07 Dec 2021
By Mary

InfoSec News Nuggets 12/07/2021

SolarWinds hackers have a whole bag of new tricks for mass compromise attacks Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 of its highest-profile customers, including nine US federal agencies. Nobelium—the name Microsoft gave to the intruders—was eventually expelled, but the group never gave up…
Read More
13 Sep 2021
By Mary

InfoSec News Nuggets 09/13/2021

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware Symantec, part of Broadcom Software, has linked the recently discovered Sidewalk backdoor to the China-linked Grayfly espionage group. The malware, which is related to the older Crosswalk backdoor (Backdoor.Motnug) has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico. A feature of this recent campaign was that a large number of targets were in the telecoms sector. The…
Read More
01 Apr 2021
By Mary

InfoSec News Nuggets 04/01/2021

Research shows Google collects 20x more data from Android than Apple collects from iOS Tech companies have been talking more about privacy in recent years, and Apple proudly says that it protects user data more than anyone else. This week, new research by Douglas Leith from Trinity College showed that Google collects up to 20 times more data from Android users compared to the data Apple collects from iOS users.  As reported by Ars Technica, the…
Read More
23 Mar 2021
By Mary

InfoSec News Nuggets 03/23/2021

Popular remote lesson monitoring program could be exploited to attack student PCs Researchers have uncovered a slew of critical vulnerabilities in remote monitoring software -- an incident made worse as it could impact student safety and privacy.  On Monday, McAfee disclosed the existence of multiple security holes in Netop Vision Pro, popular monitoring software adopted by schools for teachers to control remote learning sessions. The software is marketed for teachers to keep control of lessons. Features include…
Read More
24 Feb 2021
By Mary

InfoSec News Nuggets 02/24/2021

Cybersecurity and online gaming: Don’t be a victim The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is…
Read More
07 Jan 2021
By Mary

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More
23 Dec 2020
By Mary

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio,…
Read More
15 Dec 2020
By Mary

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More