03 Feb 2021
By Mary

InfoSec News Nuggets 02/03/2021

Facebook strikes back against Apple privacy change, prompts users to accept tracking to get ‘better ads experience’ With a forthcoming update to iOS 14, each app that wants to use these identifiers will ask users to opt in to tracking when the app is first launched. If users opt out, it will make these ads a lot less effective. Facebook has warned investors that these looming changes could hurt its advertising business as soon as this quarter.…
Read More
02 Feb 2021
By Mary

InfoSec News Nuggets 02/02/2021

Check if your photos were used to develop facial recognition systems with this free tool If you’ve uploaded any photos to the web in recent years, there’s a good chance they’ve been used to build facial recognition systems. Developers routinely train facial recognition algorithms on images from websites — without the knowledge of the people who posted them. A new online tool called Exposing.AI can help you find out if your photos are among the snaps they’re…
Read More
01 Feb 2021
By Mary

InfoSec News Nuggets 02/01/2021

New Spotify Patent Involves Monitoring Users’ Speech to Recommend Music Spotify has been granted a patent with technology that aims to use recordings of users’ speech and background noise to determine what kind of music to curate and recommend to them, Music Business Worldwide reports. The company filed for the patent in 2018; it was approved on January 12, 2021. The patent outlines potential uses of technology that involves the extraction of “intonation, stress, rhythm, and the likes of units…
Read More
29 Jan 2021
By Mary

InfoSec News Nuggets 01/29/2021

Arrest, Seizures Tied to Netwalker Ransomware U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a…
Read More
28 Jan 2021
By Mary

InfoSec News Nuggets 01/28/2021

23M Gamer Records Exposed in VIPGames Leak VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left exposed thanks to a cloud misconfiguration, according to a new report from WizCase. Aside from its desktop users, VIPGames…
Read More
27 Jan 2021
By Mary

InfoSec News Nuggets 01/27/2021

North Korean hackers are targeting security researchers with malware, 0-days A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google's Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware. The threat actors create fake Twitter profiles and blogs to…
Read More
26 Jan 2021
By Mary

InfoSec News Nuggets 01/26/2021

Apple launches ‘Time to Walk’ for Fitness+ with Dolly Parton, Draymond Green, others Apple today launched a new component of Fitness+ designed to get people out of their homes and away from their TVs. Called Time to Walk, it’s the first outdoor component of Fitness+ and opens the service up to a new world of workouts. Apple seemingly goes out of its way to not call them podcasts, but Time to Walk is a very much in the vein.…
Read More
25 Jan 2021
By Mary

InfoSec News Nuggets 01/25/2021

After big hack of U.S. government, Biden enlists 'world class' cybersecurity team President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Disclosed in December, the hack struck eight federal agencies and numerous companies, including software provider SolarWinds Corp. U.S. intelligence agencies…
Read More
22 Jan 2021
By Mary

InfoSec News Nuggets 01/22/2021

Vehicle Manufacturers Face Cybersecurity Challenges Over the last several decades, there have been significant advancements in automotive technology. Today’s vehicles are equipped with more and more sophisticated computer systems than ever before. But as our reliance on technology continues to grow, so does the potential for cybersecurity attacks and resulting litigation. That’s why it’s becoming increasingly important for car manufacturers to pay close attention to the legal landscape. One recent case illustrates what’s going on.…
Read More
21 Jan 2021
By Mary

InfoSec News Nuggets 01/21/2021

Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered The pandemic has brought existential conversations to the forefront in recent months. However, in an increasingly virtual world, threats are no longer reserved for the physical universe we occupy and cybersecurity breaches are increasingly common. It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered…
Read More
20 Jan 2021
By Mary

InfoSec News Nuggets 01/20/2021

How one hacker's push to secure the internet became a crucial part of Mac, Linux, and Windows operating systems Jason A. Donenfeld is relentlessly curious about everything, from ancient cities to cutting edge cryptography. When he's not developing WireGuard, known as the most secure VPN protocol in the world, the security researcher enjoys exploring the vast network of centuries-old limestone tunnels beneath Paris. Donenfeld, who is 32, originally came to Paris in 2010, after landing…
Read More
19 Jan 2021
By Mary

