Hey it’s your girl Rishii with your InfoSec weekly update for Aug 30 – Sept 4. It’s time to get the truck on the road, so let’s go!!!
Northumbria Uni Campus Closed After Serious Cyber-Attack.
Northumbria University is still reeling from a cyber-attack which forced it to reschedule exams and close its entire campus in Newcastle-Upon-Tyne.Deputy vice chancellor, Peter Francis, told students on Monday that the “cyber incident” had caused “significant operational disruption” and that work was underway to restore IT systems as quickly as possible.
https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/
Skimming Attack Hits American Payroll Association
The American Payroll Association (APA) has issued a data breach notification after being hit by a skimming attack.Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system
https://www.infosecurity-magazine.com/news/skimming-attack-hits-american/
Chinese Professor Jailed for Stealing US Trade Secrets.
A Chinese university professor has been handed an 18-month jail sentence for stealing IP from two US companies several years ago. Hao Zhang was charged in 2015 along with five other Chinese nationals with economic espionage and theft of trade secrets. While the five remain at large, most likely in China, Zhang made the mistake of re-entering the US and was promptly arrested.
https://www.infosecurity-magazine.com/news/chinese-professor-jailed-stealing/
CEOs Could Face Jail Time for IoT Attacks by 2024.
Corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by 2024 due to increased regulations around so-called “cyber-physical systems” (CPSs) such as IoT and operational technology (OT).
https://www.infosecurity-magazine.com/news/ceos-face-jail-time-iot-attacks-by/
Router vendors have patched some zero-days, but leaves others wide open.
In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch.
https://www.cyberscoop.com/mofi-networks-routers-zero-day-critical-start/
New Jersey Man Sentenced to 7+ Years for Cyber Breaking & Entering.
A New Jersey resident has been sentenced to 94 months in prison after pleading guilty to two counts of obtaining information from computers and one count of aggravated identity theft.
AI on the Email Offense.
While email attacks are becoming more and more sophisticated, the majority of email security tools still rely on signatures to identify malicious mails. As a result, companies are increasingly vulnerable to novel techniques that criminals are using to evade automatic detection and fool the time-pressed user.
Malicious Android Apps Slip Through Google Play Protection.
Security researchers have discovered at least half a dozen cases in which malicious Android apps slipped through the Google Play safety net to plant malware on Android devices. In a separate case, Android apps promised free shoes but instead delivered a botnet to victims’ phones.
Is China the World’s Greatest Cyber Power?
While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China’s aggressive approach to cyber operations has made it “perhaps the world’s greatest cyber power.”
How CISOs Can Play a New Role in Defining the Future of Work.
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
Hackers are actively exploiting critical RCE in WordPress sites using File Manager plugin.
Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed.
Rishauna Gunning from Jamaica contributed this article. Rishauna is a member of WISC (Women in InfoSec Caribbean), a Discord group for Caribbean women and girls to develop a career in Information Security.
Learn more about WISC and how at wisc.g5cybersecurity.com.
