Archived News & Alerts
January 18, 2022
The Log4j Vulnerability Puts Pressure on the Security World
December 21, 2021
The Log4j Vulnerability: Millions of Attempts Made Per Hour to Exploit Software Flaw
December 17, 2021
Understanding the Impact of Apache Log4j Vulnerability
June 8, 2021
Colonial Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity
April 26, 2021
Why are cybercriminals eyeing insurance companies?
April 15, 2021
What is the SolarWinds Hack and Why Is It a Big Deal?
June 09, 2020
May 21, 2020
Covid-related malspam campaign impersonates U.S. Treasury to steal taxpayer credentials
The advocacy group Abuse.ch has found a Covid-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan.
March 21, 2019
Hackers Bypass MFA on Cloud Accounts via IMAP Protocol
Over the past several months, threat actors have been increasingly targeting Office 365 and G Suite cloud accounts that are using the legacy IMAP protocol, in an attempt to bypass multi-factor authentication (MFA), Proofpoint reports.
August 29, 2018
Data breach exposes medical histories of 300 high school students
The data breach took place when on August 20 the information was posted in error to the schools intranet and remained viewable to the public for about 24 hours. The school is now investigating exactly how this took place and the school system has launched an investigation into the incident.
August 29, 2018
NIST issues guidance for protecting medical IoT devices
The incredible advancements that have turned what were once standalone pieces of medical equipment into IoT devices do enable better care for patients, but at the same time open these devices up to cyberattacks, warned the National Institute of Standards and Technology (NIST), working with the National Cybersecurity Center of Excellence (NCCoE), in a new report.
August 24, 2018
T-Mobile suffers data breach affecting 2.2 million customers
The third most popular mobile network in the US, T-Mobile, has suffered a data breach that affected more than two million of its customers. According to the company’s website, on 20 August 2018, T-Mobile’s inhouse security team noticed unusual activity that was immediately “shut down.” Data potentially compromised before the shutdown included subscribers’ names, billing zip codes, phone numbers, email addresses, account numbers and account types (e.g. pre-paid or billed). Apparently, no social security numbers (SSNs), financial data or account passwords were accessed during the attack.
August 24, 2018
Cheddar’s Restaurants Bitten By Credit-Card Breach
Cheddar’s, known for its reasonably priced country-fried chicken, pot pies, ribs and other comfort food, has hundreds of locations across the Midwest and the South. It said that it discovered the breach last Thursday; the breach itself however took place between November 3, 2017 and January 2.
August 23, 2018
Exclusive: FBI probing cyber attack on congressional campaign in California
The hackers successfully infiltrated the election campaign computer of David Min, a Democratic candidate for the House of Representatives who was later defeated in the June primary for California’s 45th Congressional district.
August 23, 2018
Hackers Steal $13.5 Million Across Three Days From Indian Bank
Representatives of Cosmos Bank, India's second-largest cooperative bank, revealed this week that hackers breached the bank's servers over the weekend and stole over 940 million rupees ($13.5 million) across three days.
August 23, 2018
How to Protect Yourself Against a SIM Swap Attack
A SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. They’re not doing it for prank call cover, or to rack up long-distance charges. By diverting your incoming messages, scammers can easily complete the text-based two-factor authentication checks that protect your most sensitive accounts. Or, if you don’t have two-factor set up in the first place, they can use your phone number to trick services into coughing up your passwords.
August 21, 2018
Microsoft Says Russian Operation Targeted U.S. Political Groups As Midterms Loom
A familiar cyberattack suspect linked with the Russian intelligence service has resurfaced in the months leading up to the U.S. midterm elections, according to Microsoft. The tech giant announced overnight that last week it executed a court order to disrupt six fraudulent websites set up by a hacker group known by many names — most often APT28, but also Fancy Bear or Strontium, among others.
August 20, 2018
President signs NIST Small Business Cybersecurity Act into law
S.770 also tasks NIST, a division of the U.S. Commerce Department, with considering the needs of small businesses when developing these recommendations, which among other key qualities should be widely applicable and technology-neutral and "include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships.
July 17, 2018
Don't Get Scammed: 4 Questions to Help You Land a Legit Work-From-Home Job
If you stumble upon a job that might seem too good to be true, pump the brakes for a second — it could be a scam. We want to arm you with the best tips to avoid these work-from-home job scams, so we reached out to Katherine Hutt, the national spokesperson for the Better Business Bureau.
