InfoSec News Nuggets 03/29/2022

Hundreds more packages found in malicious npm 'factory' Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on March 21 and grew rapidly, with each npm package deliberately named to mimic legitimate software. An automated script targeted…
Read More

InfoSec News Nuggets 03/07/2022

Ukraine to issue non-fungible tokens to fund armed forces Ukraine has announced it will issue non-fungible tokens to fund its armed forces, as cryptocurrency becomes an increasingly popular means of giving support to the government in Kyiv. Mykhailo Fedorov, Ukraine’s vice-prime minister, said on Twitter on Thursday that the government would soon issue NFTs to help pay for its military. NFTs confer ownership of a unique digital item – with pieces of virtual art proving particularly popular –…
Read More

InfoSec News Nuggets 02/25/2022

Twitter admits it mistakenly removed Ukraine open source intelligence accounts Twitter said it had mistakenly suspended the accounts of open source intelligence reporters posting about Russia’s military build-up around Ukraine, leading to many of them accusing the Russian state of launching a “bot” campaign against them. Based on publicly available satellite imagery, open source reporters have used social media to supply a steady commentary on the activities of Russian forces near the Ukrainian border, providing…
Read More

InfoSec News Nuggets 02/24/2022

EU Deploys Cyber Response Unit to Ukraine The EU is deploying a newly formed Cyber Rapid-Response Team (CRRT) to Ukraine to help the country combat Russian threat actors as troops start pouring over the border. The Lithuanian Ministry of National Defence tweeted the news yesterday, revealing that the move came at the request of the Ukrainian government. Lithuania will be leading the coalition of six EU countries – which also includes Croatia, Poland, Estonia, Romania and the…
Read More

InfoSec News Nuggets 01/18/2022

Meta faces billion-pound class-action case Up to 44 million UK Facebook users could share £2.3bn in damages, according to a competition expert intending to sue parent company Meta. Dr Liza Lovdahl Gormsen alleges Meta "abused its market dominance" to set an "unfair price" for free use of Facebook - UK users' personal data. She intends to bring the case to the Competition Appeal Tribunal. A Meta representative said users had "meaningful control" of what information…
Read More

InfoSec News Nuggets 01/14/2022

New Paper Explains How to Secure SMS in the 5G Era AdaptiveMobile Security has published a white paper entitled “Messaging for the Future: Securing SMS in 5G” which explains why 5G networks will be at increased risk because of the interplay between the way SMS messaging has been implemented and the manifold vulnerabilities inherited from earlier generations of network. The paper makes many recommendations about how to shore up the defenses surrounding SMS messaging before telcos…
Read More