News

The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain. All schools are impacted by the incident and there are no after-school activities. The district learned of a "cybersecurity issue" on Wednesday morning. Source: Bleeping Computer

The U.S. Federal Bureau of Investigation (FBI) asked students not to make hoax threats via social media, emails, or text messages, in a warning published as part of its 'Think Before You Post' campaign. "The FBI takes these threats very seriously whether they come in the form of text messages, social media posts, or emails," said the FBI. "Law enforcement – whether the FBI or our local and state partners – will respond to each...

Server lacked password protection and included multiple databases with records from the U.S., U.K. and Vietnam. Phone numbers linked to the Facebook accounts of hundreds of millions of users has been found online on an insecure server in the latest privacy gaffe for the social media giant. The server, which lacked password protection, contained more than 419 million records over several databases of Facebook users across multiple geographies—including 133 million records of U.S.-based users–according to a...

The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security. Equifax, $700 million. British Airways, $221 million. Marriott, $120 million. Companies are seeing much heftier fines in 2019, and the near future holds little respite, according to experts. Source: Dark Reading

Researchers find that a spoofing a service message from the phone carrier is simple and effective on some brands of Android smartphones. Using text messages with embedded links, security researchers from Check Point Software Technologies recently discovered that spoofing messages from a phone carrier could be used to configure certain features, including e-mail and the directory server, of several brands of Android phones. The attack uses over-the-air (OTA) provisioning messages, a technique used by carriers...

Google yesterday rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level. Security flaws that enable privilege escalation can be exploited from a position with limited access to one with elevated access to critical files on the system. In order to utilize this, an attacker should have already compromised the device but have their actions restricted by insufficient permissions....

More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cybercriminal make a $10 investment. Check Point researchers found malicious actors using a remote agent to trick phone owners into accepting new phone settings that hand over various levels of control to the attacker. The attack vector is through a process called over-the-air (OTA) provisioning which is used by carriers to deploy network-specific settings to...

In an incident practically ripped from the plot of one of its own stories, the webcomic XKCD reported that user data from its online forum section was found in an exposed database. XKCD, which labels itself a “webcomic of romance, sarcasm, math, and language,” posted in a brief note that portions of its PHPBB user table from its forums showed up in a leaked data collection. The exposed data includes usernames, email addresses, salted and hashed...

The Internet of Things (IoT) is rapidly creating business opportunities, and the surveillance segment is among the largest. Following the increased development of security camera technology, PoE switches have played an essential role in surveillance deployments. However, the current PoE switch designs are too generic to keep up with the expanding needs of modern surveillance installations. Zyxel, an industry leader in switch design and production, has created the GS1300 and GS1350 series PoE switches specifically...

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also stating. Citing sources with knowledge of the matter, TechCrunch this past weekend reported the campaign is the work of a state actor — most...