08 Aug 2023
By Mary

InfoSec News Nuggets 08/08/2023

Microsoft Patches Critical Azure Flaw Following Criticism for ‘Irresponsible’ Security Practices  Microsoft has fixed a critical vulnerability that could let hackers gain unauthorized access to sensitive data and cross-tenant applications managed by Azure AD. The fix comes shortly after security researchers criticized Microsoft for its “grossly irresponsible” cybersecurity practices. In a post on LinkedIn, Amit Yoran, the CEO of the security firm Tenable, called out Microsoft for failing to address a vulnerability in its Azure platform. It enabled Chinese state-sponsored hackers…
Read More
15 Aug 2022
By Mary

InfoSec News Nuggets 08/15/2022

Diagnostic Robotics has AI catching health problems before they take you to the ER A stitch in time saves nine, they say — and a blood thinner in time saves a trip to the emergency room for a heart attack, as Diagnostic Robotics hopes to show. The company’s machine learning-powered preventative care aims to predict and avoid dangerous (and costly) medical crises, saving everyone money and hopefully keeping them healthier in general —  and it’s raised $45…
Read More
25 May 2022
By Mary

InfoSec News Nuggets 05/25/2022

Chicago students lose data to ransomware attackers Chicago Public Schools (CPS) disclosed on Friday that students may have had their data taken in a ransomware incident involving one of its vendors. The ransomware attack happened last December at Battelle for Kids (BfK), based in Columbus Ohio, which develops services to provide innovation in schools for students and teachers. Around 490,000 students and 56,000 employees found their data breached by those responsible for the ransomware. The data accessed by criminals,…
Read More
22 Dec 2020
By Mary

InfoSec News Nuggets 12/22/2020

Zoom Says It’s Being Probed by SEC, Two U.S. Attorneys Offices Zoom Video Communications Inc. said it has provided information to multiple U.S. prosecutors and regulators regarding interactions with China and other overseas governments, as well as security and user privacy matters. The U.S. Securities and Exchange Commission and two U.S. Attorney’s offices have been investigating Zoom for months, the San Jose, California-based company said Friday in a blog post and a filing. The videoconferencing company disclosed the…
Read More
10 Nov 2020
By Mary

InfoSec News Nuggets 11/10/2020

Vatican enlists bots to protect library from onslaught of hackers Ancient intellects are now being guarded by artificial intelligence following moves to protect one of the most extraordinary collections of historical manuscripts and documents in the world from cyber-attacks. The Vatican Apostolic Library, which holds 80,000 documents of immense importance and immeasurable value, including the oldest surviving copy of the Bible and drawings and writings from Michelangelo and Galileo, has partnered with a cyber-security firm to…
Read More
09 Nov 2020
By Mary

InfoSec News Nuggets 11/09/2020

What to do with old online accounts you don't use anymore? Chances are you have old online accounts that you haven’t used for a long time, maybe years. I know I do. I talked to the digital security experts at Sophos, and they say the smart move is to delete these old accounts. “Those old accounts may not seem like they have much value to you, but criminals have been passing around those old passwords and…
Read More
28 Oct 2020
By Mary

InfoSec News Nuggets 10/28/2020

Bot orders $18,752 of McSundaes every 30 min. to find if machines are working Burgers, fries, and McNuggets are the staples of McDonald's fare. But the chain also offers soft-serve ice cream in most of its 38,000+ locations. Or at least, theoretically it does. In reality, the ice cream machines are infamously prone to breaking down, routinely disappointing anyone trying to satisfy their midnight McFlurry craving. One enterprising software engineer, Rashiq Zahid, decided it's better to…
Read More
15 Oct 2020
By Mary

InfoSec News Nuggets 10/15/2020

DuckDuckGo, EFF, and others just launched privacy settings for the whole internet A group of tech companies, publishers, and activist groups including the Electronic Frontier Foundation, Mozilla, and DuckDuckGo are backing a new standard to let internet users set their privacy settings for the entire web. “Before today, if you want to exercise your privacy rights, you have to go from website to website and change all your settings,” says Gabriel Weinberg, CEO of DuckDuckGo, the…
Read More
11 Sep 2020
By Mary

InfoSec News Nuggets 09/11/2020

Ransomware accounted for 41% of all cyber insurance claims in H1 2020 Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats. "Ransomware doesn't…
Read More
03 Jul 2020
By Mary

InfoSec News Nuggets 7/3/2020

Facebook admits to improperly giving user data to third-party developers, again In a Wednesday blog post, Facebook announced that (oops!) thousands of developers continued to receive updates to users' non-public information well past the point when they should have. Specifically, Facebook said that, for an unspecified number of users, it failed to cut off the data spigot — like it promised it would back in 2018 — 90 days after a person had last used an app.  We…
Read More
09 Jun 2020
By Mary