June 14, 2018
International Business E-Mail Compromise Takedown!
Law enforcement activity resulting in 74 arrests in the U.S. and overseas.
April 3, 2018
Spanish police arrest suspected mastermind of $1 billion bank hacks
AMSTERDAM (Reuters) - Spanish police have arrested the suspected leader of a gang of cyber criminals who stole up 1 billion euros ($1.2 billion) from banks by altering account balances and instructing automatic teller machines to issue cash, Europol said on Monday. The person suspected of being behind malware attacks known as “Carbanak” and “Cobalt” was arrested in Alicante, a port city on the south east coast of Spain, after cooperation between police forces in the United States, Asia and Europe, Europol said.
March 14, 2018
Mac malware rockets 270 percent - users warned 'safe' perception is wrong
Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely 'safe' is misleading. Malwarebytes has released figures that show that in the year 2017 alone, Mac threats increased more than 270 per cent, while malware targeting Mac operating systems more than doubled from 2016 to 2017.
March 13, 2018
ISO Newsletter Volume: 2 Issue: 4
This Spring, we hope that you can take a break and relax! Spring is the perfect season of the year to go through unfinished projects, do some spring cleaning, relax with friends and family, and eagerly await what summer will bring. For this issue, The Information Security Office (ISO) invites you to consider taking a few minutes to go through your computer assets, digital life, and give them a good rest too! Please follow these tips that will guide you to refresh and renew your cyber life, and remember to share them with your friends and family: .
March 12, 2018
Tech support scams using browser lockers rising
The scammers go by the names GeeksHelp and AmericaGeeks, and were previously known as Geeks Technical Solutions LLC. The actual attack has not changed. Once the target calls the number on the pop-up ad they are encouraged to download an app giving the criminals the ability to control their computer and they are then given a hard sell to purchase a “support plan” from the fake company, Malwarebytes said.
February 26, 2018
Social media and engineering used to spread Tempted Cedar Spyware
Cybercriminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.
February 9, 2018
Scam hijacks Google Chrome browser, tries to get your personal data
Scams that hijack the world's most popular browser, Google Chrome, are making the rounds again. It starts with a fake error message. For computer users, this is a vexing problem because the underlying malicious code locks up the browser. "The bug that it triggers is more than just an annoyance in the sense that it will render your Chrome browser unresponsive,” Jerome Segura, Lead Intelligence Analyst at Malwarebytes, told Fox News.
January 17, 2018
iPhones Significantly Slowed Down by Spectre Security Update
Description: Apple rolled out iOS 11.2.2 a few days ago to address Spectre vulnerability in iPhone and iPad; test confirmed that in some cases, an iPhone 6 can get even 50 percent slower after installing Apple’s security updates.
January 12, 2018
Feds charge 'Fruitfly' creator with hacking thousands of computers
The government claims, Phillip R. Durachinsky, 28, ran a 13-year scheme from 2003 to Jan. 20, 2017 that infected thousands of computers with malware dubbed “Fruitfly.” Fruitfly, which targeted Mac computers, allowed Durachinsky to take complete control of a computer including secretly turning on cameras and microphones to record video and audio.
January 4, 2018
Critical flaws revealed to affect most Intel chips since 1995
Just hours after proof-of-concept code was tweeted, security researchers have revealed the long-awaited details of two vulnerabilities in Intel processors dating back more than two decades. Two critical vulnerabilities found in Intel chips can let an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents.
December 8, 2017
ISO Newsletter Volume: 2 Issue: 3
The UTRGV Information Security Office (ISO) hopes that you enjoy the winter break with your family, friends, and pets! We know that for this season there is a lot of online shopping, discounts, special offers, travel, and delicious food. Before we leave to have a pleasant time, we would like to thank you for your support and for reading this newsletter. As you start to put together that shopping list, please consider the following security tips. Feel free to share them with your family and friends!.
November 2, 2017
WannaCry ransomware: Hospitals were warned to patch system to protect against cyber-attack - but didn't
'Basic IT security' could have prevented the NHS from being such a significant victim of May's WannaCry ransomware outbreak.
