While cyber adversaries aspire to rob netizens of their credentials and monetary assets, much progress is also occurring in the cybersecurity realm. This week’s headlines highlight some significant cybersecurity measures that organizations are adopting to tackle the menace of cyber attacks.

Are Cyber Security Institutes the Next Big Revolution?

Marshall University has recently launched its Cyber Security Institute. The university envisions creating an academic and research-based institute that facilitates cybersecurity-related programs. Jerome Gilbert, the Marshall President, says that having a space to teach and research cybersecurity will help them expand and strengthen their position in the cyber arena.

This new cybersecurity institute will reportedly address the emerging email security needs and create cyber-conscious citizens. Housed at Marshall University’s Applied Engineering Complex, the new department will help students take up cybersecurity as a career option by bringing them in contact with the top cybersecurity experts in the region.

 

Iran Suspects US and Israel of Targeting its Fuel Stations

It has been over a decade since Iran’s nuclear program was targeted by a computer virus, and since then, Iran has not shared very good cyber relations with the United States and Israel. Once again, its fuel distribution at 3,200 service stations has been disrupted by a cyberattack, and Iran believes it to be a work of its arch-foes Israel and the United States. An Iranian General claims that this recent attack looks very similar to previous attacks (the Shahid Rajaei port and the railway accident) on the nation’s systems launched by its enemies Israel and the United States. While the Shahid Rajaei port attack took place in May 2020, the computer systems of Iran railways were hacked in July 2021.

The recent attack at service stations disrupted the distribution of petrol and caused traffic jams on major Tehran routes. As part of its cybersecurity measures, the oil ministry had to bring the service stations offline and distribute petrol manually. The Iran government accuses the adversaries of trying to turn Iranians against the government by disrupting its services. As many as 3,200  of the 4,300 service stations had a service failure because of this breach.

 

Europol Arrests Twelve Cybercriminals

Europol recently arrested 12 individuals associated with cybercrime activities. Reportedly, these adversaries have targeted over 1,800 individuals in 71 countries so far. Europol has confiscated over $52,000 in cash and five luxury cars from the 12 accused. Currently, their devices are undergoing forensic analysis. Europol revealed that this arrest comes after a two-year investigation involving threat actors from various cybercriminal groups across the world.

Although the law agency has not revealed much about the nature of attacks led by these arrested cyberattackers, it is known that they usually target large businesses. The accused can be called high-value targets as they are on the radar of law enforcement across jurisdictions.

 

Sydney-based Man Penalised for Credentials Theft

A Sydney-based individual was recently penalized by the Australian Federal Police (AFP) for stealing the log-in credentials of streaming service customers. The culprit is to pay an AUD 1.66 million penalty for stealing the usernames and passwords of customers’ Netflix, Hulu, and Spotify accounts. Reportedly, the Sydney-based culprit teamed up with another individual to give shape to this credential theft. They later sold the stolen details at a cheaper rate online.

The FBI had notified the AFP (back in 2028) of a now-defunct website selling stolen account credentials called wickedgen.com. This website was also selling the details of Australian and global Netflix, Hulu, and Spotify users. The Sydney culprit was the primary beneficiary of this and three other credential selling websites. This threat actor had over 150,000 registered users who came to him to access these streaming services illegally.

In October last year, this Sydney-based individual pleaded guilty to stealing log-in credentials. The AFP’s Criminal Assets Confiscation Taskforce (CACT) got restraining orders over his fake PayPal, cryptocurrency, and bank accounts. AUD 1.2 million of the AUD 1.66 million collected from him was procured in cryptocurrency. The AFP said that the Department of Home Affairs plans to redistribute these funds to support law enforcement, crime prevention, and community-safety-related cybersecurity initiatives. The culprit and his ally are likely to face a twenty-six months prison sentence.

 

Microsoft to Invest in Training Community College Students in Cybersecurity

Microsoft Corp (MSFT.O) has recently announced that it plans to invest in community colleges throughout the United States and fill  250,000 hitherto cybersecurity jobs. This massive goal of educating, training, and hiring cybersecurity professionals shall be implemented over the next four years.

Microsoft will extend its financial aid to students, provide teacher training and free materials at over 150 community colleges across the US. Microsoft’s president Brad Smith revealed that the company plans to invest tens of millions of dollars in this new initiative. This move comes after some severe cyberattacks (including the SolarWinds attack) have targeted the US. In August this year, Joe Biden had met Microsoft and other renowned tech companies to discuss the nation’s security position. Microsoft perceives this new move as the much-needed solution to the massive number of cyberattacks targeting its customers. It believes that these attacks can be mitigated or prevented with a bit of expertise in cybersecurity. These cybersecurity jobs pay well (over $105,000), and a lot of these job positions remain unfilled. Microsoft hopes to make a significant difference in the number of unfilled cybersecurity job positions by training students.

 

Google Fixes Several Critical Flaws in its November Update

Google’s monthly security update for Android is out, and it fixes 39 flaws this month. Six zero-day vulnerabilities have been patched, which include the use-after-free vulnerability (dubbed as CVE-2021-1048). Adversaries could conduct a local privilege escalation attack and execute arbitrary codes to access victim systems if they were to exploit these vulnerabilities. Cybersecurity experts believe this bug is already being exploited and warn users of the same in Google’s November advisory.

In addition, two other critical remote code execution (RCE) vulnerabilities — CVE-2021-0918 and CVE-2021-0930 have been patched. This is along with the patches for two critical flaws in Qualcomm closed-source components —

CVE-2021-1924 and CVE-2021-1975. On the whole, the November security update fixes some severe issues in Android Systems. These also include a critical flaw in Android TV (dubbed as CVE-2021-0889) that lets adversaries execute arbitrary code on users’ TV without any user interaction. Users are advised to get the November patch at the earliest.

Pin It on Pinterest

Share This