31 Jul 2025
By Mary

InfoSec News Nuggets 7/31/2025

California Finalizes Groundbreaking Regulations on AI, Risk Assessments, and Cybersecurity After much anticipation, the California Privacy Protection Agency has finalized the regulations on automated decisionmaking technologies (ADMT), risk assessments, and cybersecurity audits pursuant to the California Consumer Privacy Act (CCPA), with staggered compliance timelines for each set of requirements. Although the final regulations removed all references to the term “artificial intelligence,” the ADMT provisions remain a groundbreaking attempt to regulate AI technologies—particularly those used to…
Read More
24 Apr 2024
By Mary

InfoSec News Nuggets 4/24/2024

Mandiant: Orgs are detecting cybercriminals faster than ever The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today. The cyber shop says the downward trend continues from last year's 16 days and should be seen as "a big victory for the good guys," but a deeper look into the underlying data shows there are still some obvious issues at play. For one, the…
Read More
25 Jan 2024
By Mary

InfoSec News Nuggets 1/25/2024

News media, foreign affairs experts are targets of North Korean group’s latest campaign  North Korean state hackers are targeting media organizations and high-profile academics in a new espionage campaign, according to a new report released this week. The goal of these attacks, attributed by researchers at SentinelLabs to a hacker group known as ScarCruft or APT37, is to “gather strategic intelligence” that can “contribute to North Korea’s decision-making processes.” ScarCruft is a suspected North Korean state-sponsored group with a history of attacks…
Read More
15 Mar 2023
By Mary

InfoSec News Nuggets 03/15/2023

Cybercriminals exploit SVB collapse to steal money and data  The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. As multiple security researchers report, threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks.    Two U.S. Men Charged in 2022 Hacking of…
Read More
14 Mar 2023
By Mary

InfoSec News Nuggets 03/14/2023

CASPER attack steals data using air-gapped computer's internal speaker  Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec. The CASPER attack leverages the internal speakers inside the target computer as the data transmission channel to transmit high-frequency audio that the human ear cannot hear and convey binary or Morse code…
Read More
05 Aug 2022
By Mary

InfoSec News Nuggets 08/05/2022

Scammers Sent Uber to Take Elderly Lady to the Bank Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.  In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go…
Read More
10 Jun 2021
By Mary

InfoSec News Nuggets 06/10/2021

American Heart Association study confirms Apple's MagSafe tech poses a risk to cardiac devices What just happened? Apple has already warned users with fitted medical devices to be careful where they place their iPhone 12, and now the American Heart Association (AHA) has shown why people should heed this advice. The AHA's study also suggests the handsets pose a bigger risk than older iPhones, something Apple claimed isn't the case. Back in January, Apple said that…
Read More
07 Jun 2021
By Mary

InfoSec News Nuggets 06/07/2021

Colonial Pipeline Hackers Used Unprotected VPN to Access Network The ransomware attack that took down the Colonial Pipeline and caused fuel shortages on the East Coast worked because of an unprotected Virtual Private Network (VPN). The criminal gang of hackers known as DarkSide who took responsibility for the attack gained access to the Pipeline's system through an unprotected VPN account that had been set up to allow employees to access the company's computer networks remotely, according to…
Read More
02 Feb 2021
By Mary

InfoSec News Nuggets 02/02/2021

Check if your photos were used to develop facial recognition systems with this free tool If you’ve uploaded any photos to the web in recent years, there’s a good chance they’ve been used to build facial recognition systems. Developers routinely train facial recognition algorithms on images from websites — without the knowledge of the people who posted them. A new online tool called Exposing.AI can help you find out if your photos are among the snaps they’re…
Read More
14 Jan 2021
By Mary

InfoSec News Nuggets 01/14/2021

The billionaires' brawl over satellite broadband Elon Musk is under siege by fellow billionaires at Amazon and Dish as he tries to get his fledgling space-based broadband service off the ground, with clashes involving airwave overload and the threat of satellite collisions. Musk's Starlink service could extend broadband to unconnected customers in hard-to-reach rural areas. But competitors are pressing the Federal Communication Commission to stymie Musk's plans. The Federal Communications Commission voted Tuesday evening to explore letting companies…
Read More
25 Sep 2020
By Mary

InfoSec News Nuggets 09/25/2020

Shopify discloses security incident caused by two rogue employees Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees. The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants). Shopify estimated the number of stores that might be affected by the employees' actions at less than 200. The company boasted more…
Read More