01 Oct 2025
By Mary

InfoSec News Nuggets 10/01/2025

Canadian Airline WestJet Says Hackers Stole Customer Data  Canadian airline WestJet this week confirmed that customer personal information was stolen in a June 2025 cyberattack. The incident, disclosed on June 13, involved unauthorized access to several internal systems and impacted the availability of WestJet’s application and website. The airline’s operations were not affected by the attack, and WestJet restored access to its application and website roughly two days after the incident. In July, WestJet said the incident had been…
Read More
06 Aug 2025
By Mary

InfoSec News Nuggets 8/6/2025

Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto SentinelLABS has identified widespread and ongoing cryptocurrency scams in which actors advertise a crypto trading bot that conceals a smart contract designed to steal the victim’s funds. The scams are marketed through YouTube videos which explain the purported nature of the crypto trading bot and explain how to deploy a smart contract on the Remix Solidity Compiler platform, a web-based integrated development…
Read More
27 May 2025
By Mary

InfoSec News Nuggets 5/27/2025

A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon When the news broke that a Chinese hacking group known as Salt Typhoon had penetrated multiple U.S. telecommunications networks, gained access to the phones of a presidential campaign, and collected geolocation data on high-value targets around Washington D.C., one of the first questions on the minds of executives and U.S. officials was how long it would take to kick…
Read More
22 Nov 2024
By Mary

InfoSec News Nuggets 11/22/2024

Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause' The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one telling exception. The Draft Statement of Strategic Priorities for online safety places an emphasis on platform providers preventing online harms in the first place, and collaborating with regulator Ofcom on how the new…
Read More
04 Oct 2024
By Mary

InfoSec News Nuggets 10/04/2024

Iranians Accused of Hacking US Presidential Campaigns; $10 Million Offered for Info on their Location The Justice Department announced that three Iranian nationals and Islamic Revolutionary Guard Corps (IRGC) employees, at the same time, have been indicted for hacking accounts belonging to US officials, journalists, and individuals associated with US political campaigns. Several reports of hacks related to political campaigns have surfaced in recent months as unknown hackers breached various systems and networks, then stole…
Read More
10 Nov 2023
By Mary

InfoSec News Nuggets 11/10/2023

NIST releases revised cyber requirements for controlled unclassified information  The National Institute of Standards and Technology on Thursday released draft guidance for protecting sensitive unclassified information, outlining revised cybersecurity requirements for federal agencies and government contractors to take when it comes to safeguarding government data. The proposed guidelines are the third iteration of NIST’s standards and practices for protecting controlled unclassified information — or CUI — which refers to government-owned or created data that is not…
Read More
18 Aug 2022
By Mary

InfoSec News Nuggets 08/18/2022

In Post Roe v. Wade Era, Mozilla Labels 18 of 25 Popular Period and Pregnancy Tracking Tech With *Privacy Not Included Warning Eighteen out of 25 reproductive health apps and wearable devices that Mozilla investigated for privacy and security practices received a *Privacy Not Included warning label. These findings raise concerns in the post-Roe landscape that data could be used by authorities to determine if users are pregnant, seeking abortion information or services, or crossing state lines…
Read More
25 Jun 2021
By Mary

InfoSec News Nuggets 06/25/2021

NIST Publishes Ransomware Guidance The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks. The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. NIST's Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can…
Read More
30 Jul 2020
By Mary

InfoSec News Nuggets 7/30/2020

A Cyberattack on Garmin Disrupted More Than Workouts ON THURSDAY, HACKERS hit the navigation and fitness giant Garmin with a ransomware attack that took down numerous services across the company. Garmin Connect, the cloud platform that syncs user activity data, went dark, as did portions of Garmin.com. But as athletes found themselves unable to record runs and workouts, pilots who use Garmin products for position, navigation, and timing services in airplanes were dealing with their own problems.  …
Read More
06 Feb 2020
By Mary

InfoSec News Nuggets 2/6/2020

1 - Maze ransomware publicly shaming victims into paying At least five law firms have been hit and held hostage by the Maze ransomware group in the last four days with these attacks being part of a wider campaign possibly affecting between 45 and 180 total victims in January. Maze is using a somewhat unique tactic with its latest victims. Instead of simply placing a ransom note on the infected system and waiting for payment,…
Read More
24 Jan 2020
By Mary

InfoSec News Nuggets 1/24/2020

1 - Soft robotic hands may soon have a firm grip on the industry Soft Robotics, a company that develops enterprise level soft robotic grippers for a variety of materials handling and pick and place applications, is on a roll. After securing a high level strategic partnership in 2019, the company has announced an oversubscribed Series B worth $23M. Back in December, Soft Robotics rolled out an innovative adaptable gripper system designed especially to work with FANUC robots…
Read More
08 Oct 2019
By Mary

InfoSec News Nuggets 10/08/2019

Signal patches Android bug that allowed hackers to answer calls on your behalf  Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end. Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls. Signal has since patched the…
Read More