosecutors said the leak was one of the most "brazen" in US history. Damian Williams, the US attorney for the Southern District of New…
Read More