10 Apr 2024
By Mary

InfoSec News Nuggets 4/10/2024

Over 90,000 LG Smart TVs may be exposed to remote attacks Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection.  Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The…
Read More
28 Mar 2023
By Mary

InfoSec News Nuggets 03/28/2023

Android app from China executed 0-day exploit on millions of devices  Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed. The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is…
Read More
16 Nov 2022
By Mary

InfoSec News Nuggets 11/16/2022

Twitter Users Warn Others Using Two-Factor Authentication Not To Sign Out As 2FA Texts Aren't Arriving Elon Musk's acquisition of Twitter has proven controversial, confusing, amusing, and sometimes even frustrating. This week appears to be falling in the frustrating category, as some users are warning others that they've encountered a bug that is locking them out of their accounts. The claims have surfaced amid concerns about Twitter's drastically reduced workforce and the ways Musk went…
Read More
10 Nov 2022
By Mary

InfoSec News Nuggets 11/10/2022

15,000 sites hacked for massive Google SEO poisoning campaign Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors' goal is…
Read More
02 Nov 2022
By Mary

InfoSec News Nuggets 11/02/2022

Laser attack blinds autonomous vehicles, deleting pedestrians and confusing cars Self-driving cars, like the human drivers that preceded them, need to see what's around them to avoid obstacles and drive safely. The most sophisticated autonomous vehicles typically use lidar, a spinning radar-type device that acts as the eyes of the car. Lidar provides constant information about the distance to objects so the car can decide what actions are safe to take. But these eyes, it…
Read More
23 Sep 2022
By Mary

InfoSec News Nuggets 09/23/2022

Denmark latest to conclude Google Analytics is unlawful The Danish Data Protection Agency (DPA), Datatilsynet, has become the fourth national regulator to conclude that the manner in which companies are currently using Google Analytics breaches European Union regulations that demand stricter safeguards for personal data moved outside the bloc. In a judgement published on Wednesday, the regulator said that the use of Google's popular tool is illegal because it enables companies to move users' data outside the…
Read More
23 Aug 2022
By Mary

InfoSec News Nuggets 08/23/2022

Lloyd’s to end insurance coverage for state cyber attacks Insurance market Lloyd’s of London has indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023. According to the Wall Street Journal, which was first to report the story, the change will supposedly ensure that the scope of cyber insurance policies is made clear to buyers, and is being made because Lloyd’s believes the…
Read More
10 Aug 2022
By Mary

InfoSec News Nuggets 08/10/2022

Phishing attack adds pressure with countdown clock A new phishing attack tries to panic users into entering their company email login credentials by displaying a countdown clock that supposedly shows how much time remains before their account is deleted. When the time runs out, nothing actually happens, but the attackers hope the ruse, taken straight from the ransomware handbook, will pressure victims into acting without thinking. The attack begins with a message falsely telling the…
Read More
27 May 2022
By Mary

InfoSec News Nuggets 05/27/2022

Vehicle owner data exposed in GM credential-stuffing attack Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid…
Read More
26 May 2022
By Mary

InfoSec News Nuggets 05/26/2022

Russian hackers are linked to new Brexit leak website, Google says A new website that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence. The website - titled "Very English Coop d'Etat" - says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit…
Read More
20 May 2022
By Mary

InfoSec News Nuggets 05/20/2022

Texas social media law will cause “chaos” online, Supreme Court is told More than two dozen groups have urged the US Supreme Court to block a Texas law that prohibits large social media companies from moderating content based on a user's "viewpoint." The Texas law, HB20, "results in blatant violations of the First Amendment rights of platform providers," said a Supreme Court brief filed yesterday. The law taking effect means that "chaos will ensue online with disastrous and…
Read More
27 Apr 2022
By Mary

InfoSec News Nuggets 04/27/2022

Quantum ransomware seen deployed in rapid network attacks The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. The threat actors are using the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker. The technical details of a Quantum ransomware attack were analyzed…
Read More
25 Feb 2022
By Mary

InfoSec News Nuggets 02/25/2022

Twitter admits it mistakenly removed Ukraine open source intelligence accounts Twitter said it had mistakenly suspended the accounts of open source intelligence reporters posting about Russia’s military build-up around Ukraine, leading to many of them accusing the Russian state of launching a “bot” campaign against them. Based on publicly available satellite imagery, open source reporters have used social media to supply a steady commentary on the activities of Russian forces near the Ukrainian border, providing…
Read More
14 Sep 2021
By Mary

