By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees' email accounts. All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or accessed about the security incidents. In addition, no evidence has been found of the impacted personal information being stolen or used in a malicious manner while investigating the disclosed data privacy incidents involving all three universities. As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." After analyzing the contents of the impacted Office 365 accounts, MSSU found that the emails contained within stored "first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers." We have named all 3 universities and have their comments posted on OUR FORUM.

A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store. Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google. While the apps were only installed by a little over 1000 users, the malware operators could publish other similar apps at any time on the Play Store and might also be switching to more aggressive attack methods such as redirecting victims to malicious payloads, launching phishing attacks targeting bank customers, or spreading fake news. For instance, "Potential victims can think the fake notification is real and tap it only to be redirected to a phishing site, where they will be prompted to indicate their name, credentials, email addresses, bank card numbers, and other confidential information," Doctor Web explains. When the malicious fake apps are first launched, the Android.FakeApp.174 Trojan loads a site hardcoded in its settings using the Google Chrome web browser, a website which asks the targets to allow notifications under the guise of verifying that the user is not a bot. Upon agreeing to enable web push notifications for "verification purposes," the compromised device's owner is subscribed to the site's notifications and will be spammed with dozens of notifications sent by Chrome using Web Push technology. These push notifications can pose as a wide range of alerts ranging from new social media messages and news to new social media events and notifications seemingly being pushed by applications installed on the device. Follow this by visiting OUR FORUM.

Security researchers have discovered an ongoing cryptojacking campaign which infects unpatched computers of businesses from all over the world with XMRig Monero miners using Equation group's leaked exploit toolkit. The cybercriminals behind this cryptomining campaign use the NSA-developed EternalBlue and EternalChampion SMB exploits to compromise vulnerable Windows computers, exploits which were leaked by the Shadow Brokers hacker group in April 2017. While Microsoft patched the security flaws these tools abused to break into Windows machines there are still a lot of exposed computers because they haven't been updated to newer OS versions not being impacted by these very dangerous vulnerabilities. "The campaign seems to be widespread, with targets located in all regions of the world. Countries with large populations such as China and India also had the most number of organizations being targeted," said Trend Micro's researchers, the ones who unearthed this ongoing cryptojacking campaign targeting companies from all over the world. In addition, "businesses across a wide range of industries, including education, communication, and media, banking, manufacturing, and technology" are being targeted in these attacks, with the bad actors focusing on victims who use "obsolete or unpatched software." An auto-spreading EternalBlue-based backdoor and a variant of the Vools Trojan is used as the main tool to deploy roughly 80 variants of the XMRig cryptocurrency miners on infected computers, using five different mining configurations with similar usernames and identical passwords. Complete details can be found on OUR FORUM.

The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser's address bar to check if the current page is served by a website secured using a TLS certificate. Users also look for after landing on a website is the "https" protocol designation in front of the hostname which is another hint of a domain being "secure" and the web traffic is encrypted. However, this exposes them to phishing campaigns designed by threat actors to use TLS-secure landing pages which exploit the users' trust to deceive them into trusting attacker-controlled sites and handing over sensitive personal information. "They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts, " as the FBI says in the PSA. "These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure." While in a lot of cases bad actors will get their own SSL certificates to secure pages used in their campaigns to try and trick their targets, there is also a lot of them who just abuse pages hosted on cloud services which automatically inherit the certificates. For instance, during the last two months, crooks have been observed while hosting malware and command-and-control servers on Microsoft’s Azure cloud services as well as websites used to deliver tech support scams. Get better informed by visiting OUR FORUM.

VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program. Last year, the European Commission announced that they were expanding their Free and Open Source Software Audit (FOSSA) project to support bug bounty programs for free and open source programs that they use. As VLC Media Player is one of the products used by the EU Commission, it was added to a bug bounty program at HackerOne where they are sponsored by EU-FOSSA. Jean-Baptiste Kempf, the President of VideoLan and one of the lead developers of the VLC Media Player, says that VLC 3.0.7 has the most security fixes than any other version of their program. "We just released VLC 3.0.7, a minor update of VLC branch 3.0.x," Kempf stated in a blog post. "This release is a bit special because it has more security issues fixed than any other version of VLC." As VideoLan is a non-profit organization offering free software, being able to afford a bug bounty program that can attract security experts is not an easy task.  Being sponsored, though, by EU-FOSSA who will pay up to €60,000 in bounties for reported VLC vulnerabilities appears to have created a much greater for security researchers to analyze the program. We have more posted on OUR FORUM.

One would be forgiven for thinking Microsoft just announced a $6000 computer and $1000 stand, as the company’s share price has surged 7% in the last 5 sessions according to Bloomberg, hitting its higher ever valuation in intra-day trades, and closing at above a $1 trillion valuation for the second time ever. Over the same period, Alphabet fell 3.5% and Facebook lost 2.9%.  While Apple rose 9%, this was 18.2% below their Oct. 3, 2018, record high. Microsoft is now worth more than $100 billion more than their nearest rival. As has become common, the results are speculated to be due to Microsoft’s limited involvement in the current hostile regulatory environment surrounding large tech companies and also their heavy involvement with enterprise services, which are less liable to be affected by economic downturns. “Management noted Microsoft is better positioned than ever to maintain wallet share of customers through an economic downturn, given the broader budget exposure beyond IT,” Piper Jaffray analyst Alex J. Zukin wrote in a June 5 note. “However, they indicated they were not seeing any signs of an economic slowdown nor any weakness in the economy.” Currently, 36 analysts have a buy rating for Microsoft with an average price target of $143 (7% up from the current close of $131.40), while one rate as hold and 2 recommend selling. “We continue to have a ‘buy it and forget it’ mentality on the stock right now as the company appears to be in midst of secular fundamental growth,” Zukin wrote. Continue following this by visiting OUR FORUM on a regular basis.