InfoSec News Nuggets 4/9/2024

FCC to vote on net neutrality rules on April 25 The Federal Communications Commission is preparing to vote to restore net neutrality at the commission’s open meeting later this month. If adopted by the commission, restoring net neutrality would bring back a national standard for broadband reliability, security and consumer protection as well as reclassify the internet as a telecommunications service under Title II of the Communications Act of 1934. Net neutrality rules were first put in…
Read More

InfoSec News Nuggets 3/11/2024

Microsoft says Russian hackers stole source code after spying on its executives Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. “In recent weeks, we have seen evidence that Midnight Blizzard…
Read More

InfoSec News Nuggets 09/01/2023

Google Removes ‘Pirate’ URLs from Users’ Privately Saved Links  To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google's search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to "moderate" users' privately saved links collections.    NYC subway security flaw seemingly exposes ‘impossible’ Apple Pay vulnerability  An inexcusable NYC…
Read More

InfoSec News Nuggets 01/05/2023

CircleCI security alert: Rotate any secrets stored in CircleCI We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing. We will provide you updates about this incident, and our response, as they become available. At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take…
Read More

InfoSec News Nuggets 06/17/2022

Facebook, Twitter, TikTok, Google and others agree to new EU rules to fight disinformation Tech companies operating some of the world’s biggest online platforms — including Facebook-owner Meta, Microsoft, Google, Twitter, Twitch, and TikTok — have signed up to a new EU rulebook for tackling online disinformation. These firms and others will have to make greater efforts to halt the spread of fake news and propaganda on their platforms, as well as share more granular data on their work…
Read More

InfoSec News Nuggets 05/13/2022

DEA Investigating Breach of Law Enforcement Data Portal The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a…
Read More

InfoSec News Nuggets 01/24/2022

FSB detains administrator of UniCC carding forum The Russian Federal Security Service (FSB) has arrested the administrator of the UniCC carding forum and one of the members of the Infraud cybercrime cartel. The suspect was identified as Andrey Sergeevich Novak and was detained for two months on charges of computer crimes and money laundering. Three other suspects, identified as Kirill Samokutyaev, Konstantin Vladimirovich Bergman, and Mark Avramovich Bergman, were also detained and subsequently placed under…
Read More

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The…
Read More