InfoSec News Nuggets 09/14/2021

Apple issues urgent iPhone software update to address critical spyware vulnerability Apple has updated its software for iPhones to address a critical vulnerability that independent researchers say has been exploited by notorious surveillance software to spy on a Saudi activist. Researchers from the University of Toronto's Citizen Lab said the software exploit has been in use since February and has been used to deploy Pegasus, the spyware made by Israeli firm NSO Group that has…
Read More
19 Aug 2021
By Mary

InfoSec News Nuggets 08/19/2021

Conti ransomware prioritizes revenue and cyberinsurance data theft Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. Earlier this month, a disgruntled affiliate posted to a hacking forum the IP addresses for Cobalt Strike C2 servers used by the gang and a 113 MB archive containing training material for conducting ransomware attacks. Using this leaked training material,…
Read More
28 May 2021
By Mary

InfoSec News Nuggets 05/28/2021

1 - NASA Identified Over 6,000 Cyber Incidents in Past 4 Years The U.S. National Aeronautics and Space Administration (NASA) identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA’s Office of Inspector General. NASA has institutional systems, which are used for the day-to-day work of employees — these include data centers, web services, computers and networks. It also has mission systems, which support its…
Read More
19 Jan 2021
By Mary

InfoSec News Nuggets 01/19/2021

Nine Attention-Grabbing Inventions Unveiled at This Year’s CES Like school, work conferences and visiting your grandparents, this year’s Consumer Electronics Show (CES) has been virtual-only. So instead of gathering in hangar-sized Las Vegas expo halls, those wishing to check out the year’s crop of tech and gadget debuts can simply tune in online. Some of these technologies will never catch on. Others may one day be as ubiquitous as the Xbox, satellite radio and 3D printers, all…
Read More
17 Nov 2020
By Mary

InfoSec News Nuggets 11/17/2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a recent study revealed that 62 percent of consumers shop more online now…
Read More
03 Nov 2020
By Mary

InfoSec News Nuggets 11/03/2020

Twitter explains how it will handle misleading tweets about the US election results Twitter recently updated its policies in advance of the U.S. elections to include specific rules that detailed how it would handle tweets making claims about election results before they were official. Today, the company offered more information about how it plans to prioritize the enforcement of its rules and how it will label any tweets that fall under the new guidelines. In…
Read More
29 Oct 2020
By Mary

InfoSec News Nuggets 10/29/2020

White Castle rolls out more robots from Miso Robotics to cook in its kitchens More robots are coming to White Castle . Expanding a partnership with Miso Robotics,  roughly 10 new White Castle locations will be rolling out the Pasadena, California-based company’s robotic fry cook. The move accelerates the adoption of Miso Robotics’ newly designed Flippy robot into kitchens to speed up production and allow more staff to work in the front of the house to service customers, the…
Read More
16 Oct 2020
By Mary

InfoSec News Nuggets 10/16/2020

World’s fastest AI supercomputer is coming to Italy Nvidia today announced that its accelerated computing platform will be used to build the world’s fastest AI supercomputer. The new system — called Leonardo — is being constructed by French IT firm Atos for Italian inter-university consortium Cineca. It’s expected to deliver 10 exaflops of FP16 AI performance, which will be harnessed by Cineca researchers to simulate planetary forces behind climate change and molecular movements inside a coronavirus molecule. Nvidia…
Read More
05 Oct 2020
By Mary

InfoSec News Nuggets 10/05/2020

Russian state hackers appear to have breached a federal agency Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack. The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely…
Read More
21 Sep 2020
By Mary

InfoSec News Nuggets 09/21/2020

CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas…
Read More
11 Sep 2020
By Mary

InfoSec News Nuggets 09/11/2020

Ransomware accounted for 41% of all cyber insurance claims in H1 2020 Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats. "Ransomware doesn't…
Read More
13 Aug 2020
By Mary

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state…
Read More
12 Aug 2020
By Mary

InfoSec News Nuggets 08/12/2020

Twitter 'looking' at a possible TikTok tie-up Twitter has approached TikTok's Chinese owner ByteDance to express an interest in buying its US operations, according to reports. Video-sharing platform TikTok has been at the centre of fierce debate in recent weeks and takeover talk. Last week US Donald Trump ordered firms to stop doing business with TikTok within 45 days over security concerns. Tech giant Microsoft is the front-runner to buy TikTok but now Twitter has…
Read More
31 Jul 2020
By Mary

InfoSec News Nuggets 7/31/2020

US provides new expanded set of espionage charges against former Twitter employees The two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, and the third person named Ahmed Almutairi were originally charged with fraudulently accessing private information and acting as illegal agents of a foreign government for allegedly spying on Twitter users critical of the Saudi royal family. This time around, the individuals have been charged with seven offences instead of two. The charges include acting as…
Read More
22 Jul 2020
By Mary

