Information Security & Privacy Updates & Patches
The Information Security and Privacy Office routinely monitors reports of new vulnerabilities along with information from intelligence sources and the New School community. Summaries of recent reports are listed below. Click on the links provided to learn more.
If you have questions related to information security and/or privacy, please contact the Information Security & Privacy Office at ispo@newschool.edu.
Recent News, Updates & Patches
- 10/11/2024 - Malicious QR code cyberattacks target education sector, Microsoft report shows
Microsoft says its products blocked more than 15,000 emails each day that targeted the education sector with phony QR codes. Source: EDScoop - 7/9/2024 - New cyberattack targets iPhone Apple IDs
A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals' Apple IDs in a "phishing" campaign, security software company Symantec said in an alert Monday. Cyber criminals are sending text messages to iPhone users in the U.S. that appear to be from Apple, but are in fact an attempt at stealing victims' personal credentials. Source: CBSNews - 3/27/2024 - Apple users targeted by incredibly annoying 'Reset Password' attack
Some Apple users are reportedly being targeted by a sophisticated attack, requesting them to hand over their Apple ID credentials over and over again. According to KrebsonSecurity, the attack starts with unsuspecting Apple device owners getting dozens of system-level messages, prompting them to reset their Apple ID password. If that fails, a person pretending to be an Apple employee will call the victim and try to convince them into handing over their password. Source: Mashable - 1/23/2024 - Mother of all Breaches – A Historic Data Leak Reveals 26 Billion Records: Check What’s Exposed
Cybersecurity researcher Bob Dyachenko and the CyberNews team have uncovered what is believed to be the largest data leak ever, named the Mother of all Breaches (MOAB). This supermassive leak comprises an astonishing 12 terabytes of information, spanning over 26 billion records from various previous breaches, making it likely the largest compilation of multiple breaches (COMB). While duplicates are possible among the 26 billion records, the dataset is extensive and includes sensitive information beyond credentials. Source: Security Affairs - 10/2/2023 - Google fixed another critical zero-day vulnerability, CVE-2023-5217
Google fixed another critical zero-day vulnerability, CVE-2023-5217, in Google Chrome 117.0.5938.132 for Windows, Mac and Linux users. The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google and the Alliance for Open Media (AOMedia). Libvpx v1.13.1, with fixes for CVE-2023-5217 and CVE-2023-44488 (an issue with VP9 in libvpx before 1.13.1 that can lead to a crash related to encoding), has been released.