17 Aug 2023
By Mary

InfoSec News Nuggets 08/17/2023

America's original hacking supergroup creates a free framework to improve app security Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, has built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, includes options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet. “We feel…
Read More
26 Apr 2023
By Mary

InfoSec News Nuggets 04/26/2023

Security Failures At TikTok’s Virginia Data Centers: Unescorted Visitors, Mystery Flash Drives And Illicit Crypto Mining  For years, TikTok has told lawmakers that the private data of its U.S. users is secured — and safe from potential influence or exfiltration — in a cluster of data centers located in Northern Virginia. But interviews with seven current and former employees and more than 60 documents, photos and videos from the data centers reveal that the centers have faced…
Read More
16 Mar 2023
By Mary

InfoSec News Nuggets 03/16/2023

OpenAI co-founder on company’s past approach to openly sharing research: ‘We were wrong’  Yesterday, OpenAI announced GPT-4, its long-awaited next-generation AI language model. The system’s capabilities are still being assessed, but as researchers and experts pore over its accompanying materials, many have expressed disappointment at one particular feature: that despite the name of its parent company, GPT-4 is not an open AI model. OpenAI has shared plenty of benchmark and test results for GPT-4, as well as some intriguing demos, but has offered essentially…
Read More
31 Jan 2023
By Mary

InfoSec News Nuggets 01/31/2023

JD Sports says 10 million customers hit by cyber attack  Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack. The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards. The data related to online orders between November 2018 and October 2020. JD Sports said it…
Read More
11 Jan 2023
By Mary

InfoSec News Nuggets 01/11/2023

Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio  On Thursday, Microsoft researchers announced a new text-to-speech AI model called VALL-E that can closely simulate a person's voice when given a three-second audio sample. Once it learns a specific voice, VALL-E can synthesize audio of that person saying anything—and do it in a way that attempts to preserve the speaker's emotional tone. Its creators speculate that VALL-E could be used for high-quality text-to-speech applications, speech…
Read More
27 Dec 2022
By Mary

InfoSec News Nuggets 12/27/2022

‘Tis the season for gaming: Keeping children safe (and parents sane) Despite gathering macro-economic headwinds, US consumers are set to increase their total retail spending by around 7% year-on-year this holiday season, and by 3.5% on electronics. But while several weeks of uninterrupted gaming might seem like the dream Christmas for many youngsters, there are also risks that parents need to be aware of. Whether your children are playing a console in the living room, or accessing…
Read More
01 Dec 2022
By Mary

InfoSec News Nuggets 12/01/2022

[U: Fix coming] Months-old security vulnerability still hasn’t been patched on Pixel, Samsung Google’s Project Zero this week highlighted the “gap” in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability. The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices…
Read More
24 Oct 2022
By Mary

InfoSec News Nuggets 10/24/2022

A hacker who stole and sold Ed Sheeran songs for crypto gets prison time Adrian Kwiatkowski, a hacker from Ipswich in England who stole two unreleased songs by Ed Sheeran, has been sentenced to 18 months in prison, according to the BBC. Kwiatkowski sold Sheeran's tracks, along with 12 other songs by American rapper Lil Uzi Vert, for cryptocurrency worth £131,000 (US$148,000) on the dark web. UK prosecutors said Kwiatkowski got his hands on the…
Read More
21 Oct 2022
By Mary

InfoSec News Nuggets 10/21/2022

FBI Warns Students Against Loan Forgiveness Scammers  The Federal Bureau of Investigation (FBI) has released a new public service announcement warning against fraudulent websites, emails, texts or phone scams aiming to defraud individuals seeking federal student loan forgiveness. According to the document, scammers are attempting to solicit personally identifiable information (PII), financial information or payment from potential victims. The warning comes amidst the backdrop of the recently released Student Loan Debt Relief Plan, which will provide targeted student debt cancellation…
Read More
07 Oct 2022
By Mary

InfoSec News Nuggets 10/07/2022

TikTok's "secret operation" tracks you even if you don't use it  Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts—thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. According…
Read More
22 Aug 2022
By Mary

InfoSec News Nuggets 08/22/2022

Google blocks largest HTTPS DDoS attack 'reported to date' A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in…
Read More
18 Jul 2022
By Mary

InfoSec News Nuggets 07/18/2022

Public Cloud Customers Admit Security Challenges Most global organizations aren’t fully confident in the effectiveness of their security controls in the public cloud, despite storing sensitive data there, according to a new Cloud Security Alliance (CSA) study. Sponsored by Anjuna Security, the Sensitive Data in the Cloud report is compiled from interviews with 452 IT and security professionals, from various organization sizes and locations. It revealed that over two-thirds (67%) of respondents now store sensitive data or…
Read More
27 Dec 2021
By Mary

InfoSec News Nuggets 12/27/2021

Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues Fisher Price Chatter Bluetooth Telephone has the appearance of a classic kids toy, but it was designed for adults and allows to make and receive calls over Bluetooth using a nearby smartphone. The device is a Bluetooth headset that accepts the connections from a smartphone and could be used to take calls or as a speakerphone, unfortunately, serious privacy issues could allow attackers to…
Read More
20 Aug 2021
By Mary

InfoSec News Nuggets 08/20/2021

Census hit by cyberattack, US count unaffected U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census, and hackers' attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday. The attack took place in January 2020 on the bureau's remote access servers. According to the Office of Inspector General, the Census Bureau missed opportunities to limit its vulnerability to…
Read More
04 Jun 2021
By Mary

InfoSec News Nuggets 06/04/2021

1 - NY transit officials confirm cyberattack; say harm limited Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America's largest transit system, MTA officials confirmed on Wednesday. The officials said in a statement that that agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk. The MTA insisted that…
Read More
05 Feb 2021
By Mary

InfoSec News Nuggets 02/05/2021

Scammers posing as FBI agents threaten targets with jail time The U.S. Federal Bureau of Investigation (FBI) is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information. As the FBI warns, the agency has received multiple reports of such scam attempts where the fraudsters are targeting North Florida residents attempting to steal their personal info. Additionally, "multiple versions of…
Read More
23 Nov 2020
By Mary

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More
02 Nov 2020
By Mary

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More
22 Oct 2020
By Mary

InfoSec News Nuggets 10/22/2020

PayPal to support Bitcoin and other crypto — but merchants must use fiat PayPal is ready to let users to buy, sell, and hold Bitcoin $BTC▲4.15% and other cryptocurrencies, according to Reuters. PayPal chief exec Dan Schulman told Reuters the company hopes this will “encourage global use of virtual coins,” and ready its network in anticipation of digital currencies issued by central banks. The US payments giant said it plans to allow users to actually spend their cryptocurrency with the…
Read More
13 Oct 2020
By Mary

InfoSec News Nuggets 10/13/2020

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have…
Read More
07 Oct 2020
By Mary

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More
21 Sep 2020
By Mary

InfoSec News Nuggets 09/21/2020

CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas…
Read More
29 Jul 2020
By Mary

InfoSec News Nuggets 7/29/2020

Dave ShinyHunters hack exposes 7.5 million user records Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group ShinyHunters, included personal user information including names, emails, birth dates, physical addresses and…
Read More
23 Jul 2020
By Mary

InfoSec News Nuggets 7/23/2020

TikTok might be sold to US investors to ward off security concerns Chinese short video platform TikTok is currently facing close scrutiny and risks being booted out of the US — which is home to some of its most popular content creators — but the app may find a lifeline there. The Information reports that a number of US-based investors who already have a stake in TikTok‘s parent company, ByteDance, are considering purchasing the subsidiary company to…
Read More