InfoSec News Nuggets 01/19/2021

Nine Attention-Grabbing Inventions Unveiled at This Year’s CES Like school, work conferences and visiting your grandparents, this year’s Consumer Electronics Show (CES) has been virtual-only. So instead of gathering in hangar-sized Las Vegas expo halls, those wishing to check out the year’s crop of tech and gadget debuts can simply tune in online. Some of these technologies will never catch on. Others may one day be as ubiquitous as the Xbox, satellite radio and 3D printers, all…
Read More
15 Jan 2021
By Mary

InfoSec News Nuggets 01/15/2021

Apple drops 'exclusion list' which allowed its own apps to bypass firewalls The latest beta of macOS Big Sur has reportedly removed the contentious ability for Apple's own apps to bypass firewalls, and hide their network use. Apple's release of the macOS Big Sur 11.2 beta appears to show that the company is dropping a controversial network feature. In the current public version of Big Sur, 56 of Apple's own apps and system processes can use the internet…
Read More
14 Jan 2021
By Mary

InfoSec News Nuggets 01/14/2021

The billionaires' brawl over satellite broadband Elon Musk is under siege by fellow billionaires at Amazon and Dish as he tries to get his fledgling space-based broadband service off the ground, with clashes involving airwave overload and the threat of satellite collisions. Musk's Starlink service could extend broadband to unconnected customers in hard-to-reach rural areas. But competitors are pressing the Federal Communication Commission to stymie Musk's plans. The Federal Communications Commission voted Tuesday evening to explore letting companies…
Read More
13 Jan 2021
By Mary

InfoSec News Nuggets 01/13/2021

Mac malware uses 'run-only' AppleScripts to evade analysis A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. Yet, analyzing it is difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code a tall order. A recently observed variant…
Read More
12 Jan 2021
By Mary

InfoSec News Nuggets 01/12/2021

Securing Wi-Fi at Home To create a secure home network, you need to start by securing your Wi-Fi access point (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi-Fi to create a far more secure home network for you and your family.   Can Artificial Intelligence Help Us Fight Fake News? Fake news and…
Read More
11 Jan 2021
By Mary

InfoSec News Nuggets 01/11/2021

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies Audrey Strauss, the Acting United States Attorney for the Southern District of New York, announced today that ANDREI TYURIN, a/k/a “Andrei Tiurin,” was sentenced in Manhattan federal court to 144 months in prison for computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with…
Read More
08 Jan 2021
By Mary

InfoSec News Nuggets 01/08/2021

Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That? On Wednesday, hundreds of Donald Trump supporters rioted and stormed the Capitol, getting into the Senate and the offices of some lawmakers, who were hastily evacuated. Given how quickly some staffers and lawmakers had to leave, some of them left their computers unlocked and unattended, and some of the terrorists were photographed in front of them. Cybersecurity experts now worry that the rioters had a chance to get their…
Read More
07 Jan 2021
By Mary

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More
06 Jan 2021
By Mary

InfoSec News Nuggets 01/06/2021

One Million Compromised Accounts Found at Top Gaming Firms Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue. After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side. This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal…
Read More
05 Jan 2021
By Mary

InfoSec News Nuggets 01/05/2021

20 years of tech with Jeff: From green iMacs and DVDs to the iPhone era My stint started in 2000 – I began at USA TODAY earlier, covering entertainment – when we spent a lot of time talking about the big three tech companies: AOL, Yahoo and Microsoft. AOL had just shocked the world by buying Time Warner for $165 billion. (You know how well that turned out. But I digress.) We did use computers, yes indeed,…
Read More
04 Jan 2021
By Mary

InfoSec News Nuggets 01/04/2021

Apply brakes to Apple Car expectations, analyst says The idea of an Apple Car landing in showrooms hit the headlines again last week when a Reuters report suggested the tech giant is aiming to have an electric vehicle (EV) with autonomous capabilities ready for market in 2024. But a new research note from respected Apple analyst Ming-Chi Kuo suggests the car’s precise design specifications have yet to be decided, adding that any such vehicle may not arrive until 2028…
Read More
28 Dec 2020
By Mary

