We would like to thank lacroute serge who reported a security issue and contributed to the improvement of the security of one of our services.
BU-CERT News
Elevated phishing activity at BU
For the past couple of days BU has been targeted through spear phishing emails. Users should be alert on any emails coming from student accounts with a subject related to academic activities (projects, guest lecturers, etc.)
TV licensing suffers data breach
Following this statement from tvlicensing.co.uk, customers who used their services to pay for their tv licensing fees between 29 August until around 3.20pm on 5 September 2018 may have their details compromised. The company reports that this was due to a technical update and during that period the transactions were not as secure as intended.
Weakness in WhatsApp Enables Large-Scale Social Engineering
From darkreading.com
Researchers at Check Point Software Technologies say they have discovered a dangerous weakness in the WhatsApp messaging app that gives threat actors a way to manipulate content in private and group conversations on the platform without raising any red flags.
The security vendor this week published a report demonstrating how an adversary could exploit the issue to change the identity of a message sender, alter the text of message replies, and send private messages spoofed as a public message to individual participants in a group.
More information here
Shrug ransomware victim? Here’s how to retrieve your locked files for free
From zdnet.com
A new form of ransomware is being distributed through drive-by attacks, but victims can retrieve their locked files for free due to mistakes in the attack’s code.
Shrug ransomware first appeared in the wild on July 6, and comes embedded in fake software and gaming apps. Those who get tricked into downloading and running the file-encrypting malware are met with an extensive and mocking ransom note penned by an attacker calling themselves Martha.
More information here
Critical Flaws in PGP and S/MIME Tools – Immediately disable tools that automatically decrypt PGP-encrypted email
From securityaffairs.co
Researchers found critical vulnerabilities in PGP and S/MIME Tools, immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.
If you are one of the users of the email encryption tools Pretty Good Privacy and S/MIME there is an important warning for you.
A group of European security expert has discovered a set of critical vulnerabilities in PGP and S/Mime encryption tools that could reveal your encrypted emails in plain text, also the ones you sent in the past.
More information here
baseStriker: Office 365 Security Fails To Secure 100 Million Email Users
From avanan.com
We recently uncovered what may be the largest security flaw in Office 365 since the service was created. Unlike similar attacks that could be learned and blocked, using this vulnerability hackers can completely bypass all of Microsoft’s security, including its advanced services – ATP, Safelinks, etc.
The name baseStriker refers to the method hackers use to take advantage of this vulnerability: splitting and disguising a malicious link using a tag called the <base> URL tag.
So far we have only seen hackers using this vulnerability to send phishing attacks, but but it is also capable of distributing ransomware, malware and other malicious content
More information here.