BU-CERT – Page 7 – Bournemouth University Computer Emergency Response Team

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)

Posted on 15 April 2021

From Census Labs

CENSUS has been investigating for some time now the exploitation potential of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.

Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More

Posted on 9 April 2021

From wizcase.com

At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed by the platform administrators.

Analysis of the Emotet campaign – Fall 2020

Posted on 12 November 2020

From neurosoft.gr

Emotet is considered to be among the top malware threats, primarily spreading through emails and specifically using the email thread hijacking approach. In this latest report, researchers from University of Piraeus, Athena Research Center and Neurosoft have dissected the malware and conducted an in depth analysis of the Emotet campaign.

7,500 educational organizations hacked, access being sold on Russian hacker forums

Posted on 9 November 2020

From cybernews.com

RDP access sold on Russian hacker forums

Network access to 7,500 organizations is being sold by a threat actor on multiple Russian hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also appears to include access to corporate networks from other verticals, such as entertainment and the bar industry.

State in India Leaves Data From Covid-19 Surveillance Tool Open, Risking Safety for Millions of People Across the Country

Posted on 22 September 2020

From vpnmentor.com

In a technical report prepared by vpnmentor, it was revealled that a surveillance platform built to track and trace COVID-19 patients in India has been compromised due to a lack of data security protocols that inadvertently left access to the platform wide open, along with exposing the data of millions of people from across India.

Named “Surveillance Platform Uttar Pradesh Covid-19”, the software appears to have been built by the regional government of Uttar Pradesh, a state of India.

Privacy concerns on COVID-19 contact tracing applications

Posted on 1 May 2020

We have recently joined over 170 UK researchers and scientists by undersigning a statement enquiring about the contact tracing app developed by NSHX in the UK. Given that UK is among the most surveilled nations, we raise our concerns on the impact such initiative will have in the long run. The European Commission has already issued a recommendation on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile applications and the use of anonymised mobility data.

The joint statement is available here.

Think before filling in that convenient flight refund form with all your delicious details – there’s a scam going about

Posted on 17 April 2020

From theregister.co.uk

Email ruse preying on COVID-19 fears sends data to crims, warns Mimecast.

Email security biz Mimecast has warned of a flight refund scam doing the rounds amid a general uptick in coronavirus-related online crime.

The scam itself is very simple and relies on current fears, some real, that airlines are reluctant to give refunds to customers who cannot fly because of the global coronavirus shutdown.