Security News
As education has moved from in-classroom teaching to remote learning, colleges and universities have had to set up technologies that open the door to greater security risks. A report published Tuesday by cybersecurity provider BlueVoyant looks at the security threats challenging schools of higher learning and offers suggestions on how to combat them.
The acceleration of the use of IoT devices, gaming and streaming services; faster adoption of software, cloud and XaaS technologies to help organizations manage remote work and school; and 5G had become a reality, enabling more and higher-capacity connections from millions of devices all requiring protection of this expanded attack surface from highly complex cyberattacks. As a global phenomenon, A10 has seen the largest communications service providers expand their services, taking advantage of new opportunities with government and enterprises, along with regional providers addressing the critical need for high-speed broadband to rural communities.
Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers. In a communication on Thursday, Lakehead University provided some details about the attack saying that it was aimed at its file share servers.
Cyemptive Technologies announced Cyemptive Web Fortress, a solution that protects web servers against zero-day cyberattacks in real time. Unlike other solutions on the market, which only identify and work to eliminate "Known" threats after they have infiltrated a system, Cyemptive Web Fortress protects your data and web servers against real-time cyberattacks on a preemptive, immediate basis.
Servers belonging to the Dutch Research Council have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. The NWO is tasked with investing in research and research infrastructure to increase quality and innovation in science.
Researcher Alissa Knight with Approov tried to break into the APIs of 30 different mHealth app vendors, with the agreement she wouldn't ID the vulnerable ones. According to the resulting report from Approov, out of 30 popular mHealth apps analyzed, 77 percent of them contained hardcoded API keys, which would allow an attacker to intercept that exchange of information - some of which don't expire.
The statement coincided with Accellion's own public acknowledgment that an ongoing vulnerability in FTA eventually led to an information compromise with Singtel and other customer systems. "The Accellion file transfer product used by Singtel is 20 years old, and continues to be used by many organizations in the financial, governmental and commercial sector to transfer large files, despite Accellion's offering of newer and more secure file-sharing solutions," Chloé Messdaghi, chief strategist, Point3 Security, said via email.
The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. Today, CD Project disclosed that they were the target of a ransomware attack that encrypted devices on their network and led to the theft of unencrypted files.
Federal law enforcement is now looking into a cyberattack at a water treatment plant in Oldsmar, FL where someone was able to remotely access systems and add a dangerous amount of chemicals to the town's water supply. On Monday, Pinellas County Sheriff Bob Gualtieri explained during a press conference that an employee at Oldsmar's water treatment facility saw his mouse moving independently of him on Friday morning but thought nothing of it-it's common for people in the field to remotely access systems through their TeamViewer software.
Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. Back in November, cybercriminals attacked hundreds of thousands of Spotify users utilizing this approach, prompting the streaming music service to issue password-reset notices.