InfoSec News Nuggets 6/9/2020

Japan's video gaming grandma, 90, plays her way into record books Every day 90-year-old Japanese grandma Hamako Mori flexes her fingers to keep them nimble. Not for knitting or needlepoint, but to stay in shape for playing video games. The pensioner known as “Gamer Grandma” spends three or more hours a day battling monsters and going on missions in the virtual worlds of her favourite games, and even has a popular YouTube channel for her…
Read More
04 Jun 2020
By Mary

InfoSec News Nuggets 6/4/2020

Ransomware gang says it breached one of NASA's IT contractors The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to…
Read More
28 May 2020
By Mary

InfoSec News Nuggets 5/28/2020

COVID-19: WEF says cybersecurity measures no longer theoretical 'nice-to-haves' for businesses With COVID-19 pandemic having forced individuals, organizations and the global economy to become more reliant on the internet and digital ways of doing business, an urgent action plan is required to deal with possible cyber attacks and data frauds, a WEF study said on Tuesday. 'COVID-19 is confronting every organization with limits of its ability to learn and change in an environment where speed…
Read More
14 May 2020
By Mary

InfoSec News Nuggets 5/14/2020

Zoom etiquette: You've probably broken at least one of these video chat rules With coronavirus lockdowns and quarantines still in place in most states, many of us are using video chat as the main way to keep in touch with coworkers, family and friends. Whether you're using Zoom, Skype, FaceTime, Google Meet or Hangouts, Microsoft Teams or one of the other video chat services available, you've probably encountered some distracting video chat behaviors from colleagues and friends, taking your calls off the rails.  Here are six ways…
Read More
08 May 2020
By Mary

InfoSec News Nuggets 5/8/2020

‘Dramatic Rise’ in Scam Websites Mimicking Online Streaming Services The meteoric rise in new signups to streaming services such as Netflix and Disney+ in recent weeks has given opportunistic scammers the chance to take advantage of the situation. This is evidenced by new research by the cybersecurity firm Mimecast, which revealed that some 700 scam websites have popped up on the internet between April 6 and 13, designed with the sole purpose of stealing personal…
Read More
06 May 2020
By Mary

InfoSec News Nuggets 5/6/2020

The New United Nations Coronavirus Social Distancing App Doesn’t Even Work This week a division of the United Nations announced its new social distancing app designed to help alert people when they get too close to another person during the ongoing coronavirus pandemic. Motherboard has found that the app, called 1point5, is barely functional, and an independent researcher highlighted how the app may be largely ineffective due to how it informs users when they are…
Read More
04 May 2020
By Mary

InfoSec News Nuggets 5/4/2020

Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation Rep. Adam Schiff, D-Calif., has a message for the CEOs of Google, YouTube and Twitter when it comes to coronavirus misinformation: please be more like Facebook. It’s an unusual request from a D.C. lawmaker after Congress has spent the past few years scolding Facebook for its policies on misinformation. The company has struggled to escape the shadow of the 2018 Cambridge Analytica scandal and its role in spreading disinformation…
Read More
24 Apr 2020
By Mary

InfoSec News Nuggets 4/24/2020

Zoom will soon let you report meeting participants to help bust Zoombombers Zoom is adding a way for hosts to report meeting participants, according to the app’s release notes published on April 19th (via PC Mag). In theory, that could help the company track down trolls that take over Zoom calls and share inappropriate material, a practice more colloquially known as “Zoombombing.” Zoom says the reporting feature will be available in an update that’s scheduled to release on Sunday, April…
Read More
20 Apr 2020
By Mary

InfoSec News Nuggets 4/20/2020

For seniors on COVID-19 lockdown, Alexa proves to be a valuable friend At the Eskaton assisted living communities across Northern California, residents and staff are doing their best to create a shared sense of hope and solidarity through the COVID-19 pandemic.  To keep residents safe, communal rooms are closed for activities, but hallway happy hours have become a common occurrence. Residents must eat their meals in their own apartments, but the staff has treated them with…
Read More
17 Apr 2020
By Mary

InfoSec News Nuggets 4/17/2020

Cyber attacks on banks seen spiking, says Carbon Black In what has been referred to as an “unprecedented anomaly”, cyber criminals are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March to account for 52% of all attacks observed by VMware’s Carbon Black Cloud. The sudden shift observed by Carbon Black threat researchers Patrick Upatham and Jim Treinen was also reflected…
Read More
07 Apr 2020
By Mary

InfoSec News Nuggets 4/7/2020

Microsoft: Emotet Took Down a Network by Overheating All Computers Microsoft says that an Emotet infection was able to take down an organization's entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment. "After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s…
Read More
06 Apr 2020
By Mary

InfoSec News Nuggets 4/6/2020

Twitter reveals Mozilla Firefox bug that stores your direct messages for up to 7 days Twitter recently warned users of a Mozilla Firefox bug that grants access to accounts’ non-public information to anyone using the device. “We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache,” Twitter said in a statement on April 2. “This means that if you accessed Twitter from a…
Read More