UCLA Student
Infosec Blog

honey pot

By Tiffany Hsu | nytimes.com

The punch cards stuffed in your wallet know next to nothing about you, except maybe how many frozen yogurts you still need to buy to get a free one. 

But loyalty programs, as they shift from paper and plastic to apps and websites, are increasingly tracking a currency that can be more valuable than how much you spend: personal data. As a result, the programs know things about you that some of your friends may not, like your favorite flavor (mango), when your cravings strike (early afternoon) and how you pay (with your Visa), in addition to billing details and contact information.
Hackers are in close pursuit.

Some criminals use stolen credentials to impersonate customers, breach loyalty profiles and then tap into separate accounts. Others deplete balances or sell points on dark web marketplaces. One hacked Southwest Airlines rewards account with at least 50,000 miles was advertised for $98.88, according to the cloud security company Armor. 

Read more...

Social Media apps

By Dan Goodin | arstechnica.com
 

Attacks used app's call function. Targets didn't have to answer to be infected.

Attackers have been exploiting a vulnerability in WhatsApp that allowed them to infect phones with advanced spyware made by Israeli developer NSO Group, the Financial Times reported on Monday, citing the company and a spyware technology dealer.
A representative of WhatsApp, which is used by 1.5 billion people, told Ars that company researchers discovered the vulnerability earlier this month while they were making security improvements. CVE-2019-3568, as the vulnerability has been indexed, is a buffer overflow vulnerability in the WhatsApp VOIP stack that allows remote code execution when specially crafted series of SRTCP packets are sent to a target phone number, according to this advisory.

Read More...

files

WSU to pay up to $4.7 million for data theft involving 1.2 million people. Breaches that involve health data generally will cost you more. Asia Fields reports:

Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more.

In a settlement approved in King County Superior Court on Thursday, the university agreed to pay up to $4.7 million in cash reimbursements, attorneys fees and administrative expenses. On top of that, the university will pay for two years of credit monitoring and insurance services for up to 1,193,190 people, according to the settlement agreement.

Read More...

application

By Scott Jaschik| insiderhighered.com

Some applicants at Grinnell, Hamilton and Oberlin report receiving emails giving them the chance to purchase their files—including confidential comments from admissions officers. Some applicants at three private liberal arts colleges report this week that they have received anonymous notes offering them the chance to buy their complete admissions files, including comments made on them by admissions officers, any ratings assigned to them, reports on interviews and in some cases the tentative decisions made on whether to admit them.

Read More...

windows apps

By Bradley Barth | scmagazine.com

April’s Microsoft Windows update has apparently been causing headaches for users who had previously installed anti-virus software from vendors such as Avast, Avira, ArcaBit, McAfee and Sophos.

Users with these AV products who installed the April 9 Windows update may find that their machines become slow or unresponsive following restart, according to the “Known Issues” section of Microsoft’s Monthly Rollup update web page.

So far at least three of the affected security vendors, Avast, Arcabit and Avira, have released software updates [1, 2] to mitigate the issue, while McAfee is testing a proof-of-concept fix that is available to customers. Microsoft is assisting Sophos by temporarily blocking devices with its AV products from receiving the April update, until a more permanent solution becomes available.

Read More...

netflix

By Peter Suciu | technewsworld.com

The allure of TV shows and Movies on demand has become the breeding grounds for Cyberattacks.

In a previously posted article Threat-List: Game of Thrones, a Top Malware Conduit for Cybercriminals Kaspersky’s research discovered how Game of Thrones accounted for 17 percent of all infected pirated content—of which 20,934 users were attacked with malicious downloads— even though no new episodes were released in 2018. Be aware of malicious files posing to be Free TV show downloads. Be vigilant and protect yourself from being deceived into providing your personal information to sources that disguise themselves as reliable sources.

malware

By Tara Seals | threatpost.com

As Game of Thrones’ eighth season gets ready to kick off, a new report says the popular TV show accounted for 17 percent of all infected pirated content in the last year.

As Game of Thrones’ eighth season approaches, fans are getting ready for the ultimate clash of living vs. dead, fire vs. ice, human vs. monster. But they should be careful where they get their Jon Snow fix from; fresh analysis has concluded that the fantasy series is cybercriminals’ favorite target for disguising malware in illegal content downloads.

Game of Thrones accounted for 17 percent of all infected pirated content that researchers with Kaspersky Lab tracked last year, with 20,934 users attacked – even though no new episodes were released in 2018. And it came in as the most-targeted show despite being only the eighth most-popular to illegally stream, according to researchers; it also didn’t make the top 10 for torrent popularity.

Read More...

 

 

phish-dont-take-bait

Your organization’s online safety and security are a responsibility every employee shares.

Phishing is an attempt by a criminal attacker, usually through email, to illegally gain access to your computer to acquire sensitive.

An attacker may send you an email, posing as your IT Administrator requesting you to act and click on a “secure” link, open an attachment or log into a website. When you click on the attacker’s malicious link or open a malicious attachment, your computer is infected with malicious software called malware.

Read More...

 

Boston Terrier with rose and mobile phone

By Lisa Weintraub Schifferle | consumer.ftc.gov 

It’s Valentine’s Day and love is in the air. You may think you spend a lot on flowers or chocolate, but losing money in a romance scam would cost you even more.

Last year, people reported losing $143 million to romance scams — a higher total than for any other type of scam reported to the FTC. And, according to a new FTC Data Spotlight, reports of romance scams are on the rise. 

Read More…

 

Laptop with video chat open

By John P. Mello Jr. | technewsworld.com
 
Apple has suspended its Group FaceTime application following reports that a bug in the software allowed callers to eavesdrop on the people they were calling. 

The flaw let a person making a FaceTime call listen through the phone of the person called before the call was accepted or rejected. It reportedly also allowed access to the front-facing camera in an iPhone.  Read More…