02 Jan 2024
By Mary

InfoSec News Nuggets 1/2/2024

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality   CloudSEK’s threat research team has reported a critical exploit affecting Google services, allowing threat actors to generate Google cookies continuously while ensuring continuous access to Google services even after a user performs a password reset. In a technical report, CloudSEK shared details of the exploit. On October 20, 2023, CloudSEK’s AI digital risk platform XVigil discovered that on the Telegram channel, a developer/threat actor PRISMA had released a 0-day solution to address issues with incoming…
Read More
20 Dec 2023
By Mary

InfoSec News Nuggets 12/20/2023

Major apparel supplier behind North Face and Vans hit by cyberattack, disrupting its holiday fulfillments  VF Corporation reported in a Securities and Exchange Commission filing on Monday that it had been hit by a cyberattack. The company owns a slew of apparel brands, including Vans, North Face, Timberland, Dickies and more — and it warns the disruption could affect your holiday shopping. VF first noticed "unauthorized occurrences" on its IT systems on December 13, it said…
Read More
19 May 2022
By Mary

InfoSec News Nuggets 05/19/2022

Long lost @ symbol gets new life obscuring malicious URLs Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perception Point traced them to an IP in Japan. The attack started with a phishing…
Read More
25 Jan 2021
By Mary

InfoSec News Nuggets 01/25/2021

After big hack of U.S. government, Biden enlists 'world class' cybersecurity team President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Disclosed in December, the hack struck eight federal agencies and numerous companies, including software provider SolarWinds Corp. U.S. intelligence agencies…
Read More
28 Aug 2020
By Mary

InfoSec News Nuggets 08/28/2020

Tesla Insider Works with FBI to Turn the Tables on Russia’s Million Dollar Attempt to Hijack the Network On August 25, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a citizen of Russia for conspiring to breach the network of a U.S. company, which media has identified as Tesla (their GigaFactory in Sparks, NV) and introduce malware into the company’s network. Kriuchkov was arrested on August 22 as he tried to depart…
Read More
03 Feb 2020
By Mary

InfoSec News Nuggets 2/3/2020

1 - Tinder and Bumble under investigation over underage use, sex offenders, and data handling Yesterday, the US House Oversight and Reform subcommittee announced an investigation into popular dating apps including Tinder, Grindr, and Bumble for allegedly allowing minors and convicted sex offenders to use their services. In a press release issued yesterday, the Chairman of the subcommittee, Raja Krishnamoorthi, sent letters to Match Group, Inc — the parent company of major dating apps — seeking…
Read More
17 Dec 2019
By Mary

InfoSec News Nuggets 12/17/2019

1 - Prosecutors say a man stole $88,000 from a bank vault. The FBI caught him after he flashed stacks of bills on social media. If you're systematically stealing money from a bank vault, it may not be a good idea to post the evidence on your social media pages. A bank employee in Charlotte, North Carolina, allegedly stole $88,000 from the bank's vault, according to a release from the United States Attorney's Office Western District of…
Read More