InfoSec News Nuggets 7/22/2020

Tech Firms Begin to Abandon Hong Kong Over Security Law China’s sweeping national security law has forced technology firms to reconsider their presence in Hong Kong. The nimblest among them -- the city’s startups -- are already moving data and people out or are devising plans to do so. Beijing’s polarizing law, which took effect this month, upended Hong Kong’s tech scene just as it seemed on a path to becoming a regional hub. Entrepreneurs…
Read More
17 Jul 2020
By Mary

InfoSec News Nuggets 7/17/2020

Mozilla project exposes YouTube's recommendation 'bubbles' We’ve all seen social media posts from our climate change-denying cousin or ultra-liberal college friend, and have wondered how they came to certain conclusions. Mozilla’s new project, “TheirTube,” created by Amsterdam-based designer Tomo Kihara, is offering a glance at theoretical YouTube homepages for users in six different categories. Those personas include: fruitarian, doomsday prepper, liberal, conservative, conspiracist and climate denier.  Through these different personas, Mozilla hopes to demonstrate how…
Read More
16 Jul 2020
By Mary

InfoSec News Nuggets 7/16/2020

Twitter lost control of its internal systems to Bitcoin-scamming hackers Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that’s growing increasingly influential. The first signs of compromise occurred around 1 PM California time when hijacked accounts—belonging to Vice President Joe Biden, Elon Musk, Bill Gates, and other people with millions or tens of millions of…
Read More
24 Jun 2020
By Mary

InfoSec News Nuggets 6/24/2020

Four California Hotels Redefine Social Distancing with Robots Delivering Groceries, Towels and Pet Treats As the California economy reopens, four California hotels have created a safe environment with elevated cleanliness and Social Distancing Robot Ambassadors.  With many guests preferring a touchless experience, the three-foot robots provide guests with peace of mind as they can deliver everything from pillows and pet treats to towels and groceries. Since the robots have no arms, they do not replace…
Read More
11 Jun 2020
By Mary

InfoSec News Nuggets 6/11/2020

Twitter starts aggressively fact-checking tweets linking 5G to COVID-19 Twitter is now fact-checking tweets that link 5G and the COVID-19 pandemic by adding a label that promises to get users “the facts about COVID-19,” Business Insider reports. Clicking the label takes you to a Twitter page titled “No, 5G isn’t causing coronavirus” that includes links to news reports, fact-checking organizations, and government agencies debunking the conspiracy theory. Twitter confirmed the move in a statement given to Business Insider.…
Read More
29 May 2020
By Mary

InfoSec News Nuggets 5/29/2020

How to Unlock Hidden Browser Games in Edge, Firefox and Chrome Your web browser is full of secrets. I typically spend my time poring over new features I can unlock via pages like chrome://flags and about:config, but it’s also nice to take a little break and play the hidden games that come packed into the most popular browsers. Yes, your desktop browser is filled with hidden games. Don’t crack your knuckles and expect to hunker down for a Civilization VI-like session—they’re not that great.…
Read More
26 May 2020
By Mary

InfoSec News Nuggets 5/26/2020

Home Chef announces data breach after hacker sells 8M user records Home Chef, a US-based meal kit and food delivery service, announced a data breach today after a hacker sold 8 million user records on a dark web marketplace. Last week, BleepingComputer reported that a hacking group actor named Shiny Hunters was selling the user records for eleven companies on a dark web marketplace. The threat actor was selling these databases for $500 to $2,500. The user records for…
Read More
30 Apr 2020
By Mary

InfoSec News Nuggets 4/30/2020

Comcast waives data cap until at least June 30 in response to pandemic After promising 60 days without data caps and overage fees for all customers, Comcast has decided to extend the data-cap waiver until at least June 30. Comcast announced the data-cap waiver on March 13, saying the waiver would last until May 13 to help customers deal with the pandemic. Today, Comcast said it will extend the data-cap waiver and other pandemic-related changes "through June 30 to…
Read More
29 Apr 2020
By Mary

InfoSec News Nuggets 4/29/2020

Online auction of record-breaking whisky collection hit by cyber-attack A record-breaking online auction of rare whiskies has been postponed indefinitely after being targeted in a cyber-attack. The sale of Richard Gooding’s “The Perfect Collection” was marketed as “the largest and most unprecedented private whisky collection ever to be offered for public sale”. The first phase of the auction, consisting of more than 1,900 bottles, fetched more than £3.2m earlier this year. The second phase of…
Read More
06 Apr 2020
By Mary

