Education and Academia


  • Data of over 20,000 staff, students at Chinese University of Hong Kong stolen after school server hacked

    June 14, 2024

    The personal data of over 20,000 Chinese University of Hong Kong (CUHK) staff and students has been stolen after a server at one of the institution’s schools was hacked. The server of an online learning system used by CUHK’s School of Continuing and Professional Studies (CUSCS) was hacked on June 3, the school announced in a ...

  • Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies

    June 5, 2024

    Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...

  • Western Sydney University staff, students caught in cyber attack

    May 21, 2024

    About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files. WSU says they have not ...

  • Two Santa Cruz students uncover security bug that could let millions do their laundry for free

    May 17, 2024

    A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world. Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw. Read more… Source: ...

  • SugarGh0st RAT Used to Target American Artificial Intelligence Experts

    May 16, 2024

    Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically ...

  • Thousands affected by cyber attack on Hong Kong college

    May 10, 2024

    Over 8,000 students of a private vocational college have been affected by a cyber attack, the privacy watchdog said on Friday. The Hong Kong College of Technology said its information technology network and file server were hacked in February. A ransomware group is believed to have got hold of 450GB of the college’s data and the ...

  • Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files

    April 26, 2024

    Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...

  • Universities Boost Spending to Curb Cyber Attacks

    April 25, 2024

    Higher education institutions have increased their cybersecurity budgets as more universities fall prey to cyber attacks, Moody’s Investor Service says in a report. The bond ratings agency reports that higher education institutions allocating a portion of their budget to cybersecurity increased more than 70 percent from 2019 to 2023. Despite the new spending jump, universities still ...

  • Singapore: Personal information of parents, staff at 127 schools accessed in data security breach

    April 20, 2024

    A data breach at one of its vendors has resulted in the “unauthorised access” of names and email addresses of parents and staff from five primary and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19). MOE said it was notified by Mobile Guardian that its user management portal had been breached ...

  • Cybercrime Atlas: International effort to disrupt cybercrime moves into operational phase

    March 14, 2024

    The Cybercrime Atlas, a massive undertaking that aims to disrupt cybercriminals across the globe, enters its operational phase in 2024, two years after organizers laid the groundwork at the RSA Conference.… Its members now include 20-plus law enforcement agencies, private-sector security companies and incident responders, financial institutions, NGOs, and academics. Over the past year, the investigations ...

  • #StopRansomware: Phobos Ransomware

    February 29, 2024

    The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open source reporting. Phobos is structured as a ransomware-as-a-service ...

  • The Building Resilience to Cognitive Warfare Technical Exchange Meeting

    February 23, 2024

    In September 2023, MITRE hosted a Technical Exchange Meeting (TEM) titled Building Resilience to Cognitive Warfare with participants from MITRE, the Department of Defense, and the Australian Defense Force, whic h focused on securing the cognitive domain, including identifying national-level partnerships and innovation opportunities. This paper explores the emerging importance of cognitive security in the face ...

  • Cambridge faces cyber attack

    February 19, 2024

    The University faced a cyberattack yesterday (20/02), which is affected internet and services across multiple UK higher education institutions. Students at various colleges were notified of the attack, which affected access to IT services such as CamSIS and Moodle. An internal email revealed that the incident was a Distributed Denial of Service (DDoS) attack, described as ...

  • Philippines: Department of Education checking data breach after hacking

    February 14, 2024

    The Department of Education (DepEd) is examining its systems for possible data breaches after reports of hackers allegedly harvesting 750 gigabytes of data containing sensitive information on banking details, students, teachers and more. DeepWeb Konek, a collective of cybersecurity practitioners, reported yesterday morning on X that it monitored a post by a “threat actor” in the ...

  • Series of cyber attacks risks sensitive data at New Jersey schools, hospitals

    January 30, 2024

    Class was canceled Monday across the Freehold Township school district, but not for the familiar January troubles of slushy roads, frozen pipes or a busted boiler. No, this was “a cybersecurity event” that ground school business to a halt. District officials disclosed little about what happened, assuring parents in an email they “retained outside IT expert consultants ...

  • Carnegie Mellon University hit by cyberattack, informs 7,300 people possibly affected

    January 19, 2024

    Carnegie Mellon University informed about 7,300 people that their personal information may have been compromised in an August cyberattack that was quietly investigated by law enforcement and the university. The breach impacting one of the nation’s top schools for computing was acknowledged by the university as higher education in general faces a growing assault by digital ...

  • New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

    January 17, 2024

    Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...

  • Alleged FruitFly malware creator ruled incompetent to stand trial

    January 16, 2024

    On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began working with the FBI, who determined that the ...

  • Thailand: Elderly to get anti-scam education as cybercrime explodes

    January 10, 2024

    Alarmed by research indicating that the elderly are the most vulnerable to fraudsters, Thailand’s Ministry of Social Development and Human Security and CIB cybercrime investigators will collaborate with partners to provide digital literacy to senior people nationwide. The minister, Varawut Silpa-archa, stated that more than 13 million people, or almost 20% of the Thai population, are ...

  • The sound of you typing on your keyboard could reveal your password

    December 12, 2023

    As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to ...