23 Jan 2023
By Mary

InfoSec News Nuggets 01/23/2023

EU watchdogs agree on how to handle certain cookie consent dark patterns  Cookie consent banners that use blatant design tricks to try to manipulate web users into agreeing to hand over their data for behavioral advertising, instead of giving people a free and fair choice to refuse this kind of creepy tracking, are facing a coordinated pushback from the European Union’s data protection regulators. A taskforce of several DPAs, led by France’s CNIL along with Austria’s…
Read More
25 Nov 2022
By Mary

InfoSec News Nuggets 11/25/2022

U.S. govt seizes domains used in 'pig butchering' scams For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to "pig butchering" scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms. The list of domains seized includes simexcbr.com, simexlua.com, simexwim.com, simexarts.com, simexrue.com, simexvtn.com, and simexbiz.com, all of them spoofing the one used by the Singapore International Monetary Exchange (SIMEX). While originating from…
Read More
03 Jun 2022
By Mary

InfoSec News Nuggets 06/03/2022

Hackers steal WhatsApp accounts using call forwarding trick There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list. The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call. Rahul Sasi, the founder and CEO of digital risk protection company CloudSEK, posted some details…
Read More
29 Apr 2022
By Mary

InfoSec News Nuggets 04/29/2022

Millions of Java Apps Remain Vulnerable to Log4Shell Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Log4j framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log4j is easily exploitable and…
Read More
13 Sep 2021
By Mary

InfoSec News Nuggets 09/13/2021

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware Symantec, part of Broadcom Software, has linked the recently discovered Sidewalk backdoor to the China-linked Grayfly espionage group. The malware, which is related to the older Crosswalk backdoor (Backdoor.Motnug) has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico. A feature of this recent campaign was that a large number of targets were in the telecoms sector. The…
Read More
11 Aug 2021
By Mary

InfoSec News Nuggets 08/11/2021

WhatsApp CEO calls out Apple over Child Safety tools announcement Ever since Apple introduced the new protection tools for child safety this week, it instantly divided opinions. While some think this is a huge deal to protect children, others believe it will just create a backdoor for governments to access people’s iPhones. Now, WhatsApp CEO Will Cathcart is the latest to join those who think the new Child Safety tools from Apple could be bad. It’s not…
Read More
02 Jun 2021
By Mary

InfoSec News Nuggets 06/02/2021

1 - Hackers are targeting employees returning to the post-COVID office With COVID-19 restrictions lifting and employees starting to make their way back into offices, hackers are being forced to change tack. While remote workers have been scammers’ main target for the past 18 months due to the mass shift to home working necessitated by the pandemic, a new phishing campaign is attempting to exploit those who have started to return to the physical workplace.…
Read More
22 Feb 2021
By Mary

InfoSec News Nuggets 02/22/2021

Clubhouse under scrutiny for sending data to Chinese servers Clubhouse was launched about a year ago and was initially only used by Silicon Valley’s rich and famous. It is different from other social media in that it focuses on the spoken word. Clubhouse members can enter virtual rooms to listen in or participate in live conversations. The conversations can only be joined when they are live and the people having the conversation determine who is…
Read More
07 Jan 2021
By Mary

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More
05 Nov 2020
By Mary

InfoSec News Nuggets 11/05/2020

WhatsApp now lets you post ephemeral messages, which disappear after 7 days Facebook recently announced that WhatsApp passed the whopping milestone of 100 billion messages sent per day, but not everyone wants those chats to stick around forever. Now, Facebook’s wildly popular messaging app with 2 billion users is adding a feature to give people more control on how their words and pictures live within the app. From today, messages — including photos and videos…
Read More
19 Mar 2020
By Mary

InfoSec News Nuggets 3/19/2020

1 - Brave accuses Google of using 'hopelessly vague' privacy policies that breach GDPR Google has been accused of breaching one of the General Data Protection Regulation's (GDPR) principles surrounding consent that requires companies to provide a specific purpose for collecting and processing user personal data.  In a complaint [PDF] filed to the Irish Data Protection Commission (DPC), Chromium-based browser Brave alleges that Google's privacy policy infringes the GDPR "purpose limitation" principle as it "does not transparently…
Read More
04 Oct 2019
By Mary

InfoSec News Nuggets 10/04/2019

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC Nation-state spy agencies are only as good as their operational security—the care they take to keep their digital spy operations from being discovered. But occasionally a government threat actor appears on the scene that gets it all wrong. This is the case with a threat actor recently discovered by Kaspersky Lab that it’s calling SandCat—believed to be Uzbekistan’s repressive and much-feared intelligence agency, the State…
Read More