UCLA Student
Infosec Blog

mobile devices

By Panda Security | pandasecurity.com

It’s no secret that the technology we use can make us a target for viruses and cyber attacks if not secured properly. When it comes to mobile device use, there is no manual that comes with a phone to teach the user mobile security. In addition, threats are always evolving and adjusting based on our habits.

To help you navigate your device in a secure way, we’ve created an infographic that includes 8 mobile security tips to keep your device safe.

phone with cryptocurrency exchange

By Brian Barrett | wired.com/

Binance is one of the world’s biggest cryptocurrency exchanges. As of Tuesday, it’s now also the scene of a major cryptocurrency theft. In what the company calls a “large-scale security breach,” hackers stole not only 7,000 bitcoin—equivalent to over $40 million—but also some user two-factor authentication codes and API tokens.

Theft has long been endemic to cryptocurrency; hackers stole more than $356 million from exchanges and infrastructure in the first three months of 2019 alone, according to a recent report from blockchain intelligence company Ciphertrace. But it’s less common to see an established exchange like Binance get hacked—and for the attackers to get so much other information along the way.

Read more...

keypad

By Francis Dinah | techradar.com

SIM hijacking recently emerged as fraudsters’ latest tactic to access your personal accounts. And to be honest, it’s impressive. By tricking mobile service providers into believing he’s actually you, a hacker can transfer your telephone number to his device. Once the switch is made, the hacker gains access to your online accounts and can even receive two-factor authentication codes sent to your phone.

Although SIM hijacking takes a devastating toll on users’ privacy and digital security, the mobile industry is still struggling to prevent these kinds of attacks. But here’s what we know for sure: Phone numbers are a deeply flawed method of security.

Read more...

man in suit

By Phil Muncaster | infosecurity-magazine.com/

The average cost of cybercrime rose by over $1m last year to reach $13m per firm, with the impact of malicious insiders particularly noticeable, according to a new Accenture report. The consulting giant’s annual Cost of Cybercrime report is compiled from over 2600 interviews with hundreds of organizations across 11 countries. Those surveyed recorded an average of 145 cyber-attacks resulting in hackers entering their core networks or enterprise systems: up 11% over 2017 and 67% over 2014.

Some 85% experienced phishing and social engineering attacks last year, up 16% on 2017, and 76% suffered web-based attacks. Those hit by ransomware also increased (15%) year-on-year, with costs growing 21% to around $650,000 per company on average.

Read more...

Janns steps

Did you know that October is National Cybersecurity Awareness Month (NCSAM)? This is the 16th anniversary of NCSAM!  UCLA is a Cyber Champion among higher educational institutions nationwide that are participating in NCSAM campaigns to raise cyber awareness within their campus communities and to encourage everyone to protect their computers, mobile devices, networks, data, and private information.    

As our lives continue to become more interconnected, our use of online technology continues to grow. Even when we are not directly connected to the internet, the infrastructure of a worldwide network of computers supports our daily lives and choices. Beyond our typical use of cell phones and computers, we use technology to track many essentials of our daily lives including gaming, nutrition, recreation, shopping, exercise, with devices in our cars, in our homes, and just about everywhere – our last Google search, our last Amazon purchase, etc. Our daily choices have the potential to impact our community as a whole and individually.  The reality is our lives are very closely tied to the data that feeds and make up the internet. 

As a community, all of us at UCLA should be individually and collectively responsible to secure the devices and networks we use. Our individual choices have the potential to impact the cyber-safety of our entire UCLA community. We can proactively increase our campus community’s safety by cultivating cybersecure habits consistent with latest security practices and rooted in the willingness to learn and share our of knowledge with others. Together we can foster a more safe, resistant, and protected environment.

The IT Security Office welcomes you to be part of our collective efforts to keep UCLA safe. Keep an eye out for our banner flags around campus, the posters, digital signs, and safety and security tips/videos on our IT Cyber Security Student Blog, Twitter, Instagram and Facebook. Help lead our campus by cultivating cyber-awareness throughout National Cyber Security Awareness Month and beyond. Never underestimate the difference that each and every Bruin can make in this effort – It’s Our Shared Responsibility.

Ninjio season 4, episode 7

When proprietary information is leaked, the fingers start pointing to find a culprit.  Thankfully, Isabel has taken steps of precaution to document a coworker’s suspicious behavior.  Taking note and appropriately reporting potentially harmful activity is key to keeping an organization safe.

Watch the video...

mobile phone information

By Bill Bowman | securityboulevard.com/

Last month a hacker who stole $5 million resulting from SIM Hijacking was sentenced to 10 years in jail. In the end, SIM Hijacking or SIM Swapping results in your phone number being taken. Your phone number is the key for 2-factor authentication and other verification processes.

Only one SIM card can be associated with a phone number. This puts the victim in the dark after it is stolen. The phone number has become the golden ticket for access. This makes it extremely sought-after for those attempting to extort money, steal handles or steal.

Here are the simple steps that are being used in the fraud…

Read more...

phone with sim card

By Brian Barrett | wired.com

A spate of hacked Instagram accounts. A $220 million lawsuit against AT&T. A bustling underground crime ring. They all have roots in an old problem that has lately found new urgency: SIM card swaps, a scam in which hackers steal your mobile identity—and use it to upend your life.

At its most basic level, a SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. They’re not doing it for prank call cover, or to rack up long-distance charges. By diverting your incoming messages, scammers can easily complete the text-based two-factor authentication checks that protect your most sensitive accounts. Or, if you don’t have two-factor set up in the first place, they can use your phone number to trick services into coughing up your passwords.

Read more...

two figures on boat

Tina and Kate thought that they had done everything that they needed to do to protect themselves from potential hack threats by utilizing 2FA on their accounts.

When $8000 goes missing from their back account, though nothing malicious was on Tina’s phone, they quickly realize that they over looked a crucial flaw–SIM card hijacking. In addition to using tools like MFA, setting up a secure PIN or Passcode for your wireless account is crucial to protect your personal information!

Watch Here...

constitution under magnifying glass

By Colin Lecher | theverge.com

The Community’ allegedly netted $2.4 million in cryptocurrency. Nine people have been charged in an alleged conspiracy to hijack SIM cards and steal cryptocurrency from unwitting victims, prosecutors said this week. The scheme, according to court documents, netted more than $2.4 million.

Read More...