InfoSec News Nuggets 11/28/2023

  Ukraine claims cyber operation against Russian aviation agency  Ukraine's defense intelligence directorate has claimed it carried out a successful cyber operation against Russian government’s civil aviation agency, also known as Rosaviatsia. The agency reported November 23 that as a result of the hack, it obtained “a large volume of confidential documents,” including a list of daily reports from Rosaviatsia spanning more than a year and a half. The agency didn't reveal any technical details of what it called a…
Read More

InfoSec News Nuggets 11/10/2023

NIST releases revised cyber requirements for controlled unclassified information  The National Institute of Standards and Technology on Thursday released draft guidance for protecting sensitive unclassified information, outlining revised cybersecurity requirements for federal agencies and government contractors to take when it comes to safeguarding government data. The proposed guidelines are the third iteration of NIST’s standards and practices for protecting controlled unclassified information — or CUI — which refers to government-owned or created data that is not…
Read More

InfoSec News Nuggets 05/22/2023

Food distributor Sysco says cyberattack potentially leaked 125,000 Social Security numbers  A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees. In documents filed with state regulators in Maine, the company said an incident in January leaked troves of sensitive employee information. Sysco has more than 71,000 current employees, operates in over 90 countries and reported sales of more than $68…
Read More

InfoSec News Nuggets 11/10/2022

15,000 sites hacked for massive Google SEO poisoning campaign Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors' goal is…
Read More

InfoSec News Nuggets 03/29/2022

Hundreds more packages found in malicious npm 'factory' Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on March 21 and grew rapidly, with each npm package deliberately named to mimic legitimate software. An automated script targeted…
Read More

InfoSec News Nuggets 03/07/2022

Ukraine to issue non-fungible tokens to fund armed forces Ukraine has announced it will issue non-fungible tokens to fund its armed forces, as cryptocurrency becomes an increasingly popular means of giving support to the government in Kyiv. Mykhailo Fedorov, Ukraine’s vice-prime minister, said on Twitter on Thursday that the government would soon issue NFTs to help pay for its military. NFTs confer ownership of a unique digital item – with pieces of virtual art proving particularly popular –…
Read More

InfoSec News Nuggets 02/25/2022

Twitter admits it mistakenly removed Ukraine open source intelligence accounts Twitter said it had mistakenly suspended the accounts of open source intelligence reporters posting about Russia’s military build-up around Ukraine, leading to many of them accusing the Russian state of launching a “bot” campaign against them. Based on publicly available satellite imagery, open source reporters have used social media to supply a steady commentary on the activities of Russian forces near the Ukrainian border, providing…
Read More

InfoSec News Nuggets 02/24/2022

EU Deploys Cyber Response Unit to Ukraine The EU is deploying a newly formed Cyber Rapid-Response Team (CRRT) to Ukraine to help the country combat Russian threat actors as troops start pouring over the border. The Lithuanian Ministry of National Defence tweeted the news yesterday, revealing that the move came at the request of the Ukrainian government. Lithuania will be leading the coalition of six EU countries – which also includes Croatia, Poland, Estonia, Romania and the…
Read More

InfoSec News Nuggets 01/18/2022

Meta faces billion-pound class-action case Up to 44 million UK Facebook users could share £2.3bn in damages, according to a competition expert intending to sue parent company Meta. Dr Liza Lovdahl Gormsen alleges Meta "abused its market dominance" to set an "unfair price" for free use of Facebook - UK users' personal data. She intends to bring the case to the Competition Appeal Tribunal. A Meta representative said users had "meaningful control" of what information…
Read More

InfoSec News Nuggets 01/14/2022

New Paper Explains How to Secure SMS in the 5G Era AdaptiveMobile Security has published a white paper entitled “Messaging for the Future: Securing SMS in 5G” which explains why 5G networks will be at increased risk because of the interplay between the way SMS messaging has been implemented and the manifold vulnerabilities inherited from earlier generations of network. The paper makes many recommendations about how to shore up the defenses surrounding SMS messaging before telcos…
Read More