Security News for the Week Ending June 3, 2022
FBI Warns US Colleges of Widespread VPN Credential Leaks – On Russian Crime Forums
Here’s a shocker. Cybersecurity practices at US colleges and universities are not so good. According to an FBI PIN (Color WHITE, general distribution), Russian cybercrime forums are offering network and VPN credentials for sale for many US higher education institutions, some of which even include screenshots as proof of access. Likely there are credentials for US businesses available too. Credit: FBI
Unpatched Critical Flaw in Confluence Under Attack
Atlasian, maker of Confluence and other software development tools, says that users (this is only for locally installed instances of Confluence) should shut it off (and totally screw up their work flow) or block it from the Internet (less disruptive). There is no fix or a timeline for a fix. Atlassian rates the bug as critical and it is an UNAUTHENTICATED, REMOTE CODE EXECUTION vulnerability. Credit: Atlassian
Chinese Phone Chips Could DDoS All Nearby Phones
I don’t think this is intentional, but it works none the less. A flaw in the firmware for the radio chip used in millions of phones could be used to remotely attack those devices. The bug can be exploited by sending a specifically designed packet to the radio receiver of the phone, crashing the phone. This is not the first time UNISOC has been in bug trouble, including 3 months ago and last December. Hopefully, your carrier will release the patch to your phone. Credit: The Register
FBI is Laser Focused on Thwarting Russian Cyber Operations
FBI Director Wray this week said they are focused on thwarting Russian cyber attacks. Wray said, at a speech in Boston, that Russia has taken steps to launch destructive attacks. He said that Russia has gained access to thousands of companies, including critical infrastructure. Hopefully they are notifying those companies, but there are probably many that they don’t have eyes on. Credit: The Record