InfoSec News Nuggets 11/11/2020

The Double-Edged Sword of Cybersecurity Insurance Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer…
Read More

InfoSec News Nuggets 7/8/2020

Companies start reporting ransomware attacks as data breaches Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.…
Read More

InfoSec News Nuggets 7/6/2020

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix. Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized applications. Software engineer and app…
Read More

InfoSec News Nuggets 4/3/2020

Cybercriminals targeting Zoom, Google and Teams domains Popular video conferencing applications such as Zoom, Teams and Google are seeing their names used by malicious actors to create newly registered fake domains with Zoom seemingly being singled out at this time. Since January 1 the security firm has seen about 1,700 new domains registered using the word “zoom” in some fashion with 25 percent of these new registrations happing in the last seven days. Cyber gangs…
Read More

InfoSec News Nuggets 3/27/2020

Ginp Mobile Banker Targets Spain with "Coronavirus Finder" Lure In today's deluge of malicious campaigns exploiting the COVID-19 topic, handlers of the Android banking trojan Ginp stand out with operation Coronavirus Finder. They prey on the anxiety generated by the massive spread of the virus and launch on infected devices a page claiming to show the location infected people nearby for a small fee. The purpose is to make victims provide payment card data in…
Read More

InfoSec News Nuggets 2/4/2020

1 - $20,000 up for grabs in Xbox Live security hole hunt Microsoft is inviting gamers, security researchers, and technologists to pit their wits against the Xbox network in the search for security vulnerabilities. With a newly-announced bug bounty, Microsoft is inviting bug hunters to responsibly disclose bugs and flaws that could potentially be exploited by criminals. The company’s hope is clearly that by strengthening the Xbox Live network it will improve the experience for the…
Read More

InfoSec News Nuggets 1/7/2020

1 - U.S. Government Issues Warning About Possible Iranian Cyberattacks Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq. "Given recent developments, re-upping our statement from the summer," Krebs said in a rare warning on Twitter.  "Bottom line: time to brush up on Iranian TTPs and pay close…
Read More

InfoSec News Nuggets 12/30/2019

1 - A Twitter app bug was used to match 17 million phone numbers to user accounts A security researcher said he has matched 17 million phone numbers to Twitter  user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. “If you upload your phone number, it fetches user data in return,” he told TechCrunch. He said…
Read More

InfoSec News Nuggets 12/13/2019

1 - ‘Canadian eyes only’ intelligence reports say Canadian leaders attacked in cyber campaigns Russia is one of the hostile foreign states that has targeted Canada in recent “cyber influence” campaigns, according to secret intelligence records obtained exclusively by Global News. The records from Canada’s Communications Security Establishment (CSE) — labelled “Secret: Canadian Eyes Only” — say that due to their policies in eastern Europe, then-Minister of Foreign Affairs Chrystia Freeland and Minister of National…
Read More

InfoSec News Nuggets 12/05/2019

1 - Messaging / Smishing Attacks One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself…
Read More