A new Office 356 attack, librarians versus LinkedIn and patch this software.
Welcome to Cyber Security Today. It’s Wednesday July 24th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
I told you on Monday that organizations using the Microsoft Office 365 business suite are common targets for criminals. Here’s the latest way attackers are trying to get in: By tricking the suite’s email administrators. According to the news site Bleeping Computer, attackers are emailing out fake Office 356 alerts. These alerts may be about alleged issues that require an administrator’s immediate attention such as a problem with the mail service, payment or unauthorized access. The message includes a link where the administrator can log in. This, of course, is a trick for capturing the administrator’s username and password. Don’t be fooled by messages like this. If you have to log into a site, don’t do it by clicking on a link in an email or text message. Go to the web site yourself through your browser by typing the address or with a link you’ve bookmarked the usual way you log in. That advice goes for anyone.
It isn’t often that the American Library Association, which represents U.S. public libraries, gets upset. But according to the news site ZDNet, the association is complaining about LinkedIn’s upcoming login change for those who want to access the online site called Lynda.com, which hosts many video instruction courses, from public libraries. LinkedIn bought Lynda.com several years ago. Now the site is called LinkedIn Learning. Right now those who want to access the site from a public library have to enter their library card number and a PIN number when they log in. But that will change later this month, when public library users will have to create and login with a LinkedIn profile. The library association complains library users will have to disclose their full name and email address to LinkedIn to get access. LinkedIn says the change is to better authenticate users and prevent fraud. It notes that users can set their LinkedIn profile so it isn’t publicly seen.
If you want an idea of how fast hackers work here’s an example: Two weeks ago a software company called Atlassian announced an update to fix a vulnerability in its Jira project tracking software. In the few days since then hackers have been trying to exploit that vulnerability before it’s patched. So IT administrators whose companies use Jira are warned.
Here’s another warning to IT and website administrators: If your organization uses the ProFTDP open-source FTP server, install the latest security patch. It fixes a serious vulnerability that could allow an attacker to copy files on the FTP server.
Finally, Apple users should be on the lookout for security updates. A bunch of them have been issued for the iOS and Mac operating systems, as well as for tvOS, used in Apple TV media players, and watchOS, used in Apple Watches.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.