InfoSec News Nuggets 12/28/2020

Five Solution Providers Breached By SolarWinds Hackers Deloitte, Stratus Networks, Digital Sense, ITPS and Netdecisions were breached via SolarWinds and then specifically targeted by the hackers for additional internal compromise, according to a cybersecurity consultancy. The Sweden-based firm, Truesec, analyzed the malware — as well as historical network data — to determine which firms were explicitly selected by the SolarWinds hackers for further activities, meaning that additional internal compromise could have taken place. Nearly 18,000 firms were…
Read More
24 Dec 2020
By Mary

InfoSec News Nuggets 12/24/2020

FireEye's Mandia on SolarWinds hack: 'This was a sniper round' The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special…
Read More
23 Dec 2020
By Mary

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio,…
Read More
22 Dec 2020
By Mary

InfoSec News Nuggets 12/22/2020

Zoom Says It’s Being Probed by SEC, Two U.S. Attorneys Offices Zoom Video Communications Inc. said it has provided information to multiple U.S. prosecutors and regulators regarding interactions with China and other overseas governments, as well as security and user privacy matters. The U.S. Securities and Exchange Commission and two U.S. Attorney’s offices have been investigating Zoom for months, the San Jose, California-based company said Friday in a blog post and a filing. The videoconferencing company disclosed the…
Read More
21 Dec 2020
By Mary

InfoSec News Nuggets 12/21/2020

Nuclear weapons agency breached amid massive cyber onslaught The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said. On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by…
Read More
18 Dec 2020
By Mary

InfoSec News Nuggets 12/18/2020

Google sued by 10 states for alleged "anti-competitive conduct" in advertising Ten states on Wednesday brought a lawsuit against Google, accusing the search giant of "anti-competitive conduct" in the online advertising industry, including a deal to manipulate sales with rival Facebook. Texas Attorney General Ken Paxton announced the suit, which was filed in a federal court in Texas, saying Google is using its "monopolistic power" to control pricing of online advertisements, fixing the market in…
Read More
17 Dec 2020
By Mary

InfoSec News Nuggets 12/17/2020

Microsoft and industry partners seize key domain used in SolarWinds hack Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. According…
Read More
16 Dec 2020
By Mary

InfoSec News Nuggets 12/16/2020

Amazon, TikTok, Facebook, Others Ordered To Explain What They Do With User Data The Federal Trade Commission is demanding that nine social media and tech companies share details on how they harness users' data and what they do with the information. Amazon.com, TikTok owner ByteDance, Discord, Facebook, Reddit, Snap, Twitter, WhatsApp (also owned by Facebook), and YouTube were sent orders by the FTC on Monday to provide the commission with details on their data collection and advertising…
Read More
15 Dec 2020
By Mary

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More
14 Dec 2020
By Mary

InfoSec News Nuggets 12/14/2020

Facebook links APT32, Vietnam's primary hacking group, to local IT firm In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today's most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect users. "Our investigation linked this activity to CyberOne Group, an…
Read More
11 Dec 2020
By Mary

InfoSec News Nuggets 12/11/2020

Hackers steal data on Pfizer Covid-19 vaccine The manufacturers of one of the leading Covid-19 vaccines has admitted that it has been targeted in an apparent cyberattack. US firm Pfizer and its German partner BioNTech, which collectively have developed the first Covid vaccine to achieve approval in the West, confirmed that documents related to the vaccine’s development had been “unlawfully accessed.” Little information is known about the attack, including likely instigators, or when and how the attack…
Read More
10 Dec 2020
By Mary

InfoSec News Nuggets 12/10/2020

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers at Forescout and dubbed Amnesia-33, are buried deep in the supply chain: third-party software used in components…
Read More
09 Dec 2020
By Mary

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe…
Read More
08 Dec 2020
By Mary

