05 Sep 2023
By Mary

InfoSec News Nuggets 09/05/2023

Chrome extensions can steal plaintext passwords from websites  A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors,…
Read More
21 Dec 2022
By Mary

InfoSec News Nuggets 12/21/2022

Russian hackers attempted to breach petroleum refining company in NATO country, researchers say A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto’s Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like “military assistance,” according to the report, which provides…
Read More
20 Apr 2022
By Mary

InfoSec News Nuggets 04/20/2022

Court reaffirms that data scraping isn't hacking in LinkedIn appeal The Ninth Circuit Court of Appeals on Monday reaffirmed a 2019 ruling that LinkedIn could not ban competitor hiQ Labs from scraping publicly available data on its platform by citing federal hacking laws. The case dates back to a 2019 lawsuit by HiQ Labs to block a cease-and-desist letter from LinkedIn aimed at halting the company from scraping public data from the social networking site. The…
Read More
23 Mar 2022
By Mary

InfoSec News Nuggets 03/23/2022

Italy Investigates Russia's Kaspersky Antivirus Software Italy's data privacy watchdog said Friday it was investigating the "potential risks" that Russian antivirus software Kaspersky could be used to launch cyberattacks. It followed what it called "alarms sounded by many Italian and European organisations specialised in computer security" over the potential use of Kaspersky software for hacking assaults in the wake of Russia's invasion of Ukraine. The watchdog has asked the company to provide details on the…
Read More