Reading Time: ~ 2 min.

Vulnerability Exposes Dozens of U.S. Colleges

At least 62
U.S. colleges
have been compromised after an authentication vulnerability
was discovered by hackers, allowing them to easily access user accounts. At several
of the compromised colleges, officials were tipped off after hundreds of
fraudulent user accounts were created within a 24-hour period. The
vulnerability that was exploited stemmed from a Banner software program that is
very widely used by educational institutions; however, many colleges had
already patched the flawed software versions and so were unaffected.

Data Breach Affects Lancaster University Applicants

Officials recently announced that a data breach compromised
the personal records of all 2019 and 2020 applicants of Lancaster
University
. Additionally, some applicants have been receiving fraudulent tuition
invoices, which the University recommends recipients delete immediately. The
breach occurred sometime on Friday, and University officials quickly began
contacting the affected parties and securing their IT systems.

Facebook to Pay $5 Billion in FTC Fines

Nearly a year after the Cambridge Analytica discovery, the FTC
has issued a record fine of $5 billion to be paid by Facebook in recompense for
their deceitful use of the private information from their hundreds of millions
of their users. The staggering sum Facebook must pay sets a strong incentive
for all industries to handle their customers’ sensitive data with the
appropriate security and care, and also to address follow-up actions in the
wake of a breach more adequately than Facebook did.

Remote Android Trojan Targets Specific Victims

A new remote-access Trojan, dubbed Monokle,
has been spotted working through the Android™ community with a laundry list of
dangerous capabilities, most of which are designed to steal information from the
infected devices. To make Monokle even more dangerous, it can also install
trusted certificates that grant it root level access and near total control
over the device.

Fake Browser Update Distributes TrickBot

As TrickBot
continues its multi-year streak of mayhem for computer systems and sensitive
information, criminals created a new set of fake updates for the Google™ Chrome
and Mozilla™ Firefox browsers that would push a TrickBot download. The updates appear
to have originated at a phony Office365 site that does give users a legitimate
link to a browser download, though it quickly prompts the user to install an
update which installs the TrickBot executable.

The post Cyber News Rundown: Hackers Expose US Colleges appeared first on Webroot Blog.