InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More

InfoSec News Nuggets 11/02/2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an…
Read More

InfoSec News Nuggets 10/22/2020

PayPal to support Bitcoin and other crypto — but merchants must use fiat PayPal is ready to let users to buy, sell, and hold Bitcoin $BTC▲4.15% and other cryptocurrencies, according to Reuters. PayPal chief exec Dan Schulman told Reuters the company hopes this will “encourage global use of virtual coins,” and ready its network in anticipation of digital currencies issued by central banks. The US payments giant said it plans to allow users to actually spend their cryptocurrency with the…
Read More

InfoSec News Nuggets 10/13/2020

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have…
Read More

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More

InfoSec News Nuggets 09/21/2020

CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas…
Read More

InfoSec News Nuggets 7/29/2020

Dave ShinyHunters hack exposes 7.5 million user records Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group ShinyHunters, included personal user information including names, emails, birth dates, physical addresses and…
Read More

InfoSec News Nuggets 7/23/2020

TikTok might be sold to US investors to ward off security concerns Chinese short video platform TikTok is currently facing close scrutiny and risks being booted out of the US — which is home to some of its most popular content creators — but the app may find a lifeline there. The Information reports that a number of US-based investors who already have a stake in TikTok‘s parent company, ByteDance, are considering purchasing the subsidiary company to…
Read More