Security Scene Blog: June Edition
An early happy Father's Day to those of you who are, have, or plan to become fathers to small humans, plants, or animals! Significant others, this is your reminder: June 21!
Decisions from campuses are trickling in about how the fall semester will commence. Here is the Chronicle of Higher Ed’s list (and if you're like me and can't view this without a subscription, here is Google's cached version.)
The most common thread seems to be opening the semester early and closing it around Thanksgiving. Please let us know if there's anything we can do to support your network security at this time or anytime in the future.
An article posted on our Slack discusses a joint project by Apple and Google to develop contact-tracing capabilities via Bluetooth, which are being tested by MIT. (With robots, not people!) The major concern for contact-tracing efforts is privacy. Apple and Google say they're focusing on user privacy, which is great to hear (the usual security-person skepticism applies here, of course).
They said that “apps using their contact tracing application programming interfaces (APIs) must be made by or for the use of government health authorities; users must be opt-in only and shall consent before sharing a positive test result; gathered information is only for use for COVID-19 exposure information, so cannot be used for advertising or any other purposes; and the companies have pledged to discontinue the use of the system once the crisis has passed."
Have you heard about the latest attempts to compromise HPC facilities? The first set of compromised servers appear to be used in a second attack, which may be related to crypto mining exploits. A point I found salient was that because researchers may have logins to multiple HPC clusters at various institutions, password reuse and password-less SSH keys are enabling compromises on those multiple clusters. The article includes a Yara rule to detect the loader and the cleaner.
There are some vulnerabilities in WordPress that can affect common LMS plugins LearnPress, LearnDash, and LifterLMS. Some of the vulnerabilities include stealing payment information, privilege escalation, changing grades, and getting tests and answers before they're made available by the instructors. WordPress vulnerabilities are pretty common, so please remember to update your installs for these plugins and any others.
Your FYI link of the month is an interesting story of caller ID spoofing, automated credit card phone access systems, and attempted obfuscation via flooding. The victims here knew to verify suspicious calls with the bank but didn't expect The Bad Guys to be using MITM to spoof both the call with them, and a concurrent call with the bank. Notably, the credit card company employee wasn't aware of caller ID spoofing and how it can be used against them!