InfoSec News Nuggets 12/08/2020

China bans encryption exports – including quantum and key management tech China has restricted export of encryption technologies in the first list on new items published under new export control laws. The list, which The Register has passed through two machine translation services, restricts exports of VPNs, chips with encryption functions used in finance industry applications, key management products and cryptanalysis equipment. Dedicated password-generating hardware also cannot leave the Middle Kingdom without approval. Quantum cryptographic equipment is also…
Read More
07 Dec 2020
By Mary

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners…
Read More
04 Dec 2020
By Mary

InfoSec News Nuggets 12/04/2020

IBM warns hackers targeting COVID vaccine 'cold chain' supply process IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus. The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with…
Read More
03 Dec 2020
By Mary

InfoSec News Nuggets 12/03/2020

5G rollout faster than expected; will reach a billion people this year The super-fast technology reached more customers this year than expected and will cover about 60% of the global population by 2026, according to a new report from Ericsson. That makes 5G the fastest deployed mobile network ever, the Swedish networking giant said. By the end of this year, there will be 218 million 5G subscriptions around the world, up from Ericsson’s forecast in…
Read More
02 Dec 2020
By Mary

InfoSec News Nuggets 12/02/2020

Developers can now run macOS apps in an Amazon EC2 instance running on an Intel Mac mini Amazon EC2 Mac instances enable customers to run on-demand macOS workloads in the cloud for the first time, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. With EC2 Mac instances, developers creating apps for iPhone, iPad, Mac, Apple Watch, Apple TV, and Safari can provision and access macOS environments within minutes, dynamically scale…
Read More
01 Dec 2020
By Mary

InfoSec News Nuggets 12/01/2020

Gift card hack exposed – you pay, they play As you probably know, gift cards that you purchase online are typically delivered by email to a recipient of your choosing as a secret code and a registration link. So, receiving a gift card code is a bit like getting hold of the number, expiry date and security code from a prepaid credit card – loosely speaking, whoever has the code can spend it. Although gift…
Read More
30 Nov 2020
By Mary

InfoSec News Nuggets 11/30/2020

Networking equipment vendor Belden discloses data breach American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.  The intrusion was detected after the company's IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well…
Read More
25 Nov 2020
By Mary

InfoSec News Nuggets 11/25/2020

Top Biden adviser seen as making tech regulation more likely President-elect Joe Biden’s top technology adviser helped craft California’s landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two key tech policy issues.  Bruce Reed, a former Biden chief of staff who is expected to take a major role in the new administration, helped negotiate with the…
Read More
24 Nov 2020
By Mary

InfoSec News Nuggets 11/24/2020

Apple accuses Facebook of 'disregard for user privacy' Apple has criticised Facebook for trying to “collect as much data as possible” from users, saying it will push ahead with its planned launch of a new privacy feature despite objections from the advertising industry. The company’s director of global privacy, Jane Horvath, made the criticism in a letter to a coalition of privacy groups, reassuring them that the feature, which will require users to actively allow developers to…
Read More
23 Nov 2020
By Mary

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More
20 Nov 2020
By Mary

InfoSec News Nuggets 11/20/2020

Facebook AI catches 95% of hate speech, still wants mods back in office Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn the world's biggest social media company is putting them into unsafe working conditions. About 95 percent of hate speech on Facebook gets caught…
Read More
19 Nov 2020
By Mary

InfoSec News Nuggets 11/19/2020

Hacking group exploits ZeroLogon in automotive, industrial attack wave The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper. Historically, the threat group -- first discovered in 2009 and one that the US believes may be sponsored by the Chinese government -- has targeted organizations connected to Japan, and this latest attack wave appears to be no different. Symantec researchers have documented companies and their subsidiaries…
Read More
18 Nov 2020
By Mary

InfoSec News Nuggets 11/18/2020

DarkSide ransomware is creating a secure data leak service in Iran The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack…
Read More
17 Nov 2020
By Mary

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More
16 Nov 2020
By Mary

InfoSec News Nuggets 11/16/2020

Microsoft says it’s time for you to stop using SMS and voice calls for multi-factor authentication Multi-factor authentication makes it much harder for hackers to break their way into your online accounts, even if they already know your password. An online account protected by MFA will prompt you to enter a separate one-time code – often constructed out of six random digits that expire after a short period of time – after you have entered…
Read More