InfoSec News Nuggets 10/05/2023

Say (an encrypted) hello to a more private internet  As web users, what we say and do online is subject to pervasive surveillance. Although we typically associate online tracking with ad networks and other third-party sites, our online communications travel across commercial telecommunication networks, allowing these privileged entities to siphon the names of the websites we visit and monetize our browsing history for their own gain. Enter Encrypted Client Hello (ECH) – by encrypting that first “hello”…
Read More

InfoSec News Nuggets 10/05/2022

In 2023, Google can notify you if personal info pops up in search Starting “early next year,” Google will be able to notify you if your personal info, such as your phone number, email, or home address, shows up in search results as part of its “results about you” tool. The announcement comes as Google has officially started rolling out the tool, which lets people easily create takedown requests for results with their personal info.…
Read More

InfoSec News Nuggets 01/13/2022

Fact-checkers label YouTube a 'major conduit of online disinformation' Fact-checking organisations around the world say that YouTube is not doing enough to prevent the spread of misinformation on the platform. Some 80 groups have signed a joint letter to the Google-owned platform's chief executive Susan Wojcicki. The letter says it is "one of the major conduits of online disinformation and misinformation worldwide". The organisations want YouTube to take firmer action against anti-vaccine videos, and election…
Read More

InfoSec News Nuggets 12/04/2020

IBM warns hackers targeting COVID vaccine 'cold chain' supply process IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus. The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with…
Read More

InfoSec News Nuggets 09/24/2020

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active.…
Read More

InfoSec News Nuggets 08/07/2020

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. A subsequent investigation into…
Read More

InfoSec News Nuggets 08/06/2020

New feature lets you easily fact-check WhatsApp messages After addressing those who just mindlessly forward messages to all their contacts, the company is now targeting those who want to be responsible and fact-check WhatsApp messages before forwarding them. We’re piloting a simple way to double check these messages by tapping a magnifying glass button in the chat. Providing a simple way to search messages that have been forwarded many times may help people find news results or…
Read More

InfoSec News Nuggets 6/3/2020

Trump's social media executive order faces lawsuit The nonprofit Center for Democracy and Technology is taking aim at US President Donald Trump's social media executive order. The CDT filed a lawsuit against the president on Tuesday, alleging that the order violates the First Amendment and the right to free speech. "The order is plainly retaliatory: it attacks a private company, Twitter, for exercising its First Amendment right to comment on the President's statements," the lawsuit says. "More fundamentally, the…
Read More

InfoSec News Nuggets 3/26/2020

You Can FaceTime Your Doctor Now Last week, the Centers for Medicare and Medicaid Services (CMS) and the Department of Health and Human Services (HHS) announced two measures to expand telehealth access for patients across the country. As of March 6, 2020, providers can offer telehealth visits to all of their Medicare and Medicaid patients, regardless of location, and still get reimbursed for the costs. (Previously, only patients in certain rural areas were eligible.) And, until…
Read More

InfoSec News Nuggets 1/30/2020

1 - Hackers stole $13,103.91 from me. Learn from my mistakes. It began with dumplings. When I got an email at midnight last March from Grubhub notifying me that my order from Dumpling Depot was on its way to an address 3,000 miles away from my location in New York City, I thought there must have been some mistake. And there was: mine. Because I didn’t take a few basic internet security precautions, hackers robbed…
Read More

InfoSec News Nuggets 12/27/2019

1 - Chinese malware broker behind US hacks is now teaching computer skills in China A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on Internet security. Mr Yu Pingan, who spent 18 months in a San Diego federal detention centre, had pleaded guilty to conspiracy to commit computer hacking.…
Read More

InfoSec News Nuggets 11/14/2019

1 - Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded The state of Iowa contracted with a prominent cybersecurity company to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses.  In September, two employees of the company were arrested in the course of doing their jobs. The charges still have not been dropped. The incident has sparked concern across the cybersecurity industry, including worries that…
Read More

InfoSec News Nuggets 9/24/2019

Android VPN apps found serving disruptive ads A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store. While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of…
Read More