27 May 2022
By Mary

InfoSec News Nuggets 05/27/2022

Vehicle owner data exposed in GM credential-stuffing attack Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid…
Read More
12 Oct 2021
By Mary

InfoSec News Nuggets 10/12/2021

Borrowed a School Laptop? Mind Your Open Tabs WHEN TENS OF millions of students suddenly had to learn remotely, schools lent laptops and tablets to those without them. But those devices typically came with monitoring software, marketed as a way to protect students and keep them on-task. Now, some privacy advocates, parents, and teachers say that software created a new digital divide, limiting what some students could do and putting them at increased risk of disciplinary…
Read More
07 Dec 2020
By Mary

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners…
Read More
23 Nov 2020
By Mary

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More
04 Sep 2020
By Mary

InfoSec News Nuggets 09/04/2020

Verizon spends big in FCC auction ahead of mid-band 5G launch Verizon (Engadget’s parent company) was the biggest winner in the FCC’s recently concluded auction for licenses in the 3.5 GHz band. In its announcement, the commission has revealed that Verizon placed $1.89 billion in winning bids, followed by Dish Network (under the name Wetterhorn Wireless) with total winning bids worth $912 million. The FCC started auctioning off 70 megahertz of Priority Access Licenses in a band…
Read More
23 Apr 2020
By Mary

InfoSec News Nuggets 4/23/2020

ITU-WHO Joint Statement: Unleashing information technology to defeat COVID-19 The World Health Organization, the International Telecommunication Union (ITU) with support from UNICEF are set to work with telecommunication companies to text people directly on their mobile phones with vital health messaging to help protect them from COVID-19. These text messages will reach billions of people that aren’t able to connect to the internet for information. Now more than ever, technology must ensure that everyone can…
Read More
24 Oct 2019
By Mary

InfoSec News Nuggets 10/24/2019

1 - Ransomware Hits B2B Payments Firm Billtrust Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said…
Read More
25 Sep 2019
By Mary

InfoSec News Nuggets 9/25/2019

Avid Users Are Suddenly Finding That Their Macs Won’t Boot Avid video editors have started reported that when they shutdown their Macs, they will no longer boot up afterwards.  It is not known exactly what is causing this issue, but it appears to be affecting older versions of Mac OS X who have the Avid Media Creator software installed. As reported by Variety, film and TV editors all over the world suddenly found yesterday that after shutting…
Read More
12 Sep 2019
By Mary

InfoSec News Nuggets 9/12/2019

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that uncovered the activity.…
Read More