Tag Archive for: August

Third-party gained access to University of Michigan systems, leading to August internet outage

/in


ANN ARBOR, MI – A third-party source infiltrated University of Michigan computer systems, which led to officials shutting down university internet during the outage at the start of the fall semester, officials said.

The university first detected suspicious activity on its campus computer network on Aug. 23, according to university spokeswoman Kim Broekhuizen. The university’s Information Assurance team, which fights cybersecurity threats and malicious actors, shut down the system the afternoon of Aug. 27.

An investigation was launched into the hack, and with the help of third-party experts, it was determined that an unauthorized individual was able to access certain university systems from Aug. 23-27, officials said.

“Based on this data analysis, we believe that the unauthorized third party was able to access personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants,” Broekhuizen wrote in an email to MLive/The Ann Arbor News.

The university has determined that students, applicants, alumni, donors, employees and contractors have had the following information accessed: Social Security numbers, driver’s license or other government-issued identification numbers, financial account of payment card numbers and/or health information, officials said.

Research study participants through the University Health Service and School of Dentistry have had the same information accessed, plus any information related to participation in certain research studies, officials said.

In addition to disconnecting the campus network from internet, the university notified law enforcement and is working with outside cybersecurity experts to make its network more secure, officials said.

Letters were sent on Monday, Oct. 23 to all university individuals affected, officials said. People with sensitive information from this incident are being offered a credit monitoring service free of charge from the university, officials said.

Credit reports can be accessed in the following ways:

Source…

Ankura CTIX FLASH Update – August 25, 2023 – Fin Tech

/in


29 August 2023


Ankura Consulting Group LLC


To print this article, all you need is to be registered or login on Mondaq.com.

Malware Activity

Whiffy Recon Malware Dropped by Smoke Loader
Botnet

A new piece of malware dubbed Whiffy Recon is a Wi-Fi scanning
payload being leveraged by threat actors to triangulate the
geolocation of compromised devices. Whiffy Recon is being
distributed by the threat actors behind the infamous Smoke Loader
botnet. The Smoke Loader botnet family is a modular backdoor with a
wide range of capabilities, mainly used by threat actors to drop
payloads at scale in the early stages of a compromise. The threat
actors are using Whiffy Recon to triangulate the positions of
infected devices by scanning for nearby Wi-Fi access points, and
then using Google’s geolocation service API to send the
longitude and latitude of the infected devices back to the
attackers. By utilizing the nearby Wi-fi access points, Whiffy
Recon can triangulate the device location even if the device does
not have a GPS system, giving attackers an edge when conducting
region-based attacks. The malware maintains persistence on the
compromised device by creating a “wlan.Ink” shortcut that
points to the Whiffy Recon malware’s location on the system.
Although the motive is currently unclear, Whiffy Recon could
potentially be utilized by threat actors to conduct mass
intimidation campaigns, pressuring victims into meeting the
cybercriminals’ demands. Researchers have stated that based on
the initial POST request to the C2 server, it is likely that the
developers of this malware will be upgrading it over time. CTIX
continues to report on new and interesting attack techniques and
may release an…

Source…

Android 14/13, August 2023 Security Patches

/in


Similar to iOS 17, the next version upgrade is underway for the world’s most popular mobile operating system – Android 14. This latest software promises better privacy, security and performance. Recently, Google rolled out the Android 14 Beta 5.2 update for its eligible Pixel devices (meaning Pixel 4a 5G or later), suggesting a stable release soon next month. On the other hand, some tech manufacturing companies are testing the Android 14-based UI software on their eligible devices and released the August 2023 security patch.

So far, all the companies have released the major Android 13 upgrade for several devices, especially the flagship and mid-range series. At the same time, some remaining budget device users are still getting it. Here in this blog, we are sharing an overview of the list of smartphones that have received the update this week.

Android 14 Features:

Like other Android OS, Android 14 is an incremental upgrade. These include a photo picker, notification flash, camera, gallery and battery life improvements, new lock screen optimisations, improved Magic Compose, Separate Ring and Notification volumes, App Pair, new charging pill, Auto-confirm Unlock, improved Control Center.

August 2023 Android Security Update:

Similar to Android OS updates, monthly security patches are very important for all devices as they will make your smartphone better than ever and provide better performance. It also comes with minor performance, system security, stability optimizations, and fixes for several issues and vulnerabilities. This article looks at the list of devices that will get the update this week.

Weekly overview of Android 14 OS and August 2023 update:

OxygenOS 14 Beta:

ColorOS 14 Beta

Realme August 2023 Update:

OnePlus August 2023 Update:

Samsung August 2023 Update:

  • Galaxy Note 10
  • Galaxy S22
  • Galaxy S20 FE
  • Galaxy A54
  • Galaxy S20
  • Galaxy Tab S6
  • Galaxy A54 4G
  • Galaxy A14
  • Galaxy M14

If you like this article follow us on Google NewsFacebookTelegram, and Twitter. We will keep bringing you such articles.

Week

Source…

21st August – Threat Intelligence Report

/in


For the latest discoveries in cyber research for the week of 21st August, please download our Threat_Intelligence Bulletin

TOP ATTACKS AND BREACHES

  • The German Federal Bar (BRAK) Association, which oversees 28 regional bars throughout Germany and represents approximately 166,000 lawyers on a national and international scale, is currently investigating a ransomware attack on its Brussels office. NoEscape ransomware group claimed responsibility for this attack.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.NoEscape)

  • Discord.io has confirmed that the company is handling a data breach exposing the information of 760,000 members, which led to the temporarily suspension of services. This comes after a cybercriminal going by the moniker Akihirah has posted the database of Discord in an underground forum.
  • Colorado’s Department of Health Care Policy and Financing (HCPF) has released a notice that personal health data of about 4 million members of state health programs from IBM-managed systems has been obtained in Cl0p ransomware group’s third-party MOVEit attack during May 2023.

Check Point IPS blade, Harmony Endpoint and Threat Emulation provide protection against this threat (Progress MOVEit Transfer Multiple Vulnerabilities; Webshell.Win.Moveit, Ransomware.Win.Clop, Ransomware_Linux_Clop; Exploit.Wins.MOVEit)

  • Suspected North Korean hackers, thought to have ties to a North Korean entity Kimsuky group, have targeted a joint U.S.-South Korea military exercise. Reportedly, no classified information was stolen.

Check Point Threat Emulation and Anti-Bot Blade provide protection against this threat (TrojanDownloader.Win.Kimsuky.A; Backdoor.WIN32.Kimsuky.A)

  • Following a confidential data breach at Tesla, caused by two employees during May 2023 and affecting over 75K people, the company began notifying current and former employees that their information (Social Security numbers, names and addresses) has been exposed in the breach.
  • Researchers have identified a widespread hacking campaign targeting LinkedIn accounts worldwide. They have noticed the attackers are using leaked credentials from 3rd party websites, or brute-forcing…

Source…