InfoSec News Nuggets 11/14/2022

NSA urges orgs to use memory-safe programming languages The US National Security Agency (NSA) has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift. "NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency. The org's main…
Read More

InfoSec News Nuggets 11/01/2021

All Windows versions impacted by new LPE zero-day vulnerability A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions. The good news is that the exploit requires a threat…
Read More

InfoSec News Nuggets 09/24/2021

A new APT is targeting hotels across the world A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world. Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019. “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil,…
Read More

InfoSec News Nuggets 03/29/2021

Credit Card Hacking Forum Gets Hacked, Exposing 300,000 Hackers’ Accounts Carding Mafia, a forum for stealing and trading credit cards has been hacked, exposing almost 300,000 user accounts, according to data breach notification service Have I Been Pwned. The data breach allegedly exposed the email addresses, IP addresses, usernames, and hashed passwords of 297,744 users. Have I Been Pwned announced the data breach on Tuesday, saying the breach happened last week. On the Carding Mafia forum and its public…
Read More

InfoSec News Nuggets 02/26/2021

The NYPD Sent a Creepy Robotic Dog Into a Bronx Apartment Building The largest police department in the country deployed its new K-9 companion into a Bronx apartment building while responding to a home invasion early Tuesday morning. But this particular K-9 wasn’t as cute, cuddly or even furry like its mammalian colleagues. Instead, this good boy features four metal and rubber legs, a face only perhaps only a Cylon could love, and all the grace…
Read More

InfoSec News Nuggets 02/04/2021

SCIENTISTS HAVE TAUGHT SPINACH TO SEND EMAILS AND IT COULD WARN US ABOUT CLIMATE CHANGE Through nanotechnology, engineers at MIT in the US have transformed spinach into sensors capable of detecting explosive materials. These plants are then able to wirelessly relay this information back to the scientists. When the spinach roots detect the presence of nitroaromatics in groundwater, a compound often found in explosives like landmines, the carbon nanotubes within the plant leaves emit a signal. This…
Read More

InfoSec News Nuggets 7/1/2020

Roblox accounts being hacked in support of Trump reelection A hacking campaign is targeting Roblox accounts to support President Trump in the upcoming U.S. Presidential elections in November. Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform. While used by people of all…
Read More

InfoSec News Nuggets 1/28/2020

1 - Leaked Documents Expose the Secretive Market for Your Web Browsing Data An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in…
Read More

InfoSec News Nuggets 11/06/2019

1 - Porcelain business raises suspicion amid China’s blockchain renaissance A porcelain and education business has attracted the suspicion of Chinese regulators after its stock recently boomed, CoinDesk reports. Guangdong Great Wall Group’s stock price rose for five consecutive days after Chinese President Xi Jinping encouraged civilians to embrace blockchain technology — and is now under investigation by the China Securities Regulatory Commission (CSRC). Founded in 1996, Great Wall Group started off as a creative porcelain business. However, its 2018 annual report, featured…
Read More

InfoSec News Nuggets 10/03/2019

How an AI trained to read scientific papers could predict future discoveries In the new study, an AI learned to retrieve information from scientific literature via unsupervised learning. This has remarkable implications. So far, most of the existing automated NLP-based methods are supervised, requiring input from humans. Despite being an improvement compared to a purely manual approach, this is still a labour intensive job. However, in the new study, the researchers created a system that…
Read More

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More