InfoSec News Nuggets 4/6/2020

Twitter reveals Mozilla Firefox bug that stores your direct messages for up to 7 days Twitter recently warned users of a Mozilla Firefox bug that grants access to accounts’ non-public information to anyone using the device. “We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache,” Twitter said in a statement on April 2. “This means that if you accessed Twitter from a…
Read More
18 Feb 2020
By Mary

InfoSec News Nuggets 2/18/2020

1 - Reuters Partners With Facebook For Fact-Checking Program Reuters has joined Facebook’s fact-checking crusade. As part of the social network’s third-party program, Reuters will comb through photos, videos, headlines, and other content—in the run-up to the U.S. election and beyond—to verify information in English and Spanish. The global news provider will then publish its findings on a specially created blog. “We are steadfastly recognizing the magnitude of misinformation taking place around the world. It’s a…
Read More
10 Feb 2020
By Mary

InfoSec News Nuggets 2/10/2020

1 - Data Breach at Mitsubishi Electric Caused by Zero-Day Vulnerability in Antivirus Software When antivirus software is installed and activated, there is usually an assumption that the system is automatically safer. Antivirus software can be penetrated just like any other software can, however, as a 2019 data breach at Japanese electronics giant Mitsubishi Electric demonstrates. Mitsubishi Electric did not disclose what software they were using or exactly what the nature of the data breach…
Read More
05 Feb 2020
By Mary

InfoSec News Nuggets 2/5/2020

1 - Magecart group jumps from Olympic ticket website to new wave of e-commerce shops A Magecart group has expanded its operations by compromising not only an Olympic ticket reseller but also a number of other websites referencing a single malicious domain hosting the underlying skimmer code. Magecart is a term used to describe the use of skimmer code to compromise e-commerce payment platforms. Legitimate websites seemingly fine to trust -- the British Airways portal and Ticketmaster being prime examples…
Read More
16 Jan 2020
By Mary

InfoSec News Nuggets 1/16/2020

1 - Production company data breach exposes personal data of Dove ‘real people’ ad participants A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign. The company inadvertently exposed the data, which included bank details and passport scans, by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket. This meant…
Read More
10 Jan 2020
By Mary

InfoSec News Nuggets 1/10/2020

1 - Jussie Smollett investigation: Judge orders Google to turn over a full year of the actor’s data as part of special prosecutor probe A Cook County judge has ordered Google to turn over Jussie Smollett’s emails, photos, location data and private messages for an entire year as part of the special prosecutor’s investigation into the purported attack on the actor. Two sweeping search warrants, obtained by the Chicago Tribune, provide the first public glimpse…
Read More
26 Dec 2019
By Mary

InfoSec News Nuggets 12/26/2019

1 - Apple eyes satellite internet for data project Apple is reportedly hiring engineers to help deliver a satellite project that would beam internet services directly to devices without the aid of mobile networks. Bloomberg reports that Apple has an early stage project with about 12 engineers from the aerospace, satellite and antenna design industries who hope to launch the project within five years. Exactly what Apple is cooking up is not clear and it could have…
Read More
26 Nov 2019
By Mary

InfoSec News Nuggets 11/26/2019

1 - The California DMV Is Making $50M a Year Selling Drivers’ Personal Information In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18. The document doesn't name the commercial requesters, but some specific companies…
Read More
08 Nov 2019
By Mary

InfoSec News Nuggets 11/08/2019

1 - Cisco: All these routers have the same embedded crypto keys, so update firmware Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues. The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key. The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access…
Read More
10 Oct 2019
By Mary

InfoSec News Nuggets 10/10/2019

Twitter says user data meant for security purposes may have been used for advertising Twitter said on Tuesday email addresses and phone numbers uploaded by users to meet its security requirements may have been ‘inadvertently’ used for advertising purposes. The micro-blogging site said the issue was rectified as of Sept. 17, without disclosing how many users were impacted. “This was an error and we apologize,” the company said in a blog post. Social media companies, including Twitter and Facebook,…
Read More
23 Sep 2019
By Mary

InfoSec News Nuggets 9/23/2019

Second Wave of Click2Gov Breaches Hits United States In December 2018, Gemini Advisory covered a breach of Click2Gov, a self-service bill-pay portal for utilities, community development, and parking tickets, which compromised over 300,000 payment card records from dozens of cities across the United States and Canada between 2017 and late 2018. Gemini has now observed a second wave of Click2Gov breaches beginning in August 2019 and affecting over 20,000 records from eight cities across the…
Read More