16 Jun 2025
By Mary

InfoSec News Nuggets 6/16/2025

Fog ransomware attacks use employee monitoring tool to break into business networks  Fog ransomware operators have expanded their arsenal to include legitimate and open source tools. This is, most likely, to avoid being detected before deploying the encryptor. Security researchers from Symantec were recently brought in to investigate a Fog ransomware infection, and determined the hackers used Syteca, a legitimate employee monitoring tool, during the attack. This program, previously known as Ekran, records screen activity and keystrokes, and hasn’t been seen…
Read More
30 May 2025
By Mary

InfoSec News Nuggets 5/30/2025

Google warns of Vietnam-based hackers using bogus AI video generators to spread malware Fake AI-powered video generators are being used to spread infostealers and other types of malware, Google researchers have found. A group of cybercriminals created a network of fraudulent websites masquerading as cutting-edge AI tools and then bought ads on social media platforms to promote the sites, the researchers said.  Experts from the tech giant’s Mandiant unit published a report backing previous assessments by Facebook and…
Read More
09 Jan 2025
By Mary

InfoSec News Nuggets 1/9/2025

Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools and software to steal personal and financial information from victims in the Middle East. The modus operandi of the scam involves these scammers posing as government officials, gaining the trust of their targets by offering to help them claim refunds for unsatisfactory purchases. In return, scammers end up…
Read More
18 Nov 2024
By Mary

InfoSec News Nuggets 11/18/2024

Hackers now sending physical malicious letters, Swiss authorities warn Is there anything threat actors won’t do to gain initial access? Swiss authorities are warning about a new sophisticated cybersecurity threat – malicious counterfeit letters. Cyber bandits have launched a malicious campaign across Switzerland using counterfeit letters that appear to be from MeteoSwiss (the Federal Office of Meteorology and Climatology). The victims report that the letters contain a QR code asking recipients to download a new…
Read More
01 Oct 2024
By Mary

InfoSec News Nuggets 10/01/2024

Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would  provide $1.3 billion for the Department of Health and Human Services (HHS) to support hospitals and create…
Read More
16 Aug 2024
By Mary

InfoSec News Nuggets 8/16/2024

Ex-Google CEO says successful AI startups can steal IP and hire lawyers to ‘clean up the mess’  Former Google CEO and chairman Eric Schmidt has made headlines for saying that Google was blindsided by the early the rise of ChatGPT because its employees decided that “working from home was more important than winning.” The comment was made in front of Stanford students during a recent interview, video of which was removed from the university’s YouTube channel after Schmidt’s…
Read More
21 Sep 2023
By Mary

InfoSec News Nuggets 09/21/2023

Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price." Brad and Dusti Pearce admitted one count of conspiracy to commit wire fraud and each face a maximum penalty of 20 years in prison. After agreeing to a plea deal, the Pearces must…
Read More
27 Jun 2023
By Mary

InfoSec News Nuggets 06/27/2023

The tech flaw that lets hackers control surveillance cameras In a darkened studio inside the BBC's Broadcasting House in London, a man sits at his laptop and enters his password. Thousands of miles away, a hacker is watching everything he types. Next, the BBC employee picks up his mobile phone and enters the passcode. The hacker now has that, too. A security flaw in the surveillance camera on the ceiling - manufactured by the Chinese…
Read More
02 May 2023
By Mary

InfoSec News Nuggets 05/02/2023

Hackers leak images to taunt Western Digital's cyberattack response The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "cannot stand anymore" if a ransom was not paid.…
Read More
20 Jan 2023
By Mary

InfoSec News Nuggets 01/20/2023

Bank of America starts restoring missing Zelle transactions  Bank of America has started to restore missing Zelle transactions that suddenly disappeared from customers' bank accounts this morning, causing some to dip into negative balances. The outage began at approximately 7 AM ET today, with BoA customers suddenly finding their account balances had decreased after recent Zelle transactions disappeared. This led to reports on DownDetector, Reddit, and Twitter from hundreds of customers missing their Zelle transactions.    More Ransomware Victims Are Refusing…
Read More
19 Dec 2022
By Mary

InfoSec News Nuggets 12/19/2022

Social Blade Confirms Breach After Hacker Offers to Sell User Data Social media analytics service Social Blade has confirmed a security breach after a hacker offered to sell a database allegedly stolen from the company’s systems. Social Blade monitors tens of millions of social media accounts, including on YouTube, Twitter, Twitch, Instagram, Facebook, and TikTok. The company helps content creators boost their channel’s popularity. The Social Blade database was offered for sale on a hacker…
Read More
14 Apr 2022
By Mary

InfoSec News Nuggets 04/14/2022

A SERIES OF PATENT LAWSUITS IS CHALLENGING THE HISTORY OF MALWARE DETECTION In early March, cybersecurity firm Webroot and its parent company OpenText launched a series of patent litigation containing some eye-opening claims. Filed March 4th in the famously patentholder-friendly Western District of Texas court, the four lawsuits claim that techniques fundamental to modern malware detection are based on patented technology — and that the company’s competitors are infringing on intellectual property rights with their implementation of network…
Read More
29 Dec 2021
By Mary

InfoSec News Nuggets 12/29/2021

T-Mobile welcomed Christmas with its second data breach in less than six months T-Mobile may have enjoyed another solid year in terms of subscriber growth, 5G network expansion, speed boosts, and various other technological breakthroughs and advancements, but when it comes to customer support and especially security, 2021 has been a time of worrying decline and a tidal wave of negative publicity for the once mighty "Un-carrier." While the huge data breach identified back in August is likely to remain unrivaled…
Read More
30 Aug 2021
By Mary

InfoSec News Nuggets 08/30/2021

Microsoft warns thousands of cloud customers of exposed databases -emails Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure’s flagship Cosmos database. A research team at security company Wiz discovered it was able to…
Read More
17 Aug 2021
By Mary

InfoSec News Nuggets 08/17/2021

T-Mobile Investigating Claims of Massive Customer Data Breach T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers. The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller…
Read More
09 Jun 2021
By Mary

InfoSec News Nuggets 06/09/2021

Software bug to blame for global internet outage, Fastly says Fastly, the company behind a major global internet outage this week, said on Wednesday the incident was caused by a bug in its software that was triggered when one of its customers changed their settings. Tuesday’s outage raised questions about the reliance of the internet on a few infrastructure companies. Fastly’s issue knocked out high traffic sites including news providers such as The Guardian and…
Read More
01 Mar 2021
By Mary

InfoSec News Nuggets 03/01/2021

78% of top security leaders say their organizations are unprepared for a cyberattack Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in…
Read More
16 Jun 2020
By Mary

InfoSec News Nuggets 6/16/2020

Amazon CEO Jeff Bezos agrees to testify before antitrust hearing Amazon and a handful of other major tech companies are facing increased pressure from a series of investigations from the US House and Senate, the Justice Department and Federal Trade Commission into their potential monopolistic practices. For Amazon, the investigations have often focused on Amazon's use of private label items to compete against much smaller retailers on its platform. Calls for Bezos to testify before…
Read More