--Univ. of Central Florida Data Breach
(February 4, 2016)
The University of Central Florida (ECF) has disclosed that its computer systems were breached, compromising the personal information of 63,000 current and former students, staff, and faculty. The breach was detected last month and is being investigated by law enforcement and a digital forensics company.
--Malwarebytes Will Fix Flaws Found by Project Zero
(February 3, 2016)
Google's Project Zero team has disclosed vulnerabilities in Malwarebytes that could be exploited to launch man-in-the-middle attacks. Project Zero discovered that Malwarebytes updates were being downloaded over an unsecure, HTTP channel and that they were not signed. Malwarebytes was notified of the issue in November, but did not fix the issue within Project Zero's 90-day window. A Malwarebytes executive says the issues will be fixed within the next several weeks.
--Israeli Regulatory Agency Hit by Ransomware (January 27 & 28, 2016)
Reports of a cyberattack on Israel's Electrical Authority have been misleading. While the country's Energy Minister said that the Israeli Electricity Authority was the target of "one of the largest cyber attacks" the agency had endured, the issue was found to be ransomware.
Furthermore, Electrical Authority is a regulatory agency and is in no way related to the networks of the Israeli electric companies, transmission, or distribution sites.
--Google Updates Chrome to Version 48
(January 22, 2016)
Google Chrome has been updated to version 48. The newest stable version of the browser includes fixes for 37 issues, two of which were rated high risk.
--NSA Director: "Encryption is Foundational to the Future"
(January 21, 2016)
US National Security Agency (NSA) director Admiral Michael Rogers told an audience at the Atlantic Council, "Encryption is foundational to the future," and that trying to get rid of it is "a waste of time." Rogers spoke to the seemingly opposed "Imperatives" of security and privacy, noting that both need to be met. At the same event, Rogers said that US Cyber Command is starting to mature and is developing "tangible" offensive and defensive capabilities.
--Android Malware Steals Voice-Based Two-Factor Authentication Codes (January 13 & 18, 2016) Symantec has detected malware created for Android devices that steals single-use passcodes generated to add a layer of security to online banking authentication procedures. The malware, dubbed Android.Bankosy, enables call forwarding and silent mode so the devices' owners are unaware that their incoming calls are being redirected. Some organizations have started sending the single-use passwords in voice calls rather than SMS.
--More Bad Ransomware
(January 13, 2016)
A malware variant that renders files unrecoverable, even by the criminal responsible for spreading it, has been detected. The malware is a variant of a proof-of-concept file that has been tweaked so that it encrypts the decryption key, making it virtually impossible for the files to be recovered.
--Reminder: Most Versions of IE Now Retired (January 12, 2016) Microsoft's security updates for January mark the end of support for most versions of Internet Explorer (IE). Only IE 11 will continue to be fully supported. IE 9 will be supported on Windows Vista and Windows Server 2008; IE 10 will still be supported on Windows Server 2012. The January updates also mark the end of Microsoft's support for the original release of Windows 8; users running that OS can upgrade to Windows 8.1 at no cost.