According to BlueVoyant’s Cybersecurity in higher education report, the number of ransomware attacks against universities increased by 100% year-on-year in 2020. The company compiled data from 2702 universities across 43 countries, covering the period January 2019 to September 2020. It went on to say that average payouts were totaling nearly $450,000.
The company claims that the rise in…
Clubhouse chatroom breached: Letting third-party developer design app for Android users backfires
April 9, 2021
The wildly popular social media app Clubhouse suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone customers to break into the iPhone-only service.
Clubhouse has confirmed that a user was able to stream audio from the app on their website. The audio-only social networking app, launched in March 2020, allows people to gather online in…
Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.
“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface…
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the…
The National Stock Exchange (NSE) of India was down for almost an entire day on February 24, 2021. The Nifty, Bank Nifty, and other indices stopped across all brokerage firms in India. An NGO foundation, Moneylife Foundation, has come forward and alleged that the NSE was under attack by cybercriminals.
Although NSE has informed that the blackout was due to “issues with the links with telecom…
Multiple airlines suffer data breach due to supply-chain cyberattack, frequent-flyer list compromised
April 9, 2021
SITA Passenger Service System (SITA PSS), a communications and IT service provider for 90 percent of the world’s airline companies, suffered a massive data breach. The company calls the attack that targeted its U.S servers in Atlanta a “highly sophisticated attack.”
Singapore Airlines, a company that uses SITA’s services, reported that over 580,000 customers were affected. The total…
According to researchers at F-Secure, vulnerable Microsoft Exchange servers are being attacked ‘faster than we can count’. Although Microsoft estimates only around 8 percent of servers remain unpatched, F-Secure says that new groups of hackers have started chasing behind this vulnerability.
It has been almost a month since Microsoft released a patch for the four zero-day vulnerabilities.
Microsoft recently apologized for an Azure Active Directory issue that disrupted access to Office 365 applications and the Azure Admin Portal for two hours or more for some users. Microsoft conducted a root cause analysis in an attempt to offer an explanation on what caused the outage.
In the root cause analysis notice, Microsoft said that a cross-cloud migration operation that was intended to…
Hackers responsible for the SolarWinds hack also have their hands on Azure and Exchange source code
March 3, 2021
In an update released this Thursday, Microsoft disclosed that the hackers responsible for the SolarWinds attack have also stolen some source code related to Azure, Exchange, and Intune components. However, the tech giant added that their investigation did not point to any evidence of abuse targeted at their internal systems and its customers.
Microsoft took notice of this compromise back on…
Microsoft announced improvements in Azure Active Directory Conditional Access Policy and Sync
March 3, 2021
Microsoft has recently announced improvements to Azure Active Directory conditional access policy and sync services. The company also outlined security best practices for organizations across the world using on-premises Active Directory and Azure AD for identity and access management.
Microsoft is advocating organizations to adopt zero trust for network traffic with Active Directory along with…