There's never a dull week in ThreatWatch.
Online life moves pretty fast. If you don't follow ThreatWatch, you could miss it.
Security researchers identified about 14 million email addresses and passwords from more than 300 U.S. universities—a sharp increase from the just shy of 3 million available last year.
Research from Digital Citizens Alliance and ID Agents found credentials going for $3.50 to $10 each from schools including University of Michigan, Penn State, University of Minnesota, Carnegie Mellon University and Cornell University, said a Dark Reading report. Researchers couldn’t verify whether the accounts were valid, but identified some were spoofed or phony.
The increase, researchers said, is likely because of the high number of megabreaches at other sites where students, faculty and alumni used their dot-edu addresses to register.
Hackers want dot-edu addresses for phishing schemes to access other university systems and to unlock student discounts.
Health care organizations that use anonymous file transfer protocol servers need to be on guard, according to a recent FBI cyber bulletin.
Attackers are trying to access files on anonymous FTP servers to find sensitive information—personal or health oriented—to “intimidate, harass and blackmail business owners,” the bulletin said. Not only could attackers mine the servers for data, they could plant malware for future schemes.
Anonymous FTP servers allow people access to files without authentication or by using generic user names and passwords. Generally, sensitive data shouldn’t be stored in them anyway, but security isn’t always a business’ primary concern. Smaller medical and dental companies often run older, and potentially poorly secured, technology, Dark Reading reported.
The bureau recommends organizations’ IT staffs identify any anonymous FTP servers on their networks and determine whether they should still be used. If so, the staffs should make sure no sensitive information is housed within them.
The Hong Kong government reported two laptops holding the personal information of 3.7 million registered voters and 1,200 electors went missing from an election location.
The Registration and Electoral Office filed a police report Monday for the laptops, which were stored at a backup location for the chief executive election that took place Sunday, South China Morning Post reported. Though officials said the data is encrypted, it could include voters’ names, ID numbers, addresses and cellphone numbers.
Hong Kong’s privacy office in a statement said it would review the incident.