26 Nov 2024
By Mary

InfoSec News Nuggets 11/26/2024

7-Zip affected by dangerous vulnerability: users must update the app manually The popular file compression program 7-Zip is currently affected by a high-severity vulnerability that allows attackers to execute code on the victim’s machines, Trend Micro’s Zero Day Initiative (ZDI) has disclosed. The flaw has a severity score of 7.8 out of 10, and it affects all 7-Zip versions prior to 24.07. It was released on June 19th, 2024, and the current version is 24.08.…
Read More
24 Jul 2024
By Mary

InfoSec News Nuggets 7/24/2024

Fake CrowdStrike repair manual pushes new infostealer malware CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows…
Read More
07 Feb 2024
By Mary

InfoSec News Nuggets 2/7/2024

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data  Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files…
Read More
27 May 2022
By Mary

InfoSec News Nuggets 05/27/2022

Vehicle owner data exposed in GM credential-stuffing attack Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid…
Read More
12 Oct 2021
By Mary

InfoSec News Nuggets 10/12/2021

Borrowed a School Laptop? Mind Your Open Tabs WHEN TENS OF millions of students suddenly had to learn remotely, schools lent laptops and tablets to those without them. But those devices typically came with monitoring software, marketed as a way to protect students and keep them on-task. Now, some privacy advocates, parents, and teachers say that software created a new digital divide, limiting what some students could do and putting them at increased risk of disciplinary…
Read More
07 Dec 2020
By Mary

InfoSec News Nuggets 12/07/2020

CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities The Cybersecurity and Infrastructure Security Agency is set to receive new administrative authorities that will allow the agency to obtain subscriber information for vulnerable IT assets related to critical infrastructure. The provision was included in the final conference version of the National Defense Authorization Act. A legislative proposal from CISA disclosed last year revealed that the agency was having trouble identifying owners…
Read More
23 Nov 2020
By Mary

InfoSec News Nuggets 11/23/2020

Publicly Available Exploit Code Gives Attackers 47-Day Head Start Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild. Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was released, when the bug was first detected by vulnerability scanners and when it was exploited in…
Read More
04 Sep 2020
By Mary

InfoSec News Nuggets 09/04/2020

Verizon spends big in FCC auction ahead of mid-band 5G launch Verizon (Engadget’s parent company) was the biggest winner in the FCC’s recently concluded auction for licenses in the 3.5 GHz band. In its announcement, the commission has revealed that Verizon placed $1.89 billion in winning bids, followed by Dish Network (under the name Wetterhorn Wireless) with total winning bids worth $912 million. The FCC started auctioning off 70 megahertz of Priority Access Licenses in a band…
Read More
23 Apr 2020
By Mary

InfoSec News Nuggets 4/23/2020

ITU-WHO Joint Statement: Unleashing information technology to defeat COVID-19 The World Health Organization, the International Telecommunication Union (ITU) with support from UNICEF are set to work with telecommunication companies to text people directly on their mobile phones with vital health messaging to help protect them from COVID-19. These text messages will reach billions of people that aren’t able to connect to the internet for information. Now more than ever, technology must ensure that everyone can…
Read More
24 Oct 2019
By Mary

InfoSec News Nuggets 10/24/2019

1 - Ransomware Hits B2B Payments Firm Billtrust Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said…
Read More
25 Sep 2019
By Mary

InfoSec News Nuggets 9/25/2019

Avid Users Are Suddenly Finding That Their Macs Won’t Boot Avid video editors have started reported that when they shutdown their Macs, they will no longer boot up afterwards.  It is not known exactly what is causing this issue, but it appears to be affecting older versions of Mac OS X who have the Avid Media Creator software installed. As reported by Variety, film and TV editors all over the world suddenly found yesterday that after shutting…
Read More
12 Sep 2019
By Mary

InfoSec News Nuggets 9/12/2019

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that uncovered the activity.…
Read More