September 13, 2017
Equifax Data Breach: 143 million U.S. consumers affected
On the Equifax Data Breach the information that was accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.
September 6, 2017
SANS OUCH! September Newsletter: Password Managers
One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. This is why so many people reuse the same password. Unfortunately, reusing the same password for different accounts is dangerous, because once someone compromises your password, they can access all your accounts that use the same password. A simple solution is to use a password manager, sometimes called a password vault. These are programs that securely store all your passwords, making it easy to have a different password for each account. Password managers make this simple, because instead of having to remember all your passwords, you only have to remember the master password to your password manager.
August 29, 2017
New Information Security Office (ISO) Newsletter Volume!
The UTRGV Information Security Office (ISO) is proud to introduce the new look and name to our newsletter. This newsletter will strive to keep you informed about important security news and topics that will help you remain safe and secure both at work (for employees), at school (for students), or at home (for everyone). Your comments, ideas and critiques are welcome in order to ensure this newsletter serves the UTRGV community in the best way possible. Welcome to the fall of 2017 and the start of another great academic year!
August 1, 2017
SANS OUCH! August Newsketter: Backup & Recovery
If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidently delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way you can rebuild your digital life. In this newsletter, we explain what backups are, how to back up your data, and how to develop a simple strategy that’s right for you.
July 25, 2017
Newcastle University spoofed in phishing scam
Cybercriminals went to extreme lengths to clone the Newcastle University website going as far as to create dozens of sub-pages explaining different programs offered by the university.
July 24, 2017
Trickbot Malware Now Targets US Banks
The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks.
July 10, 2017
Pentagon to encrypt soldiers' email
Keeping soldiers' email out of the hands of enemies has long been a concern, but the Pentagon has been slow to use the readily available encryption tool for its internal mail service which serves 4.5 million users.
July 5, 2017
SANS OUCH! July Newsketter: Gaming Online Safely & Securely
Online gaming is a great way to have fun; however, it also comes with its own set of unique risks. In this newsletter, we cover what you and your family can do to protect yourselves when gaming online.
June 30, 2017
ISO Newsletter Volume: 1 Issue: 6
Summer is finally here and for many of us that means it’s time to get away! The ending of the Spring semester started with several cybersecurity events, one of these events impacted 99 countries including the United States of America. This summer looks like it’s going to be a hot one for cybersecurity.
June 23, 2017
New York Supreme Court Justice fell for $1M phishing attack
New York State Supreme Court Justice Lori Sattler was duped out of more than $1 million while trying to sell her Upper East Side apartment and purchase another.
June 16, 2017
Data breach at Oklahoma University impacts 30,000 students
Lack of privacy settings in a campus file-sharing network led to an unintentional exposure of the educational records of thousands of students at Oklahoma University.
June 14, 2017
MacSpy: free malware-as-a-service hits Mac OS
At the low price of free, the malware packs quite a bang for the buck with a list of features that claim to offer no digital trace of the threat actor, screen capture, key logging, iCloud syncing, be invisible to the victim, continuous voice recording, pasteboard, and browser data retrieval services.
June 7, 2017
Federal report: Hospital cybersecurity is in 'critical condition'
Many American hospitals and health care practices are critically vulnerable to cyberattack and lack the resources to protect against rising threats, according to a long-awaited report issued by the U.S. Department of Health and Human Service’s Health Care Industry Cybersecurity Task Force.
June 6, 2017
Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password
A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton, one of the nation’s top intelligence and defense contractors. What’s more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance.
June 5, 2017
Hackers hosted tools on a Stanford University website for months
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result in the servers hosting phishing and scam pages, spam mailers, exploit kits, or malware.
May 31, 2017
SANS OUCH! June Newsketter: Lessons From WannaCry
Recently, you most likely watched widespread news coverage of a new cyber attack called WannaCry. It infected over 200,000 computers worldwide and locked numerous organizations out of their data, including hospitals in the United Kingdom. There are several reasons this attack gained so much attention. First, it spread rapidly from computer to computer by attacking a known weakness in Windows computers. Second, the attack was a type of malware called Ransomware, which meant that once it infected your computer it encrypted all your files, locking you out of your data. The only way you could recover your data was from backups or by paying the attacker a $300 ransom to decrypt all of your data. The third and most important reason this attack gained so much attention was because it never should have happened. The weakness that WannaCry attacked in Windows computers was well known by Microsoft, which had released a fix months earlier. But many organizations failed to install the fix, or were still using operating systems that are no longer supported by Microsoft.
