InfoSec News Nuggets 11/29/2023

  Cybercriminals Hesitant About Using Generative AI  Cybercriminals are so far reluctant to use generative AI to launch attacks, according to new research by Sophos. Examining four prominent dark-web forums for discussions related to large language models (LLMs), the firm found that threat actors showed little interest in using these tools, and even expressed concerns about the wider risks they pose. In two of the forums included in the research, just 100 posts on AI were found.…
Read More

InfoSec News Nuggets 11/06/2023

Discord will switch to temporary file links to block malware delivery  Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware. "Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content,…
Read More

InfoSec News Nuggets 09/05/2023

Chrome extensions can steal plaintext passwords from websites  A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation. Additionally, the researchers found that numerous websites with millions of visitors,…
Read More

InfoSec News Nuggets 12/21/2022

Russian hackers attempted to breach petroleum refining company in NATO country, researchers say A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto’s Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like “military assistance,” according to the report, which provides…
Read More

InfoSec News Nuggets 04/20/2022

Court reaffirms that data scraping isn't hacking in LinkedIn appeal The Ninth Circuit Court of Appeals on Monday reaffirmed a 2019 ruling that LinkedIn could not ban competitor hiQ Labs from scraping publicly available data on its platform by citing federal hacking laws. The case dates back to a 2019 lawsuit by HiQ Labs to block a cease-and-desist letter from LinkedIn aimed at halting the company from scraping public data from the social networking site. The…
Read More

InfoSec News Nuggets 03/23/2022

Italy Investigates Russia's Kaspersky Antivirus Software Italy's data privacy watchdog said Friday it was investigating the "potential risks" that Russian antivirus software Kaspersky could be used to launch cyberattacks. It followed what it called "alarms sounded by many Italian and European organisations specialised in computer security" over the potential use of Kaspersky software for hacking assaults in the wake of Russia's invasion of Ukraine. The watchdog has asked the company to provide details on the…
Read More