Collaborate Disseminate
Of the 200 schools in the report, the University of Pittsburgh and Georgetown University received top marks, with their DMARC policy set to “reject.” Continue reading U.S. Universities Get Failing Grades for DMARC Adoption
Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks. Continue reading Library-Themed University Phishing Attack Expands to Massive Scale
An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign, whose aim is likely intellectual property theft, sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that discovered the activity. “The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity,” Secureworks said in a blog post. The most high-profile attempt to disrupt the hackers was the charges the U.S. Department of Justice announced in March 2018 against nine Iranian nationals for breaching the networks of multiple U.S. universities, federal government agencies and U.S. companies. And yet the hacking group, which Secureworks dubs Cobalt Dickens, has used some of the same domains in their new […]
The post ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say appeared first on CyberScoop.
Continue reading ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say
Back to School: Education Through Security No more pencils, no more books, no more teachers’ dirty looks. We can all remember singing this as we skipped out of school on the last day of the school year. Some of us had more specific things we sang… Continue reading Social-Engineer Newsletter Vol 09 – Issue 120
Hurricanes, power-outages, man-made disasters—every organization has to prepare for these but when it comes to emergencies, universities face unique challenges because of the very nature of their structure and communities. Unlike the average offi… Continue reading Ahead of the Curve: University Incident Response Plans and Communications
While North Korean hackers are known for stealing money to finance Kim Jong Un’s authoritarian regime, Pyongyang may also be engaging in a cyber-espionage campaign targeting universities, new research shows. The hacking operation, which began in May, if not earlier, uses malicious Google Chrome extensions to gain a foothold into a victim’s computer, according to ASERT, the threat intelligence group of Netscout’s Arbor Networks. Once the hackers compromised a target network, they used “off-the-shelf tools,” like remote desktop protocol, to retain access to the network, according to ASERT. The goal of the operation, dubbed “Stolen Pencil,” appears to be maintaining persistent access; researchers found no evidence of data theft. “A large number of the victims, across multiple universities, had expertise in biomedical engineering, possibly suggesting a motivation for the attackers’ targeting,” states the research, which was published Wednesday. The malicious extensions have been removed from the Google Play Store, ASERT says. Although […]
The post Suspected North Korean hackers target universities using Chrome extension appeared first on Cyberscoop.
Continue reading Suspected North Korean hackers target universities using Chrome extension
Cybersecurity companies spend a lot of money on their research and the infrastructure they build to conduct it, so it’s counter-intuitive that they would give it away — but that’s exactly what two of the biggest firms are doing this summer. Comodo recently announced Comodemia, a program that would make its vast database on more than 120 million malware incidents — and the analytics engines used to mine it for insights — available online for university, government, and nonprofit researchers and educators. “Many researchers currently spend the majority of their time building the tools and the environment they need to do code compiling, malware analysis, phishing detection … It can take months before the real research can even begin,” explained Fatih Orhan, Comodo’s vice president of threat labs. “That’s where we can offer a benefit.” A list of features Comodemia would offer include: “A feed, accessible in realtime of all the threat data we collect […]
The post Security companies give public free way to sift through malware research appeared first on Cyberscoop.
Continue reading Security companies give public free way to sift through malware research
At least five U.S. colleges have been affected by the global ransomware virus known as “WannaCry,” CyberScoop has learned. The Massachusetts Institute of Technology, Trinity College, the University of Washington, North Dakota State University and the University of Maine confirmed Tuesday that computers connected to their networks were infected by the virus. “We had a handful of computers that were compromised but it didn’t spread,” University of Washington News Office Director Victor Balta told CyberScoop. “Normal operations were not affected in any way, but obviously we’re paying attention to this.” The five schools are among the first known cases of U.S.-based educational institutions becoming victims of the WannaCry ransomware campaign. CyberScoop obtained a list of IP addresses with WannaCry infections that included more than a dozen machines at U.S. higher education institutions. Not all of the schools responded to requests for comment. MIT reported that approximately 100 computers were affected by the attack […]
The post U.S. universities race to contain WannaCry ransomware, officials say appeared first on Cyberscoop.
Continue reading U.S. universities race to contain WannaCry ransomware, officials say