May 24, 2017
Investigation: Your Life for Sale
The personal information of tens of thousands of Rio Grande Valley residents were put at risk, as estimated in a CHANNEL 5 NEWS investigation of a computer server found at a local flea market.
May 22, 2017
Hack Sparrow: New 'Pirates of the Caribbean' film reportedly stolen, held for ransom
True-life digital pirates have reportedly hijacked the upcoming film Pirates of the Caribbean: Dead Men Tell No Tales, and plan to leak it online in increments, unless Disney pays an exorbitant ransom demand to rescue its movie.
May 15, 2017
Massive cyberattack targeting 99 countries causes sweeping havoc
Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.
May 8, 2017
Texas Senate passes anti-cyberbullying bill
The Texas Senate voted 31-0 to approve SB 179, legislation that will crack down on online bullying in state schools.
May 5, 2017
Educational organizations among the most sought after cybercriminals
When it comes to finding a one-stop shopping experience for a cybercriminal it's hard to find a better target than an educational institution. What makes these organizations such an inviting target is schools, both those of higher education and local school districts, hold in one place all the types of data prized by hackers, health care information, student and employee personally identifiable information (PII), research and even payment card data, according to a report by ESET researcher Lisa Myers.
May 4, 2017
Google Docs Phishing Spam
A sophisticated phishing attack swept through the network, masquerading as a Google Docs permission request. Every time someone followed the prompts, the app would gain access to the user’s contact list and blast out a new round of emails, causing a ripple effect of compromised accounts.
May 3, 2017
SANS OUCH! May Newsletter: Securing Today's Online Kids
The number of ways children today can go online and interact with others is staggering. From new social media apps and games to schools issuing Chromebooks, kids’ social lives and futures depend on their ability to make the most of technology. As parents, we want to make sure they do so in a safe and secure manner. However, this can be a challenge, as many of us never grew up in a technical environment like this. To help you, we cover the key steps to enabling today’s kids to make the most of technology safely and securely.
May 1, 2017
ISO Newsletter Volume: 1 Issue: 5
In Spring we celebrate the renewal of life, ideas of rebirth, regrowth that occurs in nature, and eagerly await the exciting fun of summer. By tradition, spring cleaning means cleaning, dusting, and mopping; for this issue the Information Security Office (ISO) invites you to consider taking a few minutes to spring clean your digital life.
April 21, 2017
Texas 10th grader hacks school network to change grades
A Texas high school sophomore was arrested on March 31 and charged with a felony for hacking into the Spring Branch Independent School District computer system in order to change student's grades.
April 17, 2017
FDA slams St. Jude on device security
The U.S. Food and Drug Administration issued a letter of warning to medical device maker Abbott on Wednesday, slamming the company for what it said was a pattern of overlooking security and reliability problems in its implantable medical devices at its St. Jude Medical division and describing a range of the company’s devices as “adulterated,” in violation of the US Federal Food, Drug and Cosmetic Act.
April 5, 2017
SANS OUCH! April Newsletter: Passphrases
Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone. However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself. However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.
April 3, 2017
Millions of college credentials spotted on dark web
Researchers have found 13,930,176 email addresses and passwords belonging to faculty, staff, students and alumni of major universities across the country on the dark web.
March 30, 2017
Skype users hit by ransomware through in-app malicious ads
Several users have complained about "fake Flash" ads, which if triggered, can lead to a ransomware attack.
March 22, 2017
W-2 phishing scam scourge continues hitting Powhatan County (VA) schools
Almost 1,000 Powhatan County (VA) school district employees had their personal information compromised when a district employee fell for a W-2 phishing scam.
March 9, 2017
ISO Newsletter Volume: 1 Issue: 4
The UTRGV Information Security Office (ISO) would like to wish you a great and safe Spring Break! Prepare yourself for the break and make some educated decisions before you pack your bags and leave.
March 1, 2017
SANS OUCH! March Newsletter: Securely Using Mobile Apps
What makes mobile devices so versatile are the millions of apps we can choose from. These apps enable us to be more productive, instantly communicate and share with others, train and educate, or just have more fun. However, with the power of all these mobile apps comes risks.
February 15, 2017
Researchers discover over 170 million exposed IoT devices in major US cities
While the research focuses on visibility rather than vulnerabilities, bugs, and security flaws, having millions of devices with open ports and viewing potential can leave them exposed to cyberattacks and use in Distributed Denial of Service (DDoS) attacks.
February 7, 2017
Texas hospital penalized $3.2 Million for HIPAA violations
It was determined that the Children's Medical Center of Dallas used unencrypted mobile devices, among other noncompliance in efforts to protect customer health data.
February 1, 2017
SANS OUCH! February Newsletter: Staying Secure on the Road
In this newsletter, SANS cover how you can connect to the Internet and use your devices securely on the road.
January 27, 2017
Facebook adds Privacy Basics to help secure accounts
Facebook is celebrating Data Privacy Day by introducing the new Privacy Basics feature to control who see what its users share on the platform.
January 19, 2017
ISO Newsletter Volume: 1 Issue: 3
The UTRGV Information Security Office (ISO) would like to wish you and your families a happy New Year. Hopefully one of your new years resolution will involve information security at home and work, in the instance that you have not added this to your list don’t worry there is still plenty of time.
January 13, 2017
Los Angeles college pays $28,000 in ransomware
Los Angeles Valley College in Valley Glen said it paid $28,000 in bitcoins to the hackers, who had used malicious software to commandeer a variety of systems, including key computers and emails.
January 11, 2017
SANS OUCH! January Newsletter: Social Engineering
In this newsletter, you will learn how social engineering works and what you can do to protect yourself.
January 6, 2017
Ransomware scheme is targeting schools, colleges and head teachers
Claiming to be from 'The Department of Education', the caller asks for the email address of the head teacher which they claim they need in order to send them sensitive information which is unsuitable for the school's general email address. Once those carrying out the scheme have the contact details they need, they'll send an email containing a ransomware infected .zip file - often disguised as an Excel or Word document - to the intended victim. If the file is opened, it will execute the ransomware, encrypting files and then demanding a ransom be paid in order to retrieve the files.
January 3, 2017
FDA Issues Final Guidance for Medical Device Security
the U.S. Food & Drug Administration (FDA) has posted the agency's final guidance for medical device safety.
December 20, 2016
ALERT UPDATE: Yahoo Data Breach - 1 Billion Users Affected
Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.
December 7, 2016
SANS OUCH! December Newsletter: Securely Disposing of Your Mobile Device
In this newsletter SANS will cover what types of personal information may be on your mobile device and how you can securely wipe it before disposing or returning it.
December 6, 2016
Cyber criminal sentenced: gets four years for selling PII
Aaron Glende (aka IcyEagle) was sentenced to four years and two months in prison for selling stolen personally identifying information (PII) and login credentials.
December 1, 2016
Hackers demanded $28,500 to unlock Carleton University files
Hackers managed to infect the systems of a Canadian university with ransomware and demanded 39 Bitcoin (approximately $28,500) to unlock the files.
November 29, 2016
Security Alert: How to stop iCloud Calendar Spam
"I didn't create a calendar item to remind me to go buy Oakley or Ray-Ban sunglasses over the next couple of days. No, I was the victim of calendar spam. It's essentially email spam, but a lot more devious."
November 23, 2016
Information Security Office Newsletter Vol. 1 Issue. 2
The UTRGV Information Security Office (ISO) would like to wish you a safe and happy holidays. It is November and as you are getting started for your holidays shopping or planning to visit your loved ones, we would like to thank you for your support, for reading this newsletter, and for taking an interest in Information Security.
November 15, 2016
Beware, iPhone Users: Fake Retail Apps Are Surging Before Holidays
Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers.
November 9, 2016
Arizona man arrested for hacking email accounts at universities
An Arizona man was arrested on Wednesday on charges that he hacked into over 1,000 email accounts for students and others at two universities, including Pace University in New York, and tried to do the same at 75 other higher-education institutions.
November 3, 2016
SANS OUCH! November Newsletter: Using The Cloud Securely
The Cloud is neither good nor evil; it is a tool for getting things done, both at work and at home. However, when you use these services you are handing over your private data to others, and you expect them to keep it both secure and available.
November 1, 2016
The US Department of the Treasury's Office of the Comptroller of the Currency has disclosed to Congress "a major security incident."
The incident reported by the OCC involves a former employee who downloaded a large number of files onto two removable thumb drives prior to his retirement and when contacted was unable to locate or return the thumb drives to the agency.
October 24, 2016
NSA's staffer allegedly stole 50TB of data, boxes of documents and computers
U.S. federal prosecutors reportedly will charge former National Security Agency (NSA) staffer Harold Martin III not only removed 50 terabytes of data from NSA servers, but also removed “six full banker's boxes” of documents along with a host of computer hardware, according to published reports.
October 14, 2016
Malware behind payment card breach at University of Central Florida
A malware infection is to blame for a payment card data breach affecting at least 230 University of Central Florida students, according to Orlando, Florida NBC affiliate WESH, citing school officials.
October 6, 2016
Internet of Things comes back to bite us
Consumers around the world could see their home Internet speeds slow in the coming weeks due to a recent release of software that allows hackers to use Internet-connected devices to attack websites.
October 5, 2016
SANS OUCH! September Newsletter: Four Steps to Staying Secure
As technology gains a more important role in our lives, it also grows in complexity. Given how quickly technology changes, keeping up with security advice can be confusing. It seems like there is always new guidance on what you should or should not be doing. However, while the details of how to stay secure may change over time, there are fundamental things you can always do to protect yourself.
September 23, 2016
Security Alert: Yahoo Data Breach – 500 Million Users Affected Yahoo has confirmed, based on a recent investigation, that a copy of certain user account information was stolen from their network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
September 22, 2016
Education sector bullied by ransomware
BitSight researchers found the education sector has been bullied by the highest rates of attack while having the least protected systems among the sectors researchers observed. The access that these institutions have to social security numbers, medical records, intellectual property, research, and financial data of faculty, staff, and students make them prime targets for attacks, the report said.
September 16, 2016
SANS OUCH! September Newsletter: Email Do’s and Don’ts
Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can quite often be our own worst enemy when using email. In this newsletter, we will explain the most common mistakes people make with email and how you can avoid them in your day-to-day lives.
September 8, 2016
USB Hacking Devices Can Steal Credentials From Locked Computers
Many users might think that leaving their computer unattended does not pose any security risks as long as the device is locked. However, researcher Rob Fuller has demonstrated that an attacker with physical access to the targeted device can capture its login credentials in just seconds as long as the machine is logged in.
September 6, 2016
Scary Security Flaw Also Affects Your Mac
The same security flaw that could have allowed hackers to steal your iPhone data without you knowing it also exists on the Mac. On Thursday, Apple released a patch for a security flaw that would allow hackers to exploit flaws in its OS X desktop operating system, install spyware on the computer, and steal all kinds of data.
September 1, 2016
Dropbox massive data breach involving 68M users
What started out last week as a warning by Dropbox to its users that some login data may have been compromised has exploded into a massive data breach with an estimated 68 million Dropbox user credentials being exposed on the web.
August 26, 2016
Apple patents technique for grabbing iPhone thieves' fingerprints and photo
The patent is called "biometric capture for unauthorized user identification," (spotted by AppleInsider) and covers how an iOS device could be turned into a surveillance device capable of capturing, storing, and even transmitting information on the person using it following the receipt of a signal to do so, or after a number of unauthorized use attempts have been made.
August 17, 2016
SANS OUCH! August Newsletter: Ransomware
Once ransomware infects your computer, it encrypts certain files or your entire hard drive. You are then locked out of the whole system or cannot access your important files, such as your documents or photos. The malware then informs you that the only way you can decrypt your files and recover your system is to pay the cyber criminal a ransom (thus the name ransomware).
August 4, 2016
Cyber Threats and Opportunities - by The University of Texas System Chancellor William H. McRaven
Cyber attacks take place all day, every day – on people, businesses, government agencies, national political parties, you name it – and the consequences of just one attack succeeding can be devastating. This vulnerability poses a serious threat to our economy, our way of life, and to our collective security.
July 28, 2016
Countering the Cyber Threat. New U.S. Cyber Security Policy Solidifies FBI as Key Cyber Leader
The Obama Administration released Presidential Policy Directive-41 on U.S. Cyber Incident Coordination Policy, which sets forth principles that will govern the federal government’s response to cyber incidents and designates certain federal agencies to take the lead in three different response areas—threat response, asset response, and intelligence support.
July 21, 2016
HHS: Healthcare groups must report all ransomware attacks
The Federal Health and Human Services Department (HHS) issued guidelines this week that could require hospitals and doctor offices to notify HHS if they are victimized by a ransomware attack.
July 14, 2016
UN extends human rights to online world
The United Nations has passed a resolution calling for human rights to be counted online as well as off, citing the internet as an important medium for free speech and free assembly. The resolution was not without its opponents, though. The UN has affirmed the right of all to use the internet without fear of surveillance or deprivation.
July 6, 2016
SANS OUCH! July Newsletter: CEO Fraud
Cyber criminals have developed a new attack called CEO Fraud, also known as Business Email Compromise (BEC). In these attacks, a cyber criminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do.
July 1, 2016
House Homeland Security Committe new report: "Going Dark, Going Formward: A Primer on the Encryption Debate."
Ultimately this effor will provide a better understanding of digital security issues for Congress and the American public. The report will help inform and advance debate that centers around balancing personal cyber security and national security.
June 28, 2016
Microsoft Office 365 hit with massive Cerber ransomware attack
At least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment. Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week that not only included a ransom note, but an audio warning informing victims that their files were encrypted.
June 8, 2016
Hackers crippled the University of Calgary's computer systems - then received a $20,000 ransom payment
The University of Calgary paid a $20,000 ransom in untraceable Bitcoins to shadowy hackers after a devastating malware attack. University officials agreed to pay the ransom to ensure critical systems could be restored, but noted it will take some time for the university’s IT staff to apply the encryption keys to the infected machines.
June 3, 2016
SANS OUCH! June Newsletter: Encryption
You may hear people use the term “encryption” and how you should use it to protect yourself and your information.However, encryption can be confusing and you should understand its limitations. In this newsletter, SANS explain in simple terms what encryption is, how it protects you, and how to implement it properly.
June 1, 2016
Malware attack shutters University of Calgary network
A virus of unknown origin shut down the computer network of the University of Calgary. Calgary students and staff received the following warning on Saturday: "Do not use any UCalgary-issued computers for any purpose." A malware attack was believed responsible for disabling IT services, including email, Skype, VPN, secure wireless and Active Directory.
May 24, 2016
Congress is so bad at cybersecurity, two lawmakers sent advice to colleagues
House lawmakers Ted Lieu (D-CA, 33rd) and Will Hurd (R-TX, 23rd) penned an email to their colleagues Monday warning them of some of the biggest dangers and threats to their information and operational security, amid a recent spate of cyberattacks. The two House members make up half of the four computer science majors in Congress.
GCHQ group disclosed kernel privilege exploit to Apple
The disclosure raises questions about the use of zero day exploits by the U.K.'s GCHQ, and intelligence agencies internationally. Security information professionals see competing priorities from intelligence agencies in how they make use of vulnerabilities. The tone of the public dialogue involving intelligence agencies has led to an erosion of trust.
May 19, 2016
117 million LinkedIn email credentials found for sale on the dark web
The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web prompting the professional social network to invalidate the account passwords.
May 18, 2016
Castro Cybersecurity Legislation Passes The House Of Representatives
The U.S. House of Representatives passed Congressman Joaquin Castro's (TX-20) bill to bolster our nation's cyber defenses and keep local communities safe from attacks. Rep. Castro's legislation, H.R. 4743, The National Cybersecurity Preparedness Consortium Act, allows non-profit entities, including universities, to work more closely with the Department of Homeland Security (DHS) to address cybersecurity risks and incidents at the state and local level.
May 9, 2016
Senator wants definition on cyber act of war
The Cyber Act of War Act of 2016 would require the President to develop a policy to determine whether a cyber attack constitutes an act of war.
May 4, 2016
SANS OUCH May Newsletter Internet of Things IoT
The next big technical advancement is the Internet of Things. The Internet of Things, often shortened to IoT, is all about connecting everyday devices to the Internet, devices from doorbells and light bulbs to toy dolls and thermostats.
April 14, 2016
ALERT Apple Ends Support for QuickTime for Windows
According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation.