Schools
put on high alert for JBoss ransomware exploit
More than 2,000 machines at
schools and other organizations have been infected with a backdoor in unpatched
versions of JBoss that could be used at any moment to install ransomware such
as Samsam.
That's according to Cisco's Talos threat-intelligence
organization, which on Friday announced
that roughly 3.2 million machines worldwide are at risk.
Many of those already infected run Follett's Destiny
library-management software, which is used by K-12 schools worldwide.
"Follett identified the issue and immediately took
actions to address and close the vulnerability," the company told Cisco.
… Governments and
aviation companies are also among the organizations affected, Cisco said.
There must be a database of unsupported software somewhere
that we could match to what we have installed.
If not, let’s create one.
Here's why
US is urging Windows users to uninstall Quicktime
… The US Computer
Security Readiness Team (CERT) on Thursday issued an alert after Trend Micro
put out word that Apple will no longer be updating defenses
in QuickTime and that two vulnerabilities in the program could be exploited by
hackers.
"Exploitation of QuickTime for Windows vulnerabilities could allow
remote attackers to take control of affected systems," CERT said in the
alert.
"The only mitigation available
is to uninstall QuickTime for Windows."
A “backgrounder” for my Computer Security students.
When a
nation is hacked: Understanding the ginormous Philippines data breach
I usually don’t talk about “pending” law because it
changes so frequently.
James Anderson reports:
Colorado lawmakers are moving to enact what is
billed as one of nation’s toughest student privacy laws at a
time when unscrupulous data collectors can identify youths by their keystrokes
in typing class and sell their information.
[…]
The House on Thursday unanimously
backed a bill
that defines at what point data accumulated by in-class programs can identify
students. The legislation from Reps. Paul
Lundeen and Alec Garnett requires companies to destroy, not
just delete, that information, unless authorized by contract to keep it. Deleted data can be traced and retrieved, the
lawmakers say.
Read more on The
Daily Reporter.
Not surprisingly, perhaps, the Software Information
Industry Association is urging lawmakers not to enact such strong legislation
and to do what other states have done:
Existing laws, contracts and a
privacy pledge adopted by the trade group’s members ensures data privacy, said
Brendan Desetti, director of education policy. The Federal Trade Commission can enforce the
pledge, he said.
Oh, puhleese – like the short-on-resources FTC is really
going to enforce student data protection laws if companies violate any pledges?
Yes, the FTC would have authority to do
so, but would they? Better to have
strong state laws that states enforce, I think.
Good customer service?
Sorry,
Kids: No More iTunes Allowances for You
Apple issued a Support Page update on Wednesday, announcing that
it was turning off its iTunes Allowances feature. Starting on Thursday, parents will not be able
to open new accounts. Those who have
existing allowances will see their accounts canceled.
No comments:
Post a Comment