InfoSec News Nuggets 05/05/2022

Russia to Rent Tech-Savvy Prisoners to Corporate IT? Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies. Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan…
Read More

InfoSec News Nuggets 10/22/2021

FIN7 hackers set up a fake company to recruit for cyberattacks FIN7, a financially motivated Russian hacking group, has set up a fake company to lure unwitting IT specialists into supporting its continued expansion into ransomware, security researchers have found. According to researchers at Recorded Future’s Gemini Advisory unit, FIN7 — known for hacking into point-of-sale registers and stealing over $1 billion from millions of credit cards — is now operating under the guise of Bastion Secure, which claims…
Read More

InfoSec News Nuggets 08/27/2021

Quantum computers could read all your encrypted data. This 'quantum-safe' VPN aims to stop that To protect our private communications from future attacks by quantum computers, Verizon is trialing the use of next-generation cryptography keys to protect the virtual private networks (VPNs) that are used every day by companies around the world to prevent hacking. Verizon implemented what it describes as a "quantum-safe" VPN between one of the company's labs in London in the UK and a US-based…
Read More

InfoSec News Nuggets 09/08/2020

Apple delays privacy feature to opt out of online ad tracking until 2021 Apple is delaying the rollout of a proposed privacy tweak in iOS 14 that allows users to opt out of ad tracking until early next year. In a statement shared with TechCrunch and The Information, the iPhone maker said it’s doing so “to give developers the time they need to make the necessary changes.” The exact date when the policy would be enforced is expected…
Read More

InfoSec News Nuggets 08/14/2020

Network intruders selling access to high-value companies Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the…
Read More

InfoSec News Nuggets 3/3/2020

1 - Walgreens says mobile app leaked users' personal data Walgreens, the second-largest pharmacy store in the US, said on Friday that its official mobile app contained a bug that exposed the personal details of some of its users. The leak, described as "an error within the Walgreens mobile app personal secure messaging feature," exposed details such as first and last name, prescription details, store number, and shipping addresses, where available. "Our investigation determined